Storing Secrets in Windows

In addition to storing passwords in Active Directory or SAM databases, Windows Server 2003, Windows 2000, and Windows XP store passwords and other secrets in other locations for a variety of purposes.

LSA Secrets

The Local Security Authority (LSA) maintains information about all aspects of local operating system security. The LSA performs the following tasks:

  • Authenticates users

  • Manages local security policy

  • Manages audit policy and settings

  • Generates access tokens

In addition, the LSA stores information used by the operating system, known as LSA secrets. LSA secrets include items such as persistently stored Remote Access Service (RAS) information; trust relationship passwords; and user names, passwords, and account ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.