Re: Effect of "reversible encryption..." on Windows XP.

From: Datta (dattatrayamk_at_hotmail.com)
Date: 03/07/05


Date: Mon, 07 Mar 2005 18:21:00 +0530

Hi,

That is True. The passwords themselves are not stored, rather hashes are
stored. But, the hash in the registry remains same before and after
changing this setting. This makes me wonder, what the policy setting
changing?

Any idea?

Thanks in advance,
Datta.

Steven Umbach wrote:
> It should only be used if needed for to accommodate authentication methods that
> require it. Some remote access authentication methods such as chap require it.
> It weakens security quite a bit and would make it fairly easy for someone who
> has physical access to your computer to obtain your passwords. Normally
> passwords themselves are not stored - just a hash of the password is. The link
> below explains more. ---- Steve
>
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/505.mspx
>
> "Datta" <Datta@discussions.microsoft.com> wrote in message
> news:B1C8EE48-9ADC-4956-A3B1-1480329DF352@microsoft.com...
>
>>Hello,
>>
>>I was wondering what effect the policy setting "Store password using
>>reversible encryption for all users in the domain" has on Windows XP since it
>>does not support Active Directory and hence cannot contain any domain users.
>>I enabled it on my XP box using gpedit.msc and verfied using rsop.msc that
>>in the effective settings it is enabled. However, I fond that the password
>>hash present in registry is same irrespective of this setting. I also tried
>>creating new users after enabling/disabling the policy to check if the effect
>>is only on new users. I found that it has no effect what so ever on the way
>>passwords are stored internally in registry.
>>
>>Would some one help me understand, what this setting is meant for on Windows
>>XP?
>>
>>Kindly let me know if I am misinterpreting something.
>>
>>Thanks in advance.
>>
>>Regards,
>>Datta.
>
>
>