RE: Cached credentials - how to detect via code?
From: Lion Shi (lionshi_at_online.microsoft.com)
Date: 09/17/03
- Next message: Chuck Chopp: "Re: Cached credentials - how to detect via code?"
- Previous message: kevin: "Get Admin to operate routing table temporarily"
- In reply to: Chuck Chopp: "Cached credentials - how to detect via code?"
- Next in thread: Chuck Chopp: "Re: Cached credentials - how to detect via code?"
- Reply: Chuck Chopp: "Re: Cached credentials - how to detect via code?"
- Reply: Chuck Chopp: "Re: Cached credentials - how to detect via code?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Sep 2003 16:56:15 GMT
Hello Chuck,
I am afraid there is no way to do that. It is totally handled by the OS
internal, and we do not have a chance to detect it :(
Best regards,
Lion Shi [MSFT]
MCSE, MCSD
Microsoft Support Engineer
Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. 2003 Microsoft Corporation. All rights
reserved.
--------------------
| Date: Mon, 15 Sep 2003 20:41:49 -0400
| From: Chuck Chopp <ChuckChopp@rtfmcsi.com>
| Reply-To: ChuckChopp@rtfmcsi.com
| Organization: RTFM Consulting Services Inc.
| User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
Gecko/20030624
| X-Accept-Language: en-us, en
| MIME-Version: 1.0
| Subject: Cached credentials - how to detect via code?
| Content-Type: text/plain; charset=us-ascii; format=flowed
| Content-Transfer-Encoding: 7bit
| Message-ID: <OsSJRt#eDHA.3268@tk2msftngp13.phx.gbl>
| Newsgroups: microsoft.public.platformsdk.security
| NNTP-Posting-Host: adsl-78-164-23.gsp.bellsouth.net 216.78.164.23
| Lines: 1
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.platformsdk.security:2326
| X-Tomcat-NG: microsoft.public.platformsdk.security
|
| If I have a Win2K/XP workstation that has been logged on to locally using
| cached credentials belonging to a domain account, is there any way that I
| can detect the fact that the credentials were cached and were not
actually
| authenticated by a DC in the domain?
|
|
| TIA,
|
| Chuck
| --
| Chuck Chopp
|
| ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com
| ICQ # 22321532
| RTFM Consulting Services Inc. 864 801 2795 voice & voicemail
| 103 Autumn Hill Road 864 801 2774 fax
| Greer, SC 29651 800 774 0718 pager
| 8007740718 (at) skytel (dot) com
|
| Do not send me unsolicited commercial email.
|
|
- Next message: Chuck Chopp: "Re: Cached credentials - how to detect via code?"
- Previous message: kevin: "Get Admin to operate routing table temporarily"
- In reply to: Chuck Chopp: "Cached credentials - how to detect via code?"
- Next in thread: Chuck Chopp: "Re: Cached credentials - how to detect via code?"
- Reply: Chuck Chopp: "Re: Cached credentials - how to detect via code?"
- Reply: Chuck Chopp: "Re: Cached credentials - how to detect via code?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
