Placing the SAM?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Placing the SAM?

  1. #1
    Junior Member
    Join Date
    Mar 2005
    Posts
    9

    Placing the SAM?

    Is there some way to configure windows to place its SAM somewhere else rather than the default %systemroot%\system32\config\. May be it could be an additional security step.
    .............._...... _.......__
    ./\\../.|..|.|...|...|_../\\..|_|
    /..\\/..|_| |_.|_ |_ /..\\ |\\

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    I don't see how it increases security. The SAM file is not readable by non-admin users anyway, so in order to obtain it you would need to either have a local admin account anyway, or obtain physical access to the machine to read the SAM file directly (by booting off another OS for example, or resetting the local admin password)

    Slarty

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    It's security by obscurity... which, in many ways, I am a proponent of... I like making the job of the attacker more difficult. However, if an attacker goes to the normal location of the SAM and finds it isn't there do you think he's going to give up? He _knows_ it has to exist or the computer won't boot - so he knows it exists - he knows it's called SAM - he can search for it.

    Want to be more "obscure"? Write a script to create a folder called "SAMS" with 10,000 subfolders called sam1, sam2, sam3 etc. and hide the real SAM in one of them... That'll slow him down...

    Of course, that assumes you _can_ change it's location, which I doubt.....

    Correct me if I'm wrong.... I have a couple of machines I'd be happy to play this game on...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Want to be more "obscure"? Write a script to create a folder called "SAMS" with 10,000 subfolders called sam1, sam2, sam3 etc. and hide the real SAM in one of them... That'll slow him down...
    lmfao...that is just plain mean.


    but doing this would also help against these password cracking tools on bootable cds becasue they all know where the sam is and edit it, so if its not there, then the programs wont work.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Originally posted here by Tiger Shark
    Want to be more "obscure"? Write a script to create a folder called "SAMS" with 10,000 subfolders called sam1, sam2, sam3 etc. and hide the real SAM in one of them... That'll slow him down...
    [/B]
    I wrote a program that did that about eight years ago and tested it on a Novel server's file system. I ended up filling all of the space on that sever. We had a quota on the amount of megs in files we could have, but it did not count directories, just the files in them. Even a directory takes up a little bit of space in the file system. Then again, the whole sever may have had only 2Gigs.

  6. #6
    Junior Member
    Join Date
    Mar 2005
    Posts
    9
    I don't know why you
    ... don't see how it increases security. The SAM file is not readable by non-admin users anyway, so in order to obtain it you would need to either have a local admin account anyway, or obtain physical access to the machine to read the SAM file directly (by booting off another OS for example, or resetting the local admin password)
    For example say, an attacker has a NTFSDos bootable floppy disk, physical access to the system, limited time and wanted to crack in the system. He/She will just copy the SAM from there and do the rest of the things at home. How if the attacker is not able to find the SAM itself, he/she will not just fool around in DOS to find the SAM.

    My question is, Can we configure windows to place its SAM somewhere else or RENAME it?

    Cheers
    .............._...... _.......__
    ./\\../.|..|.|...|...|_../\\..|_|
    /..\\/..|_| |_.|_ |_ /..\\ |\\

  7. #7
    Member
    Join Date
    Jun 2004
    Posts
    77

    Re: Placing the SAM?

    Originally posted here by nuClear
    Is there some way to configure windows to place its SAM somewhere else rather than the default %systemroot%\system32\config\. May be it could be an additional security step.
    IMHO, this is the wrong approach. you should look at your overall security architecture
    some of the things you could do might be
    1) to set BIOS passwords so that changing the bootup sequence of the comp is difficult ( although there might be ways to bypass BIOS passwords)
    2) set the bootup sequence not to start from floppy/cdrom
    3) according to your policies, disallow CDROMs/Floppy drives to be not accessible for users..
    4) Tighten your physical security so that no one has unauthorised access to the comp in question
    5) 2 factor authentication
    6) one time passwords.. etc etc

  8. #8
    Junior Member
    Join Date
    Mar 2005
    Posts
    9
    You mean physical security is better... Ok I agree.

    but being a newbie I could not understand what are these...
    5) 2 factor authentication.
    6) one time passwords.. etc etc
    I really don't know about them.
    .............._...... _.......__
    ./\\../.|..|.|...|...|_../\\..|_|
    /..\\/..|_| |_.|_ |_ /..\\ |\\

  9. #9
    Member
    Join Date
    Jun 2004
    Posts
    77
    Originally posted here by nuClear
    You mean physical security is better... Ok I agree.

    but being a newbie I could not understand what are these...


    I really don't know about them.
    if you googled for one time passwords or 2 factor authentication, there are many link you can go to to know what are they..
    good luck!

  10. #10
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Not to seem rude, but does anyone have an answer to the original poster's question? (Can you move the SAM file?) I'm quite interested and I can't seem to find anything on Google about it.

    - Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •