Guest Oscar P. Posted July 19, 2007 Posted July 19, 2007 Does the enabling of a SYSKEY startup password realistically provide any greater security for a 2K3 domain controller SAM database against on-line attacks? It seems to me that, with the tools available today, if an attacker is able to remotely gain access to the SAM and key and copy them off to the mother ship for processing, it wouldn't matter whether SYSKEY was using a startup-provided password, or locally-stored password. Thanks Oscar Quote
Guest James Matthews Posted July 20, 2007 Posted July 20, 2007 Yes people can grab your hashes and put them into rainbow tables and crack them in a matter of minutes however that only if 1. LSASS.EXE can be injected to (or the user has debug privs). 2. The under is running at NY/SYSTEM 3. Your password is not 16+ chars and those 16 should be letters number and symbols! Now Syskey protects the Sam file and believe me it's not good without it -- http://www.goldwatches.com/watches.asp?Brand=14 "Oscar P." <OscarP@discussions.microsoft.com> wrote in message news:1C2BE1A2-1898-4A03-A2E6-5B556753CAA4@microsoft.com... > Does the enabling of a SYSKEY startup password realistically provide any > greater security for a 2K3 domain controller SAM database against on-line > attacks? > > It seems to me that, with the tools available today, if an attacker is > able > to remotely gain access to the SAM and key and copy them off to the mother > ship for processing, it wouldn't matter whether SYSKEY was using a > startup-provided password, or locally-stored password. > > Thanks > Oscar Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.