Task Schedule Credentials - where stored?

[D Barry]

Can't believe that I cant find this info after all my searching, but
just where and how does the win2K and XP Task Schedulers store the
RunAs credentials (password).

Can some one point my to MS documentation. Basically, I'd like to
know how securely those credentials are stored.

Thanks

d.

 

[tlviewer]

Can't believe that I cant find this info after all my searching, but
just where and how does the win2K and XP Task Schedulers store the
RunAs credentials (password).

Can some one point my to MS documentation. Basically, I'd like to
know how securely those credentials are stored.

Thanks

d.

Unless you work for them, its not documented!

This kind of thing is easy to delimit by running monitor
software in the background.

My guess is that the Pwd is encrypted somewhere in the usual
profile like
C:\Docume~1\<user>\Application Data\Microsoft\Protect\<sid>

Try running FileMon.exe from www.sysinternals.com while you
reset the credentials of a task/job in the Mstask GUI.

hth,
msp

 

[tlviewer]

Can't believe that I cant find this info after all my searching, but
just where and how does the win2K and XP Task Schedulers store the
RunAs credentials (password).

Can some one point my to MS documentation. Basically, I'd like to
know how securely those credentials are stored.

Thanks

d.

Unless you work for them, its not documented!

This kind of thing is easy to delimit by running monitor
software in the background.

My guess is that the Pwd is encrypted somewhere in the usual
profile like
C:\Docume~1\<user>\Application Data\Microsoft\Protect\<sid>

Try running FileMon.exe from www.sysinternals.com while you
reset the credentials of a task/job in the Mstask GUI.

P.S.
I tried for 20 minutes. Here's a few solid facts that I
noted:

1) when the Pwd is changed, its not stored in the
WinNT/tasks/*.JOB

2) the OS makes no attempt to use the Pwd until
the JOB is run, when it does a login. If the Pwd
and User don't match, then the JOB fails and the
error is written to the Mstask LOG file.

3) When you open the Mstask Property Page to change
the Pwd, this key pair is read:

C:\Docume~1\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18

That container is defined early in the life of the OS when
the Mstask GUI is first used.

4) there were some writes into this file

C:\WINNT\security\Database\secedit.sdb

hth,
msp

 

[Pegasus \(MVP\)]

Can't believe that I cant find this info after all my searching, but
just where and how does the win2K and XP Task Schedulers store the
RunAs credentials (password).

Can some one point my to MS documentation. Basically, I'd like to
know how securely those credentials are stored.

Thanks

d.

All Win2000 account passwords are stored in
c:\winnt\system32\config\sam. They are encrypted,
and can be cracked if you attack them with sufficient
computing power. This is why it is important to make
them sufficiently long. I suspect that a 10-character
password, which is NOT a dictionary word, would
keep a Pentium 4 busy for a few years.

When you supply a password while logging on, in the
Task Scheduler, for the runas command or for the
screen saver, that password is encrypted, then
compared with the encrypted password in the SAM
file.

 

[D Barry]

Thanks tlviewer -- at least I don'l feel so dumb now for not knowing
the answer. And thanks for your research to date -- that was above
and beyond ;-). I'll give sysinternals a try this week.

 

[D Barry]

Not to sound doubtful, but I thought that was just for storage of
local credentials... although it would be a logical storage spot.