> I've got a few posts that are all related but I've gotten a little
> farther and figured I should make a new post.
>
> I am writting a VB dotNet program that has to restart the PC halfway
> through.  In order to ensure it restarts with the same userid and
> password I have to setup the following registry entries:
>
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
> NT\CurrentVersion\Winlogon
>
> DefaultUserName "your_username"
> DefaultPassword "your_password"
> AutoAdminLogon "1"
> AutoLogonCount "1"
> The only problem is this stores the password in text format and
> unencrypted.
> Therefore I've been looking at ways to encrypt and save the password
> and
> have the system use it.
> I noticed that TweakUI (Microsoft PowerTool) does this when you setup
> the AutoLogon.  It assigns all of the keys identified above except the
> "DefaultPassword".
>
> After using "RegMon" (http://www.sysinternals.com) I've been able to
> determine that TweakUI is saving the logon password into the following
> registry location:
>
> HKLM/SECURITY/Policy/Secrets/DefaultPassword/
>
> and into the following keys:
>
> CupdTime
> CurrVal
> OldVal
> OupdTime
> SecDesc
> I had to change my Administrator Permissions to access this key in the
> registry.
>
> Now I need to know how to encrypt a password and store it into these
> keys.  I'm looking for code that will encrypt the password.  Once I've
> got that I should be able to set the values into the proper registry
> values.
>
> I'm not totally sure how to set the permissions to allow my program to
> update the registry permissions for the administrator.
>
> If someone could give me a code snippet (or point me in the correct
> direction where an example exists) that encrypts the password and
> changes the permissions for the program to assign the value into the
> registry I would be very appreciative.
>
> I'm thinking I need to prefix my main program with:
>
> <System.Security.Permissions.RegistryPermissionAttribute(System.Securi
> ty.Permissions.SecurityAction.Demand, _
> Unrestricted:=True)> Public Sub Main()
> For the encryption on the password I think I need to use something
> like this:
> Dim PDB As New PasswordDeriveBytes(Password, "")
> Dim Key() As Byte
> Key = PDB.CryptDeriveKey("RC2", "SHA", 128, "")
> What I'm not sure of is which Algorithim name (RC2) or Hash Name (SHA)
> to use for the logon password.  I believe this code isn't correct
> because it does not provide the same result as what is appearing in
> the registry now.  The CurrVal key appears to be 36bytes long.  The
> result of this code is a 16byte field.
>

"Dominick Baier [DevelopMentor]" wrote:

> Hello Larry,
>
> they are using something called a LSA Secret, only LOCAL SYSTEM has access
> to this API - and btw. it is not encrypted, it is only encoded. Grab a tool
> like LSADump, which shows you the decoded values.
>
> That said - i don't think thats the way to go...what does the AutoLogonCount
> value mean?
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > I've got a few posts that are all related but I've gotten a little
> > farther and figured I should make a new post.
> >
> > I am writting a VB dotNet program that has to restart the PC halfway
> > through.  In order to ensure it restarts with the same userid and
> > password I have to setup the following registry entries:
> >
> > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
> > NT\CurrentVersion\Winlogon
> >
> > DefaultUserName "your_username"
> > DefaultPassword "your_password"
> > AutoAdminLogon "1"
> > AutoLogonCount "1"
> > The only problem is this stores the password in text format and
> > unencrypted.
> > Therefore I've been looking at ways to encrypt and save the password
> > and
> > have the system use it.
> > I noticed that TweakUI (Microsoft PowerTool) does this when you setup
> > the AutoLogon.  It assigns all of the keys identified above except the
> > "DefaultPassword".
> >
> > After using "RegMon" (http://www.sysinternals.com) I've been able to
> > determine that TweakUI is saving the logon password into the following
> > registry location:
> >
> > HKLM/SECURITY/Policy/Secrets/DefaultPassword/
> >
> > and into the following keys:
> >
> > CupdTime
> > CurrVal
> > OldVal
> > OupdTime
> > SecDesc
> > I had to change my Administrator Permissions to access this key in the
> > registry.
> >
> > Now I need to know how to encrypt a password and store it into these
> > keys.  I'm looking for code that will encrypt the password.  Once I've
> > got that I should be able to set the values into the proper registry
> > values.
> >
> > I'm not totally sure how to set the permissions to allow my program to
> > update the registry permissions for the administrator.
> >
> > If someone could give me a code snippet (or point me in the correct
> > direction where an example exists) that encrypts the password and
> > changes the permissions for the program to assign the value into the
> > registry I would be very appreciative.
> >
> > I'm thinking I need to prefix my main program with:
> >
> > <System.Security.Permissions.RegistryPermissionAttribute(System.Securi
> > ty.Permissions.SecurityAction.Demand, _
> > Unrestricted:=True)> Public Sub Main()
> > For the encryption on the password I think I need to use something
> > like this:
> > Dim PDB As New PasswordDeriveBytes(Password, "")
> > Dim Key() As Byte
> > Key = PDB.CryptDeriveKey("RC2", "SHA", 128, "")
> > What I'm not sure of is which Algorithim name (RC2) or Hash Name (SHA)
> > to use for the logon password.  I believe this code isn't correct
> > because it does not provide the same result as what is appearing in
> > the registry now.  The CurrVal key appears to be 36bytes long.  The
> > result of this code is a 16byte field.
> >
>
>
>
>

> The LSA method isn't recommended
> (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secm
> gmt/security/lsastoreprivatedata.asp) besides I can not figure out how
> to reference it from within VB .Net.  I keep getting an error (tells
> me it's an invalid assembly) when I try to setup a reference to
> Advapi32.dll.  Do you know how?
>
> Local System or anyone with a "Full Control" premission can access the
> information.  Are you saying that there is no way to access this
> programatically?  DotNet help seems to indicate that this is not the
> case.
>
> Okay how do I "Encode" it?
>
> "AutoLogonCount" will decrement everytime the autologon is performed.
> When it reaches 0 the DefaultPassword is automatically removed from
> the registry.
>
> If you have a better way to logon automatically but hide the password
> securely then please let me know.
>
> "Dominick Baier [DevelopMentor]" wrote:
>
>> Hello Larry,
>>
>> they are using something called a LSA Secret, only LOCAL SYSTEM has
>> access to this API - and btw. it is not encrypted, it is only
>> encoded. Grab a tool like LSADump, which shows you the decoded
>> values.
>>
>> That said - i don't think thats the way to go...what does the
>> AutoLogonCount value mean?
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> I've got a few posts that are all related but I've gotten a little
>>> farther and figured I should make a new post.
>>>
>>> I am writting a VB dotNet program that has to restart the PC halfway
>>> through.  In order to ensure it restarts with the same userid and
>>> password I have to setup the following registry entries:
>>>
>>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
>>> NT\CurrentVersion\Winlogon
>>> DefaultUserName "your_username"
>>> DefaultPassword "your_password"
>>> AutoAdminLogon "1"
>>> AutoLogonCount "1"
>>> The only problem is this stores the password in text format and
>>> unencrypted.
>>> Therefore I've been looking at ways to encrypt and save the password
>>> and
>>> have the system use it.
>>> I noticed that TweakUI (Microsoft PowerTool) does this when you
>>> setup
>>> the AutoLogon.  It assigns all of the keys identified above except
>>> the
>>> "DefaultPassword".
>>> After using "RegMon" (http://www.sysinternals.com) I've been able to
>>> determine that TweakUI is saving the logon password into the
>>> following registry location:
>>>
>>> HKLM/SECURITY/Policy/Secrets/DefaultPassword/
>>>
>>> and into the following keys:
>>>
>>> CupdTime
>>> CurrVal
>>> OldVal
>>> OupdTime
>>> SecDesc
>>> I had to change my Administrator Permissions to access this key in
>>> the
>>> registry.
>>> Now I need to know how to encrypt a password and store it into these
>>> keys.  I'm looking for code that will encrypt the password.  Once
>>> I've got that I should be able to set the values into the proper
>>> registry values.
>>>
>>> I'm not totally sure how to set the permissions to allow my program
>>> to update the registry permissions for the administrator.
>>>
>>> If someone could give me a code snippet (or point me in the correct
>>> direction where an example exists) that encrypts the password and
>>> changes the permissions for the program to assign the value into the
>>> registry I would be very appreciative.
>>>
>>> I'm thinking I need to prefix my main program with:
>>>
>>> <System.Security.Permissions.RegistryPermissionAttribute(System.Secu
>>> ri
>>> ty.Permissions.SecurityAction.Demand, _
>>> Unrestricted:=True)> Public Sub Main()
>>> For the encryption on the password I think I need to use something
>>> like this:
>>> Dim PDB As New PasswordDeriveBytes(Password, "")
>>> Dim Key() As Byte
>>> Key = PDB.CryptDeriveKey("RC2", "SHA", 128, "")
>>> What I'm not sure of is which Algorithim name (RC2) or Hash Name
>>> (SHA)
>>> to use for the logon password.  I believe this code isn't correct
>>> because it does not provide the same result as what is appearing in
>>> the registry now.  The CurrVal key appears to be 36bytes long.  The
>>> result of this code is a 16byte field.

"Dominick Baier [DevelopMentor]" wrote:

> Hello Larry,
>
> advapi32.dll is not a assembly and has to be referenced using P/Invoke (DLLImport
> that is).
>
> I really would not go down the route using LSA secrets...how do you get the
> password that you want to use for autologon?
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > The LSA method isn't recommended
> > (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secm
> > gmt/security/lsastoreprivatedata.asp) besides I can not figure out how
> > to reference it from within VB .Net.  I keep getting an error (tells
> > me it's an invalid assembly) when I try to setup a reference to
> > Advapi32.dll.  Do you know how?
> >
> > Local System or anyone with a "Full Control" premission can access the
> > information.  Are you saying that there is no way to access this
> > programatically?  DotNet help seems to indicate that this is not the
> > case.
> >
> > Okay how do I "Encode" it?
> >
> > "AutoLogonCount" will decrement everytime the autologon is performed.
> > When it reaches 0 the DefaultPassword is automatically removed from
> > the registry.
> >
> > If you have a better way to logon automatically but hide the password
> > securely then please let me know.
> >
> > "Dominick Baier [DevelopMentor]" wrote:
> >
> >> Hello Larry,
> >>
> >> they are using something called a LSA Secret, only LOCAL SYSTEM has
> >> access to this API - and btw. it is not encrypted, it is only
> >> encoded. Grab a tool like LSADump, which shows you the decoded
> >> values.
> >>
> >> That said - i don't think thats the way to go...what does the
> >> AutoLogonCount value mean?
> >>
> >> ---------------------------------------
> >> Dominick Baier - DevelopMentor
> >> http://www.leastprivilege.com
> >>> I've got a few posts that are all related but I've gotten a little
> >>> farther and figured I should make a new post.
> >>>
> >>> I am writting a VB dotNet program that has to restart the PC halfway
> >>> through.  In order to ensure it restarts with the same userid and
> >>> password I have to setup the following registry entries:
> >>>
> >>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
> >>> NT\CurrentVersion\Winlogon
> >>> DefaultUserName "your_username"
> >>> DefaultPassword "your_password"
> >>> AutoAdminLogon "1"
> >>> AutoLogonCount "1"
> >>> The only problem is this stores the password in text format and
> >>> unencrypted.
> >>> Therefore I've been looking at ways to encrypt and save the password
> >>> and
> >>> have the system use it.
> >>> I noticed that TweakUI (Microsoft PowerTool) does this when you
> >>> setup
> >>> the AutoLogon.  It assigns all of the keys identified above except
> >>> the
> >>> "DefaultPassword".
> >>> After using "RegMon" (http://www.sysinternals.com) I've been able to
> >>> determine that TweakUI is saving the logon password into the
> >>> following registry location:
> >>>
> >>> HKLM/SECURITY/Policy/Secrets/DefaultPassword/
> >>>
> >>> and into the following keys:
> >>>
> >>> CupdTime
> >>> CurrVal
> >>> OldVal
> >>> OupdTime
> >>> SecDesc
> >>> I had to change my Administrator Permissions to access this key in
> >>> the
> >>> registry.
> >>> Now I need to know how to encrypt a password and store it into these
> >>> keys.  I'm looking for code that will encrypt the password.  Once
> >>> I've got that I should be able to set the values into the proper
> >>> registry values.
> >>>
> >>> I'm not totally sure how to set the permissions to allow my program
> >>> to update the registry permissions for the administrator.
> >>>
> >>> If someone could give me a code snippet (or point me in the correct
> >>> direction where an example exists) that encrypts the password and
> >>> changes the permissions for the program to assign the value into the
> >>> registry I would be very appreciative.
> >>>
> >>> I'm thinking I need to prefix my main program with:
> >>>
> >>> <System.Security.Permissions.RegistryPermissionAttribute(System.Secu
> >>> ri
> >>> ty.Permissions.SecurityAction.Demand, _
> >>> Unrestricted:=True)> Public Sub Main()
> >>> For the encryption on the password I think I need to use something
> >>> like this:
> >>> Dim PDB As New PasswordDeriveBytes(Password, "")
> >>> Dim Key() As Byte
> >>> Key = PDB.CryptDeriveKey("RC2", "SHA", 128, "")
> >>> What I'm not sure of is which Algorithim name (RC2) or Hash Name
> >>> (SHA)
> >>> to use for the logon password.  I believe this code isn't correct
> >>> because it does not provide the same result as what is appearing in
> >>> the registry now.  The CurrVal key appears to be 36bytes long.  The
> >>> result of this code is a 16byte field.
>
>
>
>