Hi Jim,
ISTR that some keys need special security arrangements just to be
seen. I wonder if this is one of them?
Yep. I never realized that before. I have never had a reason to go
snooping in that key until your post.
<quote>
Now your natural reaction should be: WinKey-R, regedit, My Computer,
HKEY_LOCAL_MACHINE, SECURITY. You'll be disappointed I guess, nothing
visible in there. Check the permissions of the key and you'll see that only
the SYSTEM account has access to this key.
<quote>
Why preparing security demos can hurt ... I killed lsass.exe by mistake
http://community.bartdesmet.net/blogs/bart/archive/2005/08/18/3475.aspx
<quote>
Q: The Registry editor grays out the HKEY_LOCAL_MACHINE/SAM and
HKEY_LOCAL_MACHINE/SECURITY Registry hives on my Windows NT system. How can
I look at the content of these hives without resetting their ACLs?
A: You can use the At command or the Microsoft Windows NT Server 4.0
Resource Kit Winat utility to force NT to expose these usually protected
Registry hives. Use At and Winat to schedule an instance of a Registry
editor at a specified time. By default, your system runs the scheduled
session in the security context of the System account. The System account
has access to the HKEY_LOCAL_MACHINE/SAM and HKEY_LOCAL_MACHINE/SECURITY
Registry keys; thus, you can view the contents of these hives when your
scheduled session pops up. Be sure to use the /interactive switch or, if
you're using Winat, select the interactive option so that the scheduled
Registry editor session is visible on the desktop.
For example, to schedule a regedt32 session to pop up on the local machine
at 11:00 a.m., type the following command at an NT command prompt:
at 11:00 /interactive regedt32
<quote>
from...
Tricks & Traps: Ask Dr. Bob Your Windows NT Questions (May 1999)
http://www.microsoft.com/technet/archive/community/columns/tips/5-31-99.mspx
Looks like a key to stay out of. I have no intention of getting or using
the following utility, but here you are.
LSASecretsView v1.00
LSASecretsView is a small utility that displays the list of all LSA secrets
stored in the Registry on your computer. The LSA secrets key is located
under HKEY_LOCAL_MACHINE\Security\Policy\Secrets and may contain your
RAS/VPN passwords, Autologon password, and other system passwords/keys.
http://www.nirsoft.net/utils/lsa_secrets_view.html
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In