Re: Cached credentials - how to detect via code?
From: Lion Shi (lionshi_at_online.microsoft.com)
Date: 09/22/03
- Next message: Ohaya: "Re: IIS CRL Checking is really driving me crazy!!"
- Previous message: Cuppens Peter: "Re: DCOM & CryptoAPI"
- In reply to: Chuck Chopp: "Re: Cached credentials - how to detect via code?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Sep 2003 09:52:13 GMT
Hello Chuck,
Thanks for sharing your work around with others. You are right, sometimes
we should consider other ways than API :)
Best regards,
Lion Shi [MSFT]
MCSE, MCSD
Microsoft Support Engineer
Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. 2003 Microsoft Corporation. All rights
reserved.
--------------------
| Date: Fri, 19 Sep 2003 12:09:50 -0400
| From: Chuck Chopp <ChuckChopp@rtfmcsi.com>
| Reply-To: ChuckChopp@rtfmcsi.com
| Organization: RTFM Consulting Services Inc.
| User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
Gecko/20030624
| X-Accept-Language: en-us, en
| MIME-Version: 1.0
| Subject: Re: Cached credentials - how to detect via code?
| References: <OsSJRt#eDHA.3268@tk2msftngp13.phx.gbl>
<yfKfUzTfDHA.2632@cpmsftngxa06.phx.gbl>
| In-Reply-To: <yfKfUzTfDHA.2632@cpmsftngxa06.phx.gbl>
| Content-Type: text/plain; charset=us-ascii; format=flowed
| Content-Transfer-Encoding: 7bit
| Message-ID: <uaEO1hsfDHA.956@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.platformsdk.security
| NNTP-Posting-Host: adsl-78-164-23.gsp.bellsouth.net 216.78.164.23
| Lines: 1
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.platformsdk.security:2450
| X-Tomcat-NG: microsoft.public.platformsdk.security
|
| Lion Shi wrote:
| > Hello Chuck,
| >
| > I am afraid there is no way to do that. It is totally handled by the OS
| > internal, and we do not have a chance to detect it :(
|
|
| OK, here's a work around to the problem of detecting whether or not
cached
| credentials were used to perform a logon to a workstation. The
environment
| variable LOGONSERVER will show the name of the local workstation instead
of
| a DC in the domain if cached credentials were used to perform the logon.
|
|
| --
| Chuck Chopp
|
| ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com
| ICQ # 22321532
| RTFM Consulting Services Inc. 864 801 2795 voice & voicemail
| 103 Autumn Hill Road 864 801 2774 fax
| Greer, SC 29651 800 774 0718 pager
| 8007740718 (at) skytel (dot) com
|
| Do not send me unsolicited commercial email.
|
|
- Next message: Ohaya: "Re: IIS CRL Checking is really driving me crazy!!"
- Previous message: Cuppens Peter: "Re: DCOM & CryptoAPI"
- In reply to: Chuck Chopp: "Re: Cached credentials - how to detect via code?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
