I've been doing some password strength auditing and one possible security hole that occured to me was user credentials stored by services. I know that NTLM hashes are weak and easily cracked by rainbow tables, etc. but how are the passwords stored in the registry by a service.
For example it's common for people to use an administrator account for Log On accross the network where Local System Account won't do. I know these passwords are stored in an encrypted part of the registry, but what type of encryption is used? Are they as vulnerable as NTLM hashes?
you may additionally secure the SAM database using the SYSKEY utility. the utility removes the encryption key from the windows-based computer.
Cached credentials security in Windows Server 2003, in Windows XP, and in Windows 2000
Windows NT System Key Permits Strong Encryption of the SAM
How to use the SysKey utility to secure the Windows Security Accounts Manager database
hope it helps,