Solved

How can I prevent Offline NT from being able to access the SAM hive without encrypting?

Posted on 2014-12-09
4
74 Views
Last Modified: 2014-12-15
I'm concerned that a PC that is in a high risk area may be "lost" or stolen and want to ensure that non-default administrator account cannot be accessed.
0
Comment
Question by:flipm0
4 Comments
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 40489864
If the machine is in an insecure area and has sensitive information on it then I would start by enforcing some kind of FULL DISK ENCRYPTION.

Not often I quote WiKipedia but in this instance its a good source for a whole lot of list all about your options.
http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

At least then you know that nobody can access ANYTHING once it is off without your encryption password.
0
 
LVL 12

Expert Comment

by:Sommerblink
ID: 40489964
Without full-disk encryption, there is no way to prevent someone who has physical access to a computer with unlimited time from breaking into the computer.

Without whole-disk encryption, it is a trivial matter to do a cd/dvd 'rescue disk' and wipe out the passwords on all existing accounts in the SAM database.

Without whole-disk encryption, it is a trivial matter to remove the hard drive from the stolen computer and attach it to another Windows computer and mount the drive through there (or another OS that understands NTFS). All prior NTFS permissions protecting the data become moot.
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 40490146
You're going to need either physical or logical controls (e.g. encryption), or both.  If you can lock the device in a cabinet, that may be the most practical solution for your scenario.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40490185
I agree with everyone above - without encryption, your only as secure as you can physically make the server.

That said, WHY don't you want encryption?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Hi Friends, These registry tweaks will help you optimizing your Windows 7 system for any VDI. This will improve the machine performanance and can be used on normal systems also. These are few registry tweaks which will add value by enhancing the …
One of the features I've come to appreciate about Windows 7 and Windows Server 2008 R2 is the ability to pin applications to the task bar. As useful a feature as I've found this, it does have some quirks.  For example, have you ever tried pinning an…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now