List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] AD related? not really...

Prev Next

You are not authorized to post a reply.

Author

Messages

Posts:2

12/01/2005 3:23 AM
We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url="">

mreid

Posts:0

12/01/2005 4:07 AM
We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url="">

Posts:2

12/01/2005 5:33 AM
Thanks Mitch, Very interesting. The source code is different then the actual executable. I sending an email to the developer. Hopefully he will reply. You wouldn't know if it encrypts the password would you? Yves From: Mitch ReidSent: Thu 01/12/2005 10:57 AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] AD related? not really... Sysinternals has a free utility that will automate the process: http://www.sysinternals.com/Utilities/Autologon.html On 12/1/05, AD wrote: We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url="">

mreid

Posts:0

12/01/2005 9:06 AM
Thanks Mitch, Very interesting. The source code is different then the actual executable. I sending an email to the developer. Hopefully he will reply. You wouldn't know if it encrypts the password would you? Yves From: Mitch ReidSent: Thu 01/12/2005 10:57 AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] AD related? not really... Sysinternals has a free utility that will automate the process: http://www.sysinternals.com/Utilities/Autologon.html On 12/1/05, AD wrote: We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url="">

kamleshap

Posts:27

12/02/2005 8:32 AM
I didn't see the password I entered into registry key mentioned in KB. -- KamleshOn 12/2/05, Mitch Reid wrote: It claims it does although I have not verified it. I suppose you could check the registry referenced in: http://support.microsoft.com/?kbid=315231 On 12/1/05, AD wrote: Thanks Mitch, Very interesting. The source code is different then the actual executable. I sending an email to the developer. Hopefully he will reply. You wouldn't know if it encrypts the password would you? Yves From: Mitch ReidSent: Thu 01/12/2005 10:57 AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] AD related? not really... Sysinternals has a free utility that will automate the process: http://www.sysinternals.com/Utilities/Autologon.html On 12/1/05, AD wrote: We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url=""> -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~"Fortune and Love befriend the bold"~~~~~~~~~~~~~~~~~~~~~~~~~~~

slinehan

Posts:18

12/02/2005 12:05 PM
As I recall the tweakUI powertoy that can be downloaded from the microsoft.com web site will allow you to set autologon credentials that are encrypted as described below. Thanks, -Steve From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Mitch ReidSent: Thursday, December 01, 2005 2:25 PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] AD related? not really... It claims it does although I have not verified it. I suppose you could check the registry referenced in: http://support.microsoft.com/?kbid=315231 On 12/1/05, AD AD@xxxxxxxxxx> wrote: Thanks Mitch, Very interesting. The source code is different then the actual executable. I sending an email to the developer. Hopefully he will reply. You wouldn't know if it encrypts the password would you? Yves From: Mitch ReidSent: Thu 01/12/2005 10:57 AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] AD related? not really... Sysinternals has a free utility that will automate the process: http://www.sysinternals.com/Utilities/Autologon.html On 12/1/05, AD AD@xxxxxxxxxx> wrote: We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url="">

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] AD related? not really...

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads