Re: SAM cracking
- From: Malke <notreally@xxxxxxxxxxxxxxx>
- Date: Fri, 23 Nov 2007 06:03:49 -0800
Guillaume wrote:
Hi, i work for a public school and i'm having problems with some students. It seems they love to boot from cd or from another partition, copy the SAM file and crack within a few minutes with rainbow tables for example. And it's really getting on my nerve! Is there a way in Windows XP SP2 to truly secur this SAM file??? By encrypting it or something? Apparently it is VERY easy to crack any Windows local account. So any help would be very appreciated!
Thanks in advance for everything!
You have not properly secured your workstations. I'm not saying this to hurt your feelings but since you didn't know to at least do #1 and #2 below, you might want to get a professional computer person on-site to go over your security and set you up correctly. This will not be your local version of BigComputerStore/GeekSquad.
Here is general security information. Not everything may be applicable to you so take the bits that are:
*****
Any computer running any operating system can be accessed by someone with 1) physical access; 2) time; 3) skill; 4) tools. There are a few things you can do to make it a bit harder though:
1. Set a password in the BIOS that must be entered before booting the operating system. Also set the Supervisor password in the BIOS so BIOS Setup can't be entered without it.
2. From the BIOS, change the boot order to hard drive first.
3. Set strong passwords on all accounts, including the built-in Administrator account.
4. If you leave your own account logged in, use the Windows Key + L to lock the computer (and/or set the screensaver/power saving) when you step away from the computer and require a password to resume.
5. Make other users Limited accounts in XP Home, regular user accounts in XP Pro.
6. Set user permissions/restrictions:
a. If you have XP Pro, you can set user permissions/restrictions with Group Policy (Start>Run>gpedit.msc [enter]) but be careful. Using the Policy Editor can be tricksy. Questions about Group Policy should be posted in its newsgroup: microsoft.public.windows.group_policy.
b. If you have XP Home, you can use MVP Doug Knox's Security Console or the MS Steady State.
http://www.dougknox.com
Steady State - http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx
Please understand that these are technical responses to what is basically a non-technical problem and there are ways around all of these precautions. This is a family/interpersonal issue that can't be solved by technical means.
*****
Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
.
- Follow-Ups:
- Re: SAM cracking
- From: Brian Komar
- Re: SAM cracking
- Prev by Date: Re: DVD Burner over Remote Desktop
- Next by Date: Re: Profile exists for deleted account
- Previous by thread: Re: DVD Burner over Remote Desktop
- Next by thread: Re: SAM cracking
- Index(es):
Relevant Pages
|
|
