Secure Storage ? Did you mean 'Protected' Storage, more in line with the MS lexicon ? Then this is the task of PSTORES.EXE, not of LSASS.EXE The original LSASS.EXE is in fact the Local Security Administration Subsystem and it does a lot more. As the Local Security Authority component of the Windows NT Security Subsystem, it handles all aspects of security administration on the local computer, including access and permissions, and also works with the domain controllers for validation when and if needed. To quote Microsoft : (see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn ol/winxppro/reskit/prdp_log_tota.asp) Validation in Windows is performed by a protected subsystem called the Local Security Authority (LSA) </technet/prodtechnol/winxppro/reskit/gloss_rk_pro.asp?frame=true> , which maintains information about all aspects of local operating system security. In addition to providing interactive user authentication services, the LSA does the following: * Manages local security policy. * Manages audit policy and settings. * Generates tokens that contain user and group information as well as information about the security permissions for the user. The LSA validates your identity based on which entity issued your account. If it was issued by: * LSA. The LSA can validate your information by checking its own Security Accounts Manager (SAM) database. Any workstation or member server can store local user accounts and information about local groups. However, these accounts can only be used for accessing that workstation or computer. * Security authority for the local domain </technet/prodtechnol/winxppro/reskit/gloss_rk_pro.asp?frame=true> or for a trusted domain. The LSA contacts the entity that issued your account and asks it to verify that the account is valid and that you are the account holder. More detailed information on the Local Security Authority (LSA) at : http://www.microsoft.com/WINDOWS2000/techinfo/reskit/en/Distrib/dsbg_dat_doz q.htm _____________________________________________ Bruno Bellenger Sr. Network/Systems Administrator -----Original Message----- From: Michael Thompson [SMTP:mikeat_private] Sent: Monday, September 23, 2002 2:26 AM To: incidentsat_private Subject: Re: new IIS worm? (rcp lsass.exe) Hello Christian, (snip) lsass.exe is the Microsoft Secure Storage for 2000/NT and XP. It is responsable for managing secure storage in those enviroments. -- Best regards, Michael http://wwww.thompsonmike.co.uk/ <http://wwww.thompsonmike.co.uk/> PGP KeyID := 0x3CC985FA I just can't put it down. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com <http://aris.securityfocus.com> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 08:29:32 PDT