This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Local Security Authority Subsystem Service
Local Security Authority Subsystem Service

Version management

Difference between version and

At line 1 added 31 lines
!!! Overview
[{$pagename}] ([LSASS]) stores [credentials] in memory on behalf of users with active [Microsoft Windows] [sessions].
[{$pagename}] allows [Single Sign-On] and [Access Control] to [network] [resources], such as file shares, Exchange Server mailboxes, and SharePoint sites, without re-entering their [credentials] for each remote service.
[{$pagename}] can store credentials in multiple forms, including:
* Reversibly encrypted plaintext
* [Kerberos] tickets ([TGTs], service tickets)
* [NT hash|NTLM]
* [LM hash]
If the user logs on to Windows by using a smart card, [LSASS] will not store a plaintext [password], but it will store the corresponding [NTLM] [hash] value for the account and the plaintext [PIN] for the [Smart Card].
If the [User-Account-Control Attribute Value] attribute is enabled for a [SMARTCARD_REQUIRED] for interactive logon, a random [NTLM] [hash] value is automatically generated [{$pagename}] for the account instead of the original password [hash]. The password hash that is automatically generated when the attribute is set does not change.
If a user logs on to Windows with a password that is compatible with [LM hash], this authenticator will be present in memory.
Beginning with [Windows Server 2008 R2] and [Windows 7], the storage of plaintext credentials in memory cannot be disabled, even if the credential providers that require them are disabled.
The stored credentials are directly associated with the [LSASS] logon sessions that have been started since the last restart and have not been closed.
For example, [LSA] sessions with stored [LSA] [credentials] are created when a user does any of the following:
* Logs on to a local session or [RDP] session on the computer
* Runs a task by using the RunAs option
* Runs an active Windows service on the computer
* Runs a scheduled task or batch job
* Runs a task on the local computer by using a remote administration tool
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop