Is there some way to configure windows to place its SAM somewhere else rather than the default %systemroot%\system32\config\. May be it could be an additional security step.
Printable View
Is there some way to configure windows to place its SAM somewhere else rather than the default %systemroot%\system32\config\. May be it could be an additional security step.
I don't see how it increases security. The SAM file is not readable by non-admin users anyway, so in order to obtain it you would need to either have a local admin account anyway, or obtain physical access to the machine to read the SAM file directly (by booting off another OS for example, or resetting the local admin password)
Slarty
It's security by obscurity... which, in many ways, I am a proponent of... I like making the job of the attacker more difficult. However, if an attacker goes to the normal location of the SAM and finds it isn't there do you think he's going to give up? He _knows_ it has to exist or the computer won't boot - so he knows it exists - he knows it's called SAM - he can search for it.
Want to be more "obscure"? Write a script to create a folder called "SAMS" with 10,000 subfolders called sam1, sam2, sam3 etc. and hide the real SAM in one of them... That'll slow him down... ;)
Of course, that assumes you _can_ change it's location, which I doubt.....
Correct me if I'm wrong.... I have a couple of machines I'd be happy to play this game on... :D
lmfao...that is just plain mean.Quote:
Want to be more "obscure"? Write a script to create a folder called "SAMS" with 10,000 subfolders called sam1, sam2, sam3 etc. and hide the real SAM in one of them... That'll slow him down...
but doing this would also help against these password cracking tools on bootable cds becasue they all know where the sam is and edit it, so if its not there, then the programs wont work.
I wrote a program that did that about eight years ago and tested it on a Novel server's file system. I ended up filling all of the space on that sever. We had a quota on the amount of megs in files we could have, but it did not count directories, just the files in them. Even a directory takes up a little bit of space in the file system. Then again, the whole sever may have had only 2Gigs.Quote:
Originally posted here by Tiger Shark
Want to be more "obscure"? Write a script to create a folder called "SAMS" with 10,000 subfolders called sam1, sam2, sam3 etc. and hide the real SAM in one of them... That'll slow him down... ;)
[/B]
I don't know why you
For example say, an attacker has a NTFSDos bootable floppy disk, physical access to the system, limited time and wanted to crack in the system. He/She will just copy the SAM from there and do the rest of the things at home. How if the attacker is not able to find the SAM itself, he/she will not just fool around in DOS to find the SAM.Quote:
... don't see how it increases security. The SAM file is not readable by non-admin users anyway, so in order to obtain it you would need to either have a local admin account anyway, or obtain physical access to the machine to read the SAM file directly (by booting off another OS for example, or resetting the local admin password)
My question is, Can we configure windows to place its SAM somewhere else or RENAME it?
Cheers :)
IMHO, this is the wrong approach. you should look at your overall security architectureQuote:
Originally posted here by nuClear
Is there some way to configure windows to place its SAM somewhere else rather than the default %systemroot%\system32\config\. May be it could be an additional security step.
some of the things you could do might be
1) to set BIOS passwords so that changing the bootup sequence of the comp is difficult ( although there might be ways to bypass BIOS passwords)
2) set the bootup sequence not to start from floppy/cdrom
3) according to your policies, disallow CDROMs/Floppy drives to be not accessible for users..
4) Tighten your physical security so that no one has unauthorised access to the comp in question
5) 2 factor authentication
6) one time passwords.. etc etc
You mean physical security is better... Ok I agree.
but being a newbie I could not understand what are these...
I really don't know about them.Quote:
5) 2 factor authentication.
6) one time passwords.. etc etc
if you googled for one time passwords or 2 factor authentication, there are many link you can go to to know what are they..Quote:
Originally posted here by nuClear
You mean physical security is better... Ok I agree.
but being a newbie I could not understand what are these...
I really don't know about them.
good luck!
Not to seem rude, but does anyone have an answer to the original poster's question? (Can you move the SAM file?) I'm quite interested and I can't seem to find anything on Google about it.
- Xierox
If you move or delete the SAM file - Windows 2000 will create a new one on the next reboot with a blank administrator account password. I have had to do this many times when a help-desk tech tried to change the PC name and unjoin a domain simultaneously. XP on the other hand will most likely not ever boot all the way up again. Do this at yourwn risk.
there's another alternative to that if you are really afraid of someone breaking your SAM.Quote:
Originally posted here by nuClear
Is there some way to configure windows to place its SAM somewhere else rather than the default %systemroot%\system32\config\. May be it could be an additional security step.
you could look into the syskey utility..
http://support.microsoft.com/default...b;en-us;310105
I have not really did what you have asked, but my guess is the folder %systemroot%\system32\config\ is mapped to the registry, something like HKLM->SECURITY. If you change that, i guess Windows may break(??)...
someone with more experience on SAM please correct me thks
May be it could be possible by editing the installation files of the OS. Can we ask Miscrosoft to make a utility for that :)
SysKEy does little good amore unless you store it on a floppy, Samdump2 and SAMInside both decode SysKey with ease.