• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 98
  • Last Modified:

How can I prevent Offline NT from being able to access the SAM hive without encrypting?

I'm concerned that a PC that is in a high risk area may be "lost" or stolen and want to ensure that non-default administrator account cannot be accessed.
1 Solution
Neil RussellTechnical Development LeadCommented:
If the machine is in an insecure area and has sensitive information on it then I would start by enforcing some kind of FULL DISK ENCRYPTION.

Not often I quote WiKipedia but in this instance its a good source for a whole lot of list all about your options.

At least then you know that nobody can access ANYTHING once it is off without your encryption password.
Without full-disk encryption, there is no way to prevent someone who has physical access to a computer with unlimited time from breaking into the computer.

Without whole-disk encryption, it is a trivial matter to do a cd/dvd 'rescue disk' and wipe out the passwords on all existing accounts in the SAM database.

Without whole-disk encryption, it is a trivial matter to remove the hard drive from the stolen computer and attach it to another Windows computer and mount the drive through there (or another OS that understands NTFS). All prior NTFS permissions protecting the data become moot.
Giovanni HewardCommented:
You're going to need either physical or logical controls (e.g. encryption), or both.  If you can lock the device in a cabinet, that may be the most practical solution for your scenario.
Lee W, MVPTechnology and Business Process AdvisorCommented:
I agree with everyone above - without encryption, your only as secure as you can physically make the server.

That said, WHY don't you want encryption?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now