Home > Uncategorized > Keep SAM under control, he won’t do it himself

Keep SAM under control, he won’t do it himself

The SAM DB can be pretty easily hackable, especially if it’s stored on a partition that isn’t encrypted.

So in order to keep entries that are cached in the local SAM to a minimum, you can use the following key value

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon CachedLogonsCount (REG_SZ)

It’s always good to encrypt all partitions, but if not, then I suggest you keep this entry to 0. This stops any domain creds from being stored locally, and always forces authentication against AD.  And for those interns that like to hack, I set it to 1, so that I don’t get asked why logons on slow.

By the way, the default is 10.  Why would anyone need 10 cached logons?!  Absurd!  (it’s probably answered in an Old New Thing post, you hear this Raymond Chen?!)

reference

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: