Similar issues exist around EFS (since it uses DPAPI as well) IIRC One way to get around it is to use machine based (or at least pre-user auth) VPN technology. Don’t think Microsoft offers this much (except maybe Direct Access), but the 3rd party VPN suppliers do. Then your machine has connectivity to your DCs before you do a password change.
Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of David Connors Sent: Tuesday, 7 May 2013 7:32 AM To: ozDotNet Subject: Re: Windows forgetting app passwords On Mon, May 6, 2013 at 7:53 PM, mike smith <[email protected]<mailto:[email protected]>> wrote: I really wouldn't want something like DPAPI to be able to work across multiple machines. The idea is what is the fail. Hooking a pw change? YUK! That is precisely how it works. Problem is it doesn't appear to very well in a corporate environment (well, not in mine where we have zero servers in the office and everything lives in the DC). David.
