I assure you it's how it works. :) There's a rather limited number ways to run in-process in LSA to have that level of access. Password filter is one of them.
Thanks, Brian Desmond [email protected] w - 312.625.1438 | c - 312.731.3132 -----Original Message----- From: Steve Kradel [mailto:[email protected]] Sent: Friday, March 23, 2012 10:44 AM To: NT System Admin Issues Subject: Re: Microsoft's Password Export Server 3.1 x64 Apart from the sleep issue (and I realize this is an old thread), I'm not sure I agree with Mr. Desmond... PCNS likely acts as an "always okay" password filter, but PES's job is to yank password hashes out of LSA on-demand, encrypt them symmetrically with an application key, and transmit to the client (probably ADMT). --Steve On Fri, Mar 23, 2012 at 9:40 AM, Ziots, Edward <[email protected]> wrote: > Sleep is over rated. > > Z > > > > Edward Ziots > > CISSP, Security +, Network + > > Security Engineer > > Lifespan Organization > > [email protected] > > > > From: James Rankin [mailto:[email protected]] > Sent: Tuesday, March 13, 2012 5:36 AM > To: NT System Admin Issues > Subject: Re: Microsoft's Password Export Server 3.1 x64 > > > > I would just like to know....do you ever sleep? > > On 13 March 2012 09:28, Webster <[email protected]> wrote: > > Brian, > > I would just like to know if the customer can install it on a 2008 R2 > domain controller. The download page only lists x64 2003 and 2008. > It doesn't specifically say 2008 R2. I guess it will either install > or not but just wanted to verify first. > > Thanks > > > > Carl Webster > Consultant and Citrix Technology Professional > > http://www.CarlWebster.com <http://www.carlwebster.com/> > > > On 3/13/12 2:35 AM, "Brian Desmond" <[email protected]> wrote: > > >>I doubt it's much different but there may either a) be hard blocks in >>the code if you don't hit the versions right or b) older PES' might >>not load on newer Windows. It basically is a password filter though >>that spins off a thread and listens for RPCs IIRC. It just returns >>true for every password. >> >>Thanks, >>Brian Desmond > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
