After learning the basic principles of security, let's take a closer look at management accounts and passwords in a family of systems Windows NT. On all computers running Windows NT and networked computers running Windows 2000, information about the account names and passwords are contained in the database manager security service (SAM - Security Access Manager). Passwords are stored encrypted and can not be decrypted using known methods (although the encrypted value can be chosen, as will be shown in Chapter 8, "Expanding the sphere of influence").
The procedure for encryption is called a one-way function (USF) Go hashing algorithms, hash value can not be decrypted. In this book, we are often very detailed and will speak about hash functions. SAM is one of five major sections of the registry and implemented file% syscemroot% sy5tem32 conf ig sam.
On domain controllers running Windows 2000 (and newer versions of the operating system) account name and password hashes are stored service Active Directory (the default is the file% sysCemroot% ntdsVntds.dit).
Hashes are stored in the same format, but are accessed in different ways.
When using the NT password hashes are stored directly in the SAM. Starting with version NT4, Service Pack 3. , Microsoft has provided the possibility of using another layer of encryption of hashed passwords SAM, which is called SYSKEY. SYSKEY (the abbreviated name of SYStem KEY-key system), and calculates a random 128-bit key and that key again encrypts the password hashes (only a hash function, not just the file SAM). To enable encryption SYSKEY in NT4, you must run SYSKEY.
Clicking the Update button and this window, you will be able to configure other options SYSKEY, namely - to determine how and where will be stored SYSKEY. SYSKEY can be stored in one of three modes.
Stored in the registry and is provided automatically at boot time (Default setting)
Stored in the registry, but is blocked by a password which you must enter at boot time.
Stored on a floppy disk and must be provided during the download.
The choice of these regimes is shown in the following figure.
As in Windows 2000 by default in Windows Server 2003 Mode 1 is implemented, so passwords are stored in the SAM database or Active Directory, hashed and encrypted value SYSKEY. No need to set these settings manually in the operating system versions, starting with NT4 SP3 and above. In Chapter 8, "Expansion of sphere of influence" and 14 "physical attack", will describe the methods of key SYSKEY and by hackers to bypass this protection mechanism.