And by that, I mean it sounds like it gets notifications from AD, not just from the local machine.
From: David Kean Sent: Monday, May 6, 2013 10:06 AM To: ozDotNet Subject: RE: Windows forgetting app passwords DPAPI is supposed to handle password changes and resets: http://support.microsoft.com/kb/309408#7. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of mike smith Sent: Monday, May 6, 2013 2:53 AM To: ozDotNet Subject: Re: Windows forgetting app passwords On Mon, May 6, 2013 at 7:08 PM, David Connors <[email protected]<mailto:[email protected]>> wrote: On Mon, May 6, 2013 at 7:06 PM, mike smith <[email protected]<mailto:[email protected]>> wrote: It'd be storing the hashed user/pw that gets sent off for authentication, or it should. Then when you change your pw on the domain, the hash no longer works. Insecure if anyone else touches your computer, and you can't make that assumption in a work environment? See my next post on the thread. DSAPI is the issue - or rather - whoever designed it didn't consider that your password might get changed at places other than on your local PC. Fail. David. I really wouldn't want something like DPAPI to be able to work across multiple machines. The idea is what is the fail. Hooking a pw change? YUK! -- Meski http://courteous.ly/aAOZcv "Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough" - Adam Hills
