Also If you run ERD from the Backup utility it will create '%WinDir%\repair\regback' with the new SAM.
Remember if you do not store the passwords using the LMHash they are a lot harder to crack. Dave >> -----Original Message----- >> From: Pez Mohr [mailto:[EMAIL PROTECTED]] >> Sent: Wednesday, February 05, 2003 15:19 >> To: Kamran Muzaffer; Gedi; [EMAIL PROTECTED] >> Subject: Re: Unwanted programs on Win2K >> >> Kamran Muzaffer wrote: >> > Hi Gedi, >> > >> > I tried to _crack_ a .SAM file located in c:\WINNT\repair with LC4, >> > but it only shows Administrator and guest accounts and those are not >> > the current passwords either. I think windows saves the initial copy >> > of the password database there. That's the very reason why I think >> > its not that dangerous to leave that file there ( may be as a backup >> > ) because if it is so simple to recover all the Windows passwords, >> > than curing it, would have been the first step in all Win security >> > manuals. >> >> I heard something in the past about when first installing Windows, it >> will >> save a backup copy of the SAM to '%WinDir%\repair'. Whenever you use >> NTBACKUP, however, if you choose to backup 'System State', then it copies >> the SAM and puts it in '%WinDir%\repair' (if this is incorrect, please >> correct me). So if anyone has run NTBACKUP, be sure to head over to the >> repair directory, and delete the backups contained there. >> >> Pez Mohr >> [EMAIL PROTECTED] >> PGP Key: http://tinyurl.com/3rmk >> Fingerprint: 35F0 4088 BCA3 457C FDE4 3ABC 4E02 1AD7 9EBE 09FE
