On Tue, May 7, 2013 at 3:18 AM, David Kean <david.k...@microsoft.com> wrote:
> And by that, I mean it sounds like it gets notifications from AD, not > just from the local machine. > You would think so - but it definitely does not appear to get them as a part of a reset from a password change as a part of an RRAS dial in. Maybe the change notification relies on the client being online (which it cannot be by definition if the password is reset as a part of dialing into the domain) ... ? David. > **** > > ** ** > > *From:* David Kean > *Sent:* Monday, May 6, 2013 10:06 AM > *To:* ozDotNet > *Subject:* RE: Windows forgetting app passwords**** > > ** ** > > DPAPI is supposed to handle password changes and resets: > http://support.microsoft.com/kb/309408#7.**** > > ** ** > > *From:* ozdotnet-boun...@ozdotnet.com [ > mailto:ozdotnet-boun...@ozdotnet.com <ozdotnet-boun...@ozdotnet.com>] *On > Behalf Of *mike smith > *Sent:* Monday, May 6, 2013 2:53 AM > *To:* ozDotNet > *Subject:* Re: Windows forgetting app passwords**** > > ** ** > > On Mon, May 6, 2013 at 7:08 PM, David Connors <da...@connors.com> wrote:** > ** > > On Mon, May 6, 2013 at 7:06 PM, mike smith <meski...@gmail.com> wrote:*** > * > > It'd be storing the hashed user/pw that gets sent off for > authentication, or it should. Then when you change your pw on the domain, > the hash no longer works. Insecure if anyone else touches your computer, > and you can't make that assumption in a work environment?**** > > ** ** > > See my next post on the thread. DSAPI is the issue - or rather - whoever > designed it didn't consider that your password might get changed at places > other than on your local PC. Fail.**** > > ** ** > > David.**** > > > I really wouldn't want something like DPAPI to be able to work across > multiple machines. The idea is what is the fail. Hooking a pw change? > YUK! > **** > > ** ** > > -- > Meski**** > > http://courteous.ly/aAOZcv**** > > > "Going to Starbucks for coffee is like going to prison for sex. Sure, > you'll get it, but it's going to be rough" - Adam Hills**** >