Tech Tips / Windows NT / Security

Cached credentials: Another security issue

It's amazing how often a simple convenience for you becomes a virtual gift horse for a cracker. And since it seems like everybody's attempting to breach network security, it helps to be aware of the conveniences that may be in place on your organization's network that could make cracking the system easier. Such is the retaining of cached credentials.

By default, NT workstations will cache the last ten sets of logon credentials received from a domain controller. This reduces the number of times a workstation has to contact a domain controller for verification of a logon request, and it often makes it possible to log on to a domain even when the domain controller isn't available on the network.

There's a registry tweak you can employ if you want to prevent these credentials from being cached, as you might if you're running a high-security network. Using Regedt32, add a REG_SZ value named CachedLogonsCount beneath the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon subkey. Set its value to 0 to prevent any caching, or to the number of cached credential sets you're willing to allow. This edit will work with Windows 2000 Professional as well.

Note: As always, we'll remind you that registry editing is risky, so be sure you have a verified backup before you make any changes.

Contact Us | Authors | Subject Index | Directory | RSS Feeds

Copyright ©2006