Re: Stored passwords on stolen laptop

From: Bruce Chambers (bruce_a_chambers_at_h0tmail.com)
Date: 01/12/05

• Next message: Bruce Chambers: "Re: changing the name in C:\documents and settings folder"
• Previous message: Lanwench [MVP - Exchange]: "Re: changing the name in C:\documents and settings folder"
• In reply to: Zed_at_hotmail.com: "Stored passwords on stolen laptop"
• Next in thread: poker_pro_at_hotmail.com: "RE: Stored passwords on stolen laptop"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 11 Jan 2005 19:46:42 -0700

Zed@hotmail.com wrote:
> We recently had a notebook stolen. How many domain passwords does a XP pro
> client store.

        By default, WinXP will store a maximum of 10 sets of cached domain
credentials. This number, however, can be raised to the absolute
maximum of 50 by means of a simple registry edit.

> How secure are those passwords?

        The passwords are not at all secure, as you've lost physical control of
the computer. It takes only a few seconds and Google to find many
password-cracking utilities on the Internet.

. I would be hard pressed to
> remember how domain users have used that notebook. Do I need to have
> everybody reset their passwords?
>

        That would certainly be best, if you want to be reasonably confident of
maintaining your domain's security. If you use a standard password for
the local Administrator account on each machine, don't forget to change
that, as well. Also, if you follow the common practice of renaming that
built-in local Administrator account, you should probably come up with a
new name.

-- 
Bruce Chambers
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on having 
both at once. - RAH

---

• Next message: Bruce Chambers: "Re: changing the name in C:\documents and settings folder"
• Previous message: Lanwench [MVP - Exchange]: "Re: changing the name in C:\documents and settings folder"
• In reply to: Zed_at_hotmail.com: "Stored passwords on stolen laptop"
• Next in thread: poker_pro_at_hotmail.com: "RE: Stored passwords on stolen laptop"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Different Windows 2000 and OWA passwords?? ... >of my head however. ... >I don't like that the Users Windows 200 domain passwords ... >are the same as their owa/mailbox passwords. ... (microsoft.public.exchange.admin) Re: Domain login and workgroup login ... dependent on the admin of the non-domain server to manually sync their ... server passwords with their domain passwords. ... procedure for users to be required to reveal their domain passwords to ... I already know the proper way. ... (microsoft.public.windows.server.general) Stored passwords on stolen laptop ... How many domain passwords does a XP pro ... client store. ... How secure are those passwords? ... (microsoft.public.windowsxp.security_admin) Re: Stored passwords on stolen laptop ... Those passwords are compromised. ... Inform or initiate password change for everyone. ... How many domain passwords does a XP pro ... > everybody reset their passwords? ... (microsoft.public.windowsxp.security_admin) RE: Remote Web Access Credentials stored where? ... > site with another User credentials in your client computer. ... The client in question is not yet joined to the SBS domain. ... Under Advanced is a Manage Passwords button which opens ... I can login as any SBS ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)