Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Storing Windows passwords

I'm writing (in C# with .NET 3.5) an administrative application which will poll multiple Windows systems for various bits of data. In many cases it will use WMI, but in some cases it may need to read remote registry or remotely execute some command or script on the polled system. This polling will happen at repeating intervals - usually nightly, but can be configured to happen more (or less) frequently. So the poll could happen as often as every 10 minutes or as rarely as once a month. It needs to happen in an automated way, without any human intervention.

These functions will require admin-level access to the polled systems. Now, I expect that in most use cases, there will be a domain, and the polling application can run as a service with Domain Admin (or equivalent) privileges, which means I do not have to worry about storing passwords - the admin setting up the app will define the service's username/password via standard Windows mechanisms.

But there's always a few black sheep out there. The program may run in nondomain environments, or in cases where some polled systems are not members of the domain. In these cases we will have to define a username and password, store them securely, then invoke this user/pass pair at the time we poll that system. So keep in mind - in this case the program being written is the user who sends password to the authenticating system.

I am not sure whether I will need to use a reversible hash which I then decrypt to plaintext at time of use, or if there is some Windows mechanism which would allow me to store and then reuse the hash only. Obviously the second mechanism is preferable; I'd like my program to either never know the password's plaintext value, or know it for the shortest amount of time possible.

I need suggestions for smart and secure ways to accomplish this.

Thanks for looking!

like image 552
quux Avatar asked Sep 06 '08 05:09

quux


People also ask

Where Windows passwords are stored?

Windows password hashes are stored in the SAM file; however, they are encrypted with the system boot key, which is stored in the SYSTEM file. If a hacker can access both of these files (stored in C:WindowsSystem32Config), then the SYSTEM file can be used to decrypt the password hashes stored in the SAM file.

Is it safe to store passwords on PC?

As a general rule, I'd recommend against it (with some obvious exceptions where the computer requires that passwords be saved in order to verify what you enter to gain access to something that's password-protected - like your user login or a BIOS password if used - but only in the BIOS) or products like Family Safety ...

Does Windows have a password keeper?

Windows Password Manager. For any device running the Microsoft Windows OS, Keeper Password Manager and Digital Vault is the most secure way to keep your passwords and personal information safe and protected.


1 Answers

The answer is here:

How to store passwords in Winforms application?

like image 50
1800 INFORMATION Avatar answered Sep 20 '22 09:09

1800 INFORMATION