Securing Windows 9x Passwords

[Matty_Cross]

Taken from searchWin2000.com.
Original Article Here

Earlier versions of Microsoft software are loaded with password problems, but there are several things you can do to make the platform more secure.

One of the most dangerous problems is that it cache's passwords in a way that makes them just a little too easy to get. However, a quick registry entry can disable password caching. You can affect this change by invoking your registry editor and navigating to:

HKEY_LOCAL_MACHINESOFTWAREMicrosoft
WindowsCurrentVersionPoliciesNetwork

Then set "DisablePwdCaching" to dword:00000001. While you're in there, consider hiding your share passwords by setting "HideSharePwds" to dword:00000001 too.

NOTE: Consult your system administrator before editing your registry. Always make sure you have a current backup of your data and registry before making changes. Manually changing your registry is generally unforgiving and rarely recommended by Microsoft and can void your support.

For home users and others that do not log into a domain or corporate network, some simple, non-technical practices can protect you too. Start by understanding that your Windows login password and screen saver passwords are stored locally on your computer in encrypted files and if an attacker gets access to your PC (for example, if an Outlook virus emails the file to him across the Internet), that these files are easily decrypted. For that reason, you should never use the same password for other systems. For instance, your online banking account password should not be the same as your Windows or screen saver passwords.

If you do log into a Windows domain or another type of corporate network, then it is possible to make your screen saver and Windows login both use the domain authentication. This lets you have a single password to remember, but it is not the same thing as having three passwords that are all set to the same word. Again, consult your system or network administrator for instructions specific to your network.

Just thought I'd post this, as although Windows 9x are not designed for office environments, they still are used in them, and anything that can be done to increase the security of business systems is worth looking into, even just so you know what is possible if the need arises.

This regedit would also be of significant use to home users who are interested in securing their Windows 9x boxes...

Security and Microsoft don't have to cancel each other out.. there are hundreds of changes like this that can be used to secure Windows 9x, and the same goes for NT-based OS's... While MS may not have the greatest security writen into their OS's, there are many things you can do to help alleviate the issues...

But that could really be said for all operating systems, can't it...

[Fakeboy]

Actually, I find that, even though they are being updated to Win2K. Windows 95 is the most popular OS on LapTops in the network environment. That post was some nice information.

[tomdcb]

Win95 ?? I guess you mean Win98.

[lench]

kewl thanx for that matty_cross

[mrcoffee12]

if you hadnt noticed, this is old "posted 06-04-2002 08:28 AM" and if you really want to thank him you should give him sone antipoints for making a good post. it may come in useful in the future...it is stored away deep in some vault of my brain now.

[shantz]

really helpful one

[DBEAUCHAMP]

This is a very good post ! Even if I used to administer NT domain with Win9x pc's in the past. It's the first time I eared about this one ! It would have helped in the old times, but now all my pc's are on NT and Win2K !

I'll keep it in mind anyway !

Tks again !

[The_Magistrate]

Originally posted here by Fakeboy
Actually, I find that, even though they are being updated to Win2K. Windows 95 is the most popular OS on LapTops in the network environment.

I would have to agree with Fakeboy, at my school, about a quarter of the teachers have a laptop assigned to them by the school. Most are old IBM Thinkpads, which can't run anything but Win95. The other few are apples(Ti Books, ibooks...) So other than a wholly different platform, most of the laptops I run across that are used in a network are running Win95.