Re: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised?
Understood. They exist in plain text inside the LSA Secrets memory process.
One would need to attack that to dump the entries. By default, one needs
SecDebugProcess right in order to do so, by default this is only granted to
Administrators. Which is why one needs to secure the local admin account
and all members of the Administrators to the best of their abilities.
.
Relevant Pages
- Re: Windows XP Sp2 - Unable to logon intecactively Remote dekstop
... > Administrators, ASPNET, Backup operators, everyone, power users, users ... > no entries ... > - Deny logon through Terminal Services (Your user/group should NOT be ...
(microsoft.public.windowsxp.work_remotely) - Re: Windows XP Sp2 - Unable to logon intecactively Remote dekstop
... >> Administrators, ASPNET, Backup operators, everyone, power users, users ... >> no entries ...
(microsoft.public.windowsxp.work_remotely) - Re: Windows installer V3
... was under Permissions for Administrators and system, there were two entries ... Check the settings by following the above steps, ...
(microsoft.public.windowsupdate) - Re: Windows installer V3
... was under Permissions for Administrators and system, there were two entries but labled "classes_root\clsid" and the other was "parentobject". ... the Permissions are inherited from here and are both Full and Read for Administrators and System ... Check the settings by following the above steps, ...
(microsoft.public.windowsupdate) - Re: Installing updates under restricted user account
... users (even if the user belongs to the local Administrators group). ... Click the Member Of tab. ... remove those other entries. ... torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx. ...
(microsoft.public.windowsupdate) |
|
