I've two machines MachineA and MachineB. Both have two local accounts which have same username . Both accounts are local admin on those machines.
If they have same password, I'm able to access \\MachineA\C$ from MachineB.
But if I change any one password above doesn't work. And it prompts for username and password. Now if I provide MachineA\username and password, it then connects.
Why isn't there a prompt for password when passwords are same? I expected passwords to be hashed with random salt, how does windows know passwords are same and authorize access?
These machines are running Windows Server 2008 R2.
PS. I've created following reg key to enable drive accessHKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy to 1
Answer
After you log in, Windows takes your entered password and stores its LM and NT hashes in kernel memory, in order to provide this single-signon function on workgroups and NT4 domains. (On Active Directory domains, the Kerberos TGT obtained during login is stored as well.)
User-space programs cannot access these hashes directly1, but they can ask the kernel to connect to a SMB server using the stored password/ticket, or to perform NTLM challenge-response or Kerberos authentication on behalf of the program (for other protocols such as IMAP or HTTP).
Also, Windows NT uses unsalted MD4 hashes for both local authentication and NTLM, but this is not important – it could just as well keep the plain-text password in memory if it was necessary.
1 There is a tool WCE which, given sufficient privileges, can examine kernel memory and display the stored credentials.
No comments:
Post a Comment