[ActiveDir] AD related? not really...
We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url="">
Re: [ActiveDir] AD related? not really...
Sysinternals has a free utility that will automate the process: http://www.sysinternals.com/Utilities/Autologon.html On 12/1/05, AD <[EMAIL PROTECTED]> wrote: We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url="">
RE: [ActiveDir] AD related? not really...
Thanks Mitch, Very interesting. The source code is different then the actual executable. I sending an email to the developer. Hopefully he will reply. You wouldn't know if it encrypts the password would you? Yves From: Mitch ReidSent: Thu 01/12/2005 10:57 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] AD related? not really... Sysinternals has a free utility that will automate the process: http://www.sysinternals.com/Utilities/Autologon.html On 12/1/05, AD <[EMAIL PROTECTED]> wrote: We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url="">
Re: [ActiveDir] AD related? not really...
It claims it does although I have not verified it. I suppose you could check the registry referenced in: http://support.microsoft.com/?kbid=315231 On 12/1/05, AD <[EMAIL PROTECTED]> wrote: Thanks Mitch, Very interesting. The source code is different then the actual executable. I sending an email to the developer. Hopefully he will reply. You wouldn't know if it encrypts the password would you? Yves From: Mitch ReidSent: Thu 01/12/2005 10:57 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] AD related? not really... Sysinternals has a free utility that will automate the process: http://www.sysinternals.com/Utilities/Autologon.html On 12/1/05, AD <[EMAIL PROTECTED]> wrote: We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url="">
RE: [ActiveDir] AD related? not really...
As I recall the tweakUI powertoy that can be downloaded from the microsoft.com web site will allow you to set autologon credentials that are encrypted as described below. Thanks, -Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mitch ReidSent: Thursday, December 01, 2005 2:25 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] AD related? not really... It claims it does although I have not verified it. I suppose you could check the registry referenced in: http://support.microsoft.com/?kbid=315231 On 12/1/05, AD <[EMAIL PROTECTED]> wrote: Thanks Mitch, Very interesting. The source code is different then the actual executable. I sending an email to the developer. Hopefully he will reply. You wouldn't know if it encrypts the password would you? Yves From: Mitch ReidSent: Thu 01/12/2005 10:57 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] AD related? not really... Sysinternals has a free utility that will automate the process: http://www.sysinternals.com/Utilities/Autologon.html On 12/1/05, AD <[EMAIL PROTECTED]> wrote: We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url="">
Re: [ActiveDir] AD related? not really...
Yes it encrypts the password ! I didn't see the password I entered into registry key mentioned in KB. -- KamleshOn 12/2/05, Mitch Reid <[EMAIL PROTECTED]> wrote: It claims it does although I have not verified it. I suppose you could check the registry referenced in: http://support.microsoft.com/?kbid=315231 On 12/1/05, AD <[EMAIL PROTECTED]> wrote: Thanks Mitch, Very interesting. The source code is different then the actual executable. I sending an email to the developer. Hopefully he will reply. You wouldn't know if it encrypts the password would you? Yves From: Mitch ReidSent: Thu 01/12/2005 10:57 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] AD related? not really... Sysinternals has a free utility that will automate the process: http://www.sysinternals.com/Utilities/Autologon.html On 12/1/05, AD <[EMAIL PROTECTED]> wrote: We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url=""> -- ~~~"Fortune and Love befriend the bold"~~~
