Solved

How can I prevent Offline NT from being able to access the SAM hive without encrypting?

Posted on 2014-12-09
4
94 Views
Last Modified: 2014-12-15
I'm concerned that a PC that is in a high risk area may be "lost" or stolen and want to ensure that non-default administrator account cannot be accessed.
0
Comment
Question by:flipm0
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 40489864
If the machine is in an insecure area and has sensitive information on it then I would start by enforcing some kind of FULL DISK ENCRYPTION.

Not often I quote WiKipedia but in this instance its a good source for a whole lot of list all about your options.
http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

At least then you know that nobody can access ANYTHING once it is off without your encryption password.
0
 
LVL 12

Expert Comment

by:Sommerblink
ID: 40489964
Without full-disk encryption, there is no way to prevent someone who has physical access to a computer with unlimited time from breaking into the computer.

Without whole-disk encryption, it is a trivial matter to do a cd/dvd 'rescue disk' and wipe out the passwords on all existing accounts in the SAM database.

Without whole-disk encryption, it is a trivial matter to remove the hard drive from the stolen computer and attach it to another Windows computer and mount the drive through there (or another OS that understands NTFS). All prior NTFS permissions protecting the data become moot.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 40490146
You're going to need either physical or logical controls (e.g. encryption), or both.  If you can lock the device in a cabinet, that may be the most practical solution for your scenario.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 40490185
I agree with everyone above - without encryption, your only as secure as you can physically make the server.

That said, WHY don't you want encryption?
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question