In tip 0004 ยป Bypassing the WinNT logon prompt, I described the registry entries to bypass the Windows NT and Windows 2000 Logon prompt, and automatically logon.
This has always presented a security risk, as the DefaultPassword is stored in plain text in the registry.
In Windows 2000, if you use the TweakUI Logon tab to set the registry entries, the DefaultPassword value name is NOT created at the Winlogon key. Instead, a <NO NAME> value name, using the REG_DWORD data type, is created at HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\DefaultPassword. This data value is encryted and NOT viewable by any means that I can find.
0 comments
Hide comments