> > 4. Did you check the contents of the Run, > > RunServices, RunOnce Registry keys (if the target > > system is a MS platform)? > > No - but I'd like a tool that can decipher the 'ntuser.dat' > file, so we > don't have to log on as the specific user that caused the problems. > Does anyone known of a way of 'reading'/enumerating a users own > registryfile (HKCU)? There is supposedly a driver for Linux, to mount > the registryfile - and browse everything like a directory. But that > seems to be like crossing the river for water... Assuming the user has previously logged on the machine, the entire user registry profile will be stored under HKLU, and listed by the user's SID. Regards, Ryan Hill, MCSE Network & Systems Engineer Corporate Information Systems Telecommunication Systems, Inc. (TCS) - http://www.telecomsys.com v: 206.792.2276 - f: 206.792.2001 pgp: 0x17CE70AB ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 20:04:17 PDT