Passwords are a basic element of computer security, but researchers have found that they are involved in a large number of security vulnerabilities. However, it is worth learning how Windows manages and executes passwords through the security account manager or SAM.
Windows Security Account Manager and password are very beneficial to any Management of Enterprise Desktop. Here are five things you don't know:
1. The security account manager has been a core part of Microsoft's operating system for many years and is now part of Windows 8.1. Sam's function is fixed in lsass.exe. Lsass.exe is a Windows Service located in c: \ Windows \ system32.
Windows SAM manages the passwords of local Windows accounts and manages password verification during logon.
2. The local security account manager file (technically part of the Windows registry) is called SAM and is located in c: \ windows \ system32 \ config \. On the domain controller, the SAM file is equivalent to the Active Directory database file ntds. dit.
Figure 1
3. The SAM file is locked and cannot access the loaded operating system, as shown in 1.
However, if a computer is started from a dynamic recovery disk such as ophcrack, the computer is completely accessible. This is one of the main reasons why Enterprise laptops and desktop hard drives need to be encrypted. However, if there are other vulnerabilities, the Windows Password may be exposed, so you cannot rely entirely on encryption.
4. the backup file of SAM is located in c: \ windows \ system32 \ repair \. If the password is regularly changed, the expired password will be contained in this file, but it is completely accessible to anyone logging on to the computer. You only need to create an account on the machine to provide unauthorized (and irresponsible) access to someone with bad intentions.
Figure 2
5. Use the New and Old LAN Manager (LM) hashes or a safer NTLM hashes to store passwords in the SAM file. By default, NTLM is used for Windows 7 and later versions. These two types of hashes can be cracked by the Rainbow Table. Rainbow table is a technique used to crack the hash algorithm. It was discovered 10 years ago by the Swiss Federal Polytechnic Institute's Philip Oechslin. Oechslin's ophcrack tool and Elcomsoft System Recovery are two well-known tools that use pre-computed password hashes to crack Windows passwords. Figure 2 shows available options in Elcomsoft System Recovery.
Another good tool for extracting Windows password hashes from the SAM file is pwdump. Note that although the Windows syskey program can be used to create more security in the SAM file, some tools such as Elcomsoft's Proactive System Password Recovery can destroy these controls.
Windows security account manager has few problems. Your local account may or may not be in your management category. However, it is worthwhile to know when, where, and how to work.
In view of all this, I can say with certainty that as long as it is related to the Windows Password, it is not really safe. Nothing is as fragile as a valuable asset-user password. Do your best to minimize risks.