Location of Office 2010 option file(s)?


W

Wolf K

OK, I looked :)

In my registry editor, those two entries are shown in red, and they look
empty.

I also looked with regedit; there they are shown in black, but they
still look empty.

Now I feel deprived...
Search on Windows Password Recovery Utilities.
 
Ad

Advertisements

V

VanguardLH

Wolf said:
Search on Windows Password Recovery Utilities.
Those hack at the memory copy of the SAM hive, not attack the partially
encrypted SAM file on the hard disk. The SAM database is at the heart
of the domain model. There is more than just login credentials stored
in there: user accounts, group accounts, policies for each, trust
relation accounts (SAM contains the Local Security Authority secrets
used in trusts and domain controller account passwords), domain
synchronization via NetLogon service, computer accounts (each NT machine
changes its computer-account password every 7 days), like between PDCs
and BDCs, SID (security identifier) assignment and tracking, etc. The
SAM is completely loaded into memory (some hives aren't loaded until
needed) and not allowed to page out to ensure maximum speed.

Something to try in a virtual machine: change permissions on the
HKLM\SAM and HKLM\SECURITY keys so you can expand those keys to reveal
the structure of the SAM. Modify the permissions by adding your user
account with Full Control to each subkey. I'm not interested in trying
this but read about it so maybe it works, maybe not.

Another trick I read about is running regedit.exe under the privilege
tokens for the SYSTEM account. That is, run regedit under the System
account. One way is to use SysInternals' psexec to specify the account
context for a process, as in "psexec.exe -s -i regedit.exe". You don't
have read permissions on those keys either as a regular or admin user
but the System account does.
 
G

Gene E. Bloch

I had not thought of this trick to hide registry keys until I read it
while researching my response to Stan. Before that I only knew that
regedit didn't show everything of the registry's database. I has been
way too long since I last touched on that subject. I'm too old now so
new data pushes out old data -- FIFO, and only so many engrams remaining
nowadays while fuzzy logic is becoming more dominant. Time to reserve
some books on the registry at the library to do a refresh but then I'll
probably overwrite the engrams of my last highschool girlfriend's face
(the rest I'll remember for longer).
ISTM that it is never a good idea to forget your last high school
girlfriend's face.

I'll probably not try your experiment, since messing with the registry
is never fun for me :)

That's just an excuse, really...and I'm willing to believe that the
changed permissions will make those entries behave like the originally
hidden ones.

I should have mentioned that the program that shows the forbidden
entries in red is Registry Workshop. It's not free, but it does put the
fun back in registry editing. Searches, for instance, are useable, and
changes are backed up.
 
G

Gene E. Bloch

Search on Windows Password Recovery Utilities.
Why?

That seems out of context to me, but maybe you're telling me that those
utilities will make those registry entries visible?
 
G

Gene E. Bloch

No, you missed my point. Or maybe I didn't make it clearly enough. My
preference is not to have a registry at all.
OSX seems to do fine without one[1], and the lack of a registry makes
uninstalling programs much easier - but only sometimes.

[1] My knowledge is old. Maybe OSX has changed since then.
 
Ad

Advertisements

W

Wolf K

Those hack at the memory copy of the SAM hive, not attack the partially
encrypted SAM file on the hard disk. [...]
Not if they're running from a Linux live CD.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top