delete LSA cache password ?

Giganews Newsgroups
Subject: delete LSA cache password ?
Posted by:  bigstyle [MVP] (bigstyle75@nospam.free.fr)
Date: Wed, 18 Apr 2007

Hello,

First of all, sorry if I make mistakes but I am french :D

Some of you have ever found a solution to prevent attacks that let
hackers discovering some users password thanks to the LSA Cache stored
in the registry ?

1) Can we just delete specific entries in the registry ?

2) I have read that the LSA cache is storing the domain user
credentials but my password doesn't appear when I dump the LSA cache.

3) I have read too that I should have to modify the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\cachedlogonscount but to my opinion this is
not the right key.

Thanks for your advices.

Regards,

--

bigstyle
MVP Windows Server - Directory Services
MCSE 2000/2003 Security

Replies