Security Account Manager
Security Account Manager ( SAM )
The Security Account Manager (SAM) is a database file in Windows XP, Windows Vista and Windows 7 that stores users' passwords.
It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, Active Directory authenticates remote users.
SAM uses cryptographic measures to prevent forbidden users to gain access to the system.
The user passwords are stored in a hashed format in a registry hive either as a LM hash or as a NTLM hash. This file can be found in
%SystemRoot%/system32/config/SAM
and is mounted on HKLM/SAM
.
In an attempt to improve the security of the SAM database against offline software cracking, Microsoft introduced the SYSKEY function in Windows NT 4.0. When SYSKEY is enabled, the on-disk copy of the SAM file is partially encrypted, so that the password hash values for all local accounts stored in the SAM are encrypted with a key (usually also referred to as the "SYSKEY"). It can be enabled by running the
syskey
program.
Comments
Post a Comment