|Subject:||delete LSA cache password ?|
|Posted by:||bigstyle [MVP] (email@example.com)|
|Date:||Wed, 18 Apr 2007|
First of all, sorry if I make mistakes but I am french :D
Some of you have ever found a solution to prevent attacks that let
hackers discovering some users password thanks to the LSA Cache stored
in the registry ?
1) Can we just delete specific entries in the registry ?
2) I have read that the LSA cache is storing the domain user
credentials but my password doesn't appear when I dump the LSA cache.
3) I have read too that I should have to modify the registry key
NT\CurrentVersion\Winlogon\cachedlogonscount but to my opinion this is
not the right key.
Thanks for your advices.
MVP Windows Server - Directory Services
MCSE 2000/2003 Security