Author: mucki
Subject: deleting cached credentials
Posted: 18 November 2013 at 12:06pm
Hi.
Subject: deleting cached credentials
Posted: 18 November 2013 at 12:06pm
Hi.
I would like to delete cached Domain credentials on Windows PC's. ( XP and Windows 7)
This is possible when i open the registry as SYSTEM and then open the hive HLKM...SECURITY..CACHE.
There is a list of 10 entries with cached credentials and i want to Import a .reg file that overwrites all cached entries with zero's.
(when you open registry as admin, the SECURITY Folder in HKLM is empty so you must open Registry as SYSTEM.)
(opening regedit.exe as System on Windows XP --->in console enter this ---> at xx:xx /interactive "regedit.exe" then registry will open at Time xx:xx with the credentials from SYSTEM)
On Windows 7 i enter this command in a console window --> psexec.exe - i -d -s regedit.exe
i fount this info on the web about delete cached credentials:
*********************************************************************************
Now, coming to an interesting part which I recently came across; where do we look out for user credentials cached at the domain level??
If you launch Windows registry with SYSTEM level privilege and browse to "HKEY_LOCAL_MACHINE\SECURITY\CACHE", you will find a total of 10 entries starting from NL$1 to NL$10. These binary entries contain users cached credentials at the domain level.
If you launch Windows registry with SYSTEM level privilege and browse to "HKEY_LOCAL_MACHINE\SECURITY\CACHE", you will find a total of 10 entries starting from NL$1 to NL$10. These binary entries contain users cached credentials at the domain level.
***********************************************************************
So i would like to use psexec to open registry and then import a customized reg file where all values are filled with zero's.
can someone please explain me what i have to write in a Batch file that executes psexec.exe the way i need as SYSTEM and then enters the values from my reg. file in the registry without promt any messages ?
thank you very much for your help !