Ah, that does make sense; I was directing my comment at the idea that PES acts like a password filter, insofar as it doesn't change or wait for password changes, but re-reading your post now, I misinterpreted it.
--Steve On Fri, Mar 23, 2012 at 12:33 PM, Brian Desmond <[email protected]> wrote: > I assure you it's how it works. :) > > There's a rather limited number ways to run in-process in LSA to have that > level of access. Password filter is one of them. > > Thanks, > Brian Desmond > [email protected] > > w - 312.625.1438 | c - 312.731.3132 > > -----Original Message----- > From: Steve Kradel [mailto:[email protected]] > Sent: Friday, March 23, 2012 10:44 AM > To: NT System Admin Issues > Subject: Re: Microsoft's Password Export Server 3.1 x64 > > Apart from the sleep issue (and I realize this is an old thread), I'm not > sure I agree with Mr. Desmond... PCNS likely acts as an "always okay" > password filter, but PES's job is to yank password hashes out of LSA > on-demand, encrypt them symmetrically with an application key, and transmit > to the client (probably ADMT). > > --Steve > > On Fri, Mar 23, 2012 at 9:40 AM, Ziots, Edward <[email protected]> wrote: >> Sleep is over rated. >> >> Z >> >> >> >> Edward Ziots >> >> CISSP, Security +, Network + >> >> Security Engineer >> >> Lifespan Organization >> >> [email protected] >> >> >> >> From: James Rankin [mailto:[email protected]] >> Sent: Tuesday, March 13, 2012 5:36 AM >> To: NT System Admin Issues >> Subject: Re: Microsoft's Password Export Server 3.1 x64 >> >> >> >> I would just like to know....do you ever sleep? >> >> On 13 March 2012 09:28, Webster <[email protected]> wrote: >> >> Brian, >> >> I would just like to know if the customer can install it on a 2008 R2 >> domain controller. The download page only lists x64 2003 and 2008. >> It doesn't specifically say 2008 R2. I guess it will either install >> or not but just wanted to verify first. >> >> Thanks >> >> >> >> Carl Webster >> Consultant and Citrix Technology Professional >> >> http://www.CarlWebster.com <http://www.carlwebster.com/> >> >> >> On 3/13/12 2:35 AM, "Brian Desmond" <[email protected]> wrote: >> >> >>>I doubt it's much different but there may either a) be hard blocks in >>>the code if you don't hit the versions right or b) older PES' might >>>not load on newer Windows. It basically is a password filter though >>>that spins off a thread and listens for RPCs IIRC. It just returns >>>true for every password. >>> >>>Thanks, >>>Brian Desmond >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
