I wanted to test the relative strength of a password policy. I wanted to run a password cracking tool over different passwords, from a dictionary based password (like Banana42) to a random one (generated with Password Safe). Creating users setting passwords and running different password extraction tools was a lot of trouble.
I found a detailed [...]
Here is just a little update to my Notifu utility. It is a drop-in replacement (no new command-line switches) that features
Vista Home Premium and Vista Business support (same binary works on XP and Vista)
Better error handling on platforms that don’t support IUserNotification
Option to specify pop-up delay in seconds (/d 5 or /d 5000 will give [...]
I was a little overwhelmed by the reaction to my custom GINA. The good thing about it is that it motivated me to put a better version out that addresses all the comments I had so far, namely :
Allow force log off without being a member of the administrator group
Allow an arbitrary group to be [...]
UPDATED Feb. 2nd 2008 : There is an enhanced version out, with better code, features and documentation.
A friend of mine wanted a special group of users to be able to unlock a workstation without losing any data. Putting those uses in the administrator groups was not a solution, because the default behaviour of Windows was [...]
Microsoft wants you to run with lower privileges. They went out of their way in Windows Vista. You are a member of the Administrative group in Vista, but you the group is for deny only in your token. When you elevate, you get a new token without that deny group. Just like an administrator removing [...]
I was struggling with an strange error message, trying to retrieve a username from a desktop handle (HDESK). The Windows function LookupAccountName would always return error code 0×534 (that’s 1332 in decimal). Looking it up with GetLastError gave this :
No mapping between account names and security IDs was done
It would have happened with a Windows [...]
I was playing around with SSPI, the Security Support Provider Interface. I stumbled across a behavior that I cannot explain : you cannot call LoadLibrary when you are impersonating.
If you check you program with SysInternals (now Microsoft’s) Process Monitor, you’ll find an error saying”Bad Impersonation”.
LoadLibrary returns NULL and a call to GetLastError() says “Either a [...]