none
a question about "C:\Documents and Settings\user\Application Data\Microsoft"

    Question

  • where could get the details about the files (Credentials,SystemCertificates,CryptnetUrlCache\Meta
    Data ,Crypto,CryptnetUrlCache\Content ),only knows about the public key and private key ,but need the details


    C:\Documents and Settings\user\Application Data\Microsoft>DIR /AS /Q /S
     驱动器 C 中的卷没有标签。
     卷的序列号是 D875-3440

     C:\Documents and Settings\user\Application Data\Microsoft 的目录

    2009-11-11  12:09    <DIR>          LILIANJIE\user             .
    2009-11-11  12:09    <DIR>          LILIANJIE\user             ..
    2009-05-21  09:02    <DIR>          LILIANJIE\user             Credentials
    2009-11-11  12:09    <DIR>          LILIANJIE\user             CryptnetUrlCache
    2009-05-21  09:03    <DIR>          LILIANJIE\user             Crypto
    2009-05-21  09:03    <DIR>          LILIANJIE\user             Protect
    2008-08-11  13:29    <DIR>          LILIANJIE\user             SystemCertificates
                   0 个文件              0 字节

     C:\Documents and Settings\user\Application Data\Microsoft\Credentials 的目录

    2009-05-21  09:02    <DIR>          LILIANJIE\user             .
    2009-05-21  09:02    <DIR>          LILIANJIE\user             ..
    2009-05-21  09:02    <DIR>          LILIANJIE\user             S-1-5-21-1343024091-1
    682526488-839522115-1003
                   0 个文件              0 字节

     C:\Documents and Settings\user\Application Data\Microsoft\Credentials\S-1-5-21-
    1343024091-1682526488-839522115-1003 的目录

    2009-05-21  09:02    <DIR>          LILIANJIE\user             .
    2009-05-21  09:02    <DIR>          LILIANJIE\user             ..
                   0 个文件              0 字节

     C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache 的目

    2009-11-11  12:09    <DIR>          LILIANJIE\user             .
    2009-11-11  12:09    <DIR>          LILIANJIE\user             ..
    2009-11-11  12:09    <DIR>          LILIANJIE\user             Content
    2009-11-11  12:09    <DIR>          LILIANJIE\user             MetaData
                   0 个文件              0 字节

     C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Cont
    ent 的目录

    2009-11-11  12:09    <DIR>          LILIANJIE\user             .
    2009-11-11  12:09    <DIR>          LILIANJIE\user             ..
    2009-11-11  12:09               558 LILIANJIE\user             A44F4E7CB3133FF765C39
    A53AD8FCFDD
                   1 个文件            558 字节

     C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Meta
    Data 的目录

    2009-11-11  12:09    <DIR>          LILIANJIE\user             .
    2009-11-11  12:09    <DIR>          LILIANJIE\user             ..
    2009-11-11  12:09               146 LILIANJIE\user             A44F4E7CB3133FF765C39
    A53AD8FCFDD
                   1 个文件            146 字节

     C:\Documents and Settings\user\Application Data\Microsoft\Crypto 的目录

    2009-05-21  09:03    <DIR>          LILIANJIE\user             .
    2009-05-21  09:03    <DIR>          LILIANJIE\user             ..
    2009-05-21  09:03    <DIR>          LILIANJIE\user             RSA
                   0 个文件              0 字节

     C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA 的目录

    2009-05-21  09:03    <DIR>          LILIANJIE\user             .
    2009-05-21  09:03    <DIR>          LILIANJIE\user             ..
    2009-05-21  09:03    <DIR>          LILIANJIE\user             S-1-5-21-1343024091-1
    682526488-839522115-1003
                   0 个文件              0 字节

     C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1
    343024091-1682526488-839522115-1003 的目录

    2009-05-21  09:03    <DIR>          LILIANJIE\user             .
    2009-05-21  09:03    <DIR>          LILIANJIE\user             ..
    2009-06-01  08:22                61 LILIANJIE\user             d1adb89f57202f6f2b1b0
    c17c20f91ff_7af661bb-c176-4e00-9bfa-39a407ce9229
    2009-05-21  09:03                45 LILIANJIE\user             f58155b4b1d5a524ca026
    1c3ee99fb50_7af661bb-c176-4e00-9bfa-39a407ce9229
                   2 个文件            106 字节

     C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer 的
    目录

    2009-09-04  08:38             2,694 LILIANJIE\user             Desktop.htt
                   1 个文件          2,694 字节

     C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Qui
    ck Launch 的目录

    2009-05-21  09:03                56 LILIANJIE\user             desktop.ini
                   1 个文件             56 字节

     C:\Documents and Settings\user\Application Data\Microsoft\Protect 的目录

    2009-05-21  09:03    <DIR>          LILIANJIE\user             .
    2009-05-21  09:03    <DIR>          LILIANJIE\user             ..
    2009-05-21  09:03                24 LILIANJIE\user             CREDHIST
    2009-09-04  08:38    <DIR>          LILIANJIE\user             S-1-5-21-1343024091-1
    682526488-839522115-1003
                   1 个文件             24 字节

     C:\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1343
    024091-1682526488-839522115-1003 的目录

    2009-09-04  08:38    <DIR>          LILIANJIE\user             .
    2009-09-04  08:38    <DIR>          LILIANJIE\user             ..
    2009-09-04  08:38               388 LILIANJIE\user             a82c3ef6-aec5-4306-9a
    d7-82916a3861f2
    2009-05-21  09:03               388 LILIANJIE\user             f47bfb48-6f54-4410-8f
    ea-d832c8824271
    2009-09-04  08:38                24 LILIANJIE\user             Preferred
                   3 个文件            800 字节

     C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates 的
    目录

    2008-08-11  13:29    <DIR>          LILIANJIE\user             .
    2008-08-11  13:29    <DIR>          LILIANJIE\user             ..
    2008-08-11  13:29    <DIR>          LILIANJIE\user             My
                   0 个文件              0 字节

     C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My
     的目录

    2008-08-11  13:29    <DIR>          LILIANJIE\user             .
    2008-08-11  13:29    <DIR>          LILIANJIE\user             ..
    2008-08-11  13:29    <DIR>          LILIANJIE\user             Certificates
    2008-08-11  13:29    <DIR>          LILIANJIE\user             CRLs
    2008-08-11  13:29    <DIR>          LILIANJIE\user             CTLs
                   0 个文件              0 字节

     C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My
    \Certificates 的目录

    2008-08-11  13:29    <DIR>          LILIANJIE\user             .
    2008-08-11  13:29    <DIR>          LILIANJIE\user             ..
                   0 个文件              0 字节

     C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My
    \CRLs 的目录

    2008-08-11  13:29    <DIR>          LILIANJIE\user             .
    2008-08-11  13:29    <DIR>          LILIANJIE\user             ..
                   0 个文件              0 字节

     C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My
    \CTLs 的目录

    2008-08-11  13:29    <DIR>          LILIANJIE\user             .
    2008-08-11  13:29    <DIR>          LILIANJIE\user             ..
                   0 个文件              0 字节

         所列文件总数:
                  10 个文件          4,384 字节
                  47 个目录 35,796,926,464 可用字节

    C:\Documents and Settings\user\Application Data\Microsoft>


    Wednesday, November 11, 2009 4:42 AM

Answers

  • C:\Documents and Settings\user\Application Data\Microsoft>dir /as /s /q

     驱动器 C 中的卷没有标签。

     卷的序列号是 D875-3440

     

     C:\Documents and Settings\user\Application Data\Microsoft 的目录

     

    2009-11-26  12:16    <DIR>          lilianjie\user             .

    2009-11-26  12:16    <DIR>          lilianjie\user             ..

    2009-05-21  09:02    <DIR>          lilianjie\user             Credentials

    2009-11-26  11:41    <DIR>          lilianjie\user             CryptnetUrlCache

    2009-05-21  09:03    <DIR>          lilianjie\user             Crypto

    2009-05-21  09:03    <DIR>          lilianjie\user             Protect

    2008-08-11  13:29    <DIR>          lilianjie\user             SystemCertificates

                   0 个文件              0 字节

     

     

     

    Stored User Names and Passwords

    It is not always desirable to use one set of credentials for access to different resources. For example, when an administrator accesses a remote server, you might want him or her to use administrative rather than user credentials. Similarly, if a user will be accessing external resources such as a bank account, you might prefer that he or she use credentials that are different than their network username and password.

    Stored User Names and Passwords in Control Panel simplifies the management and use of multiple sets of logon credentials, including X.509 certificates used with smart cards and Passport credentials. The credentials—part of the user's profile—are stored until needed. This can increase security on a per-resource basis by ensuring that if one password is compromised, it does not compromise all security.

    Note Microsoft Passport provides a single name and password that can be used on multiple Web sites.

    After a user logs on and attempts to access additional password-protected resources, such as a share on a server, and if the user's default logon credentials are not sufficient to gain access, Stored User Names and Passwords is queried. If alternate credentials with the correct logon information have been saved in Stored User Names and Passwords , these credentials are used to gain access. Otherwise, the user is prompted to supply new credentials, which can then be saved for reuse, either later in the logon session or during a subsequent session.

    Several restrictions apply:

    • If Stored User Names and Passwords contains invalid or incorrect credentials for a specific resource, access to the resource will be denied and the Stored User Names and Passwords dialog box will not appear.
    • Stored User Names and Passwords stores credentials only for NTLM, Kerberos, Passport, and SSL authentication. Microsoft Internet Explorer maintains its own cache for basic authentication.

    These credentials become an encrypted part of a user's local profile in the \Documents and Settings\Username\Application Data\Microsoft\Credentials directory. As a result, these credentials can roam with the user if the user's network policy supports Roaming Profiles. However, if you have copies of Stored User Names and Passwords on two different computers and change the credentials that are associated with the resource on one of these computers, the change will not be propagated to Stored User Names and Passwords on the second computer.

    To store a new user name and password

    1. In Control Panel , open User Accounts .
    2. On computers joined to a domain, click the Advanced tab, and then click Manage Passwords .

    – or –

    On computers not joined to a domain, click the icon that represents your user account, and then, under Related Tasks , click Manage your stored passwords .

    1. Click Add .单击添加
    2. Type the appropriate information in the spaces provided.

    Warning Educate your users about the importance of using strong passwords for all credentials stored in Stored User Names and Passwords.

    To store a Passport ID

    1. In Control Panel , open User Accounts .
    2. On computers not joined to a domain, click the icon that represents your user account, and then, under What do you want to change about your account? , click Create a Passport .

    – or –

    On computers joined to a domain, click the Advanced tab, and then click .NET Passport Wizard .

    1. Type the appropriate information in the spaces provided.
    2. In the When accessing box, type *.passport.com .

    Warning Some credentials are used infrequently. Others might be for extremely sensitive resources that the user wants to protect more carefully. When appropriate, have users store credentials for “This logon session only.” Credentials for a single logon session are typically stored by selecting the appropriate check box in the User Names and Passwords dialog box.

    Some administrators might not feel comfortable with allowing users to store network credentials for later use. This might be because of concerns about reduced security, or a potential increase in the number of account lockouts when credentials stored in User Names and Passwords expire. As a result, a Group Policy setting has been introduced to allow you to limit use of Stored User Names and Passwords .

    To limit use of Stored User Names and Passwords

    1. In the Group Policy MMC snap-in, double-click the Security Options folder (Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options).
    2. Right-click Network access: Do not allow storage of credentials or .NET Passports for network authentication.
    3. Click Enabled , and then click OK .

     

     

     

     

     

     

     C:\Documents and Settings\user\Application Data\Microsoft\Credentials 的目录

     

    2009-05-21  09:02    <DIR>          lilianjie\user             .

    2009-05-21  09:02    <DIR>          lilianjie\user             ..

    2009-05-21  09:02    <DIR>          lilianjie\user             S-1-5-21-1343024091-1

    682526488-839522115-1003

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\Credentials\S-1-5-21-

    1343024091-1682526488-839522115-1003 的目录

     

    2009-05-21  09:02    <DIR>          lilianjie\user             .

    2009-05-21  09:02    <DIR>          lilianjie\user             ..

                   0 个文件              0 字节

     

     

     

     

     

    When a certificate or CRL is retrieved via LDAP or HTTP by a Windows 2000 client with MS04-11, Windows XP SP2 client, or Windows Server 2003 client, it is cached by CAPI in the “Application Data” folder. The per-user cache location is “C:\Documents and Settings\{user name}\Application Data\Microsoft\CryptnetUrlCache” and the per-machine cache location is “%WINDIR%\System32\config\SystemProfile\Application Data\Microsoft\CryptnetUrlCache”.

     

     

     

    C:\WINDOWS\system32\config>dir /ad /q /s

     驱动器 C 中的卷没有标签。

     卷的序列号是 D875-3440

     

     C:\WINDOWS\system32\config 的目录

     

    2008-08-25  16:17    <DIR>          BUILTIN\Administrators .

    2008-08-25  16:17    <DIR>          BUILTIN\Administrators ..

    2008-08-11  13:37    <DIR>          ...                    systemprofile

                   0 个文件              0 字节

     

         所列文件总数:

                   0 个文件              0 字节

                   3 个目录 18,512,166,912 可用字节

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache 的目

     

    2009-11-26  11:41    <DIR>          lilianjie\user             .

    2009-11-26  11:41    <DIR>          lilianjie\user             ..

    2009-11-26  12:16    <DIR>          lilianjie\user             Content

    2009-11-26  12:16    <DIR>          lilianjie\user             MetaData

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Cont

    ent 的目录

     

    2009-11-26  12:16    <DIR>          lilianjie\user             .

    2009-11-26  12:16    <DIR>          lilianjie\user             ..

    2009-11-26  12:16               558 lilianjie\user             A44F4E7CB3133FF765C39

    A53AD8FCFDD

    2009-11-26  11:41             1,310 lilianjie\user             C554DCF706A5AAB8B360F

    AD227EAB9C7

    2009-11-26  11:41             2,214 lilianjie\user             E8974A4669383843486E5

    AFDB09650F5

                   3 个文件          4,082 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Meta

    Data 的目录

     

    2009-11-26  12:16    <DIR>          lilianjie\user             .

    2009-11-26  12:16    <DIR>          lilianjie\user             ..

    2009-11-26  12:16               146 lilianjie\user             A44F4E7CB3133FF765C39

    A53AD8FCFDD

    2009-11-26  11:41               100 lilianjie\user             C554DCF706A5AAB8B360F

    AD227EAB9C7

    2009-11-26  11:41               124 lilianjie\user             E8974A4669383843486E5

    AFDB09650F5

                   3 个文件            370 字节

     

    ·                         Private keys for the Microsoft RSAbased CSPs, including the Base CSP and the Enhanced CSP, reside in the user profile under RootDirectory \Documents and Settings\< username >\Application Data\Microsoft\Crypto\RSA. In the case of a roaming user profile, the private key resides in the RSA folder on the domain controller and is downloaded to the user's computer until the user logs off or the computer is restarted.

    Unlike their corresponding public keys, private keys must be protected. Therefore, all files in the RSA folder are automatically encrypted with a random, symmetric key called the user's master key. The user's master key is generated by the RC4 algorithm in the Base or Enhanced CSP. RC4 generates a 128-bit key for computers with the Enhanced CSP (subject to cryptography export restrictions) and a 56-bit key for computers with only the Base CSP (available for all Windows 2000 computers). The master key is generated automatically and is renewed periodically. It encrypts each file in the RSA folder automatically as the file is created.

    The RSA folder must never be renamed or moved because this is the only place the CSPs look for private keys. Therefore, it is advisable to provide additional security. The administrator can provide additional file system security for users' computers or use roaming profiles.

     

     

     

     

     

     

     C:\Documents and Settings\user\Application Data\Microsoft\Crypto 的目录

     

    2009-05-21  09:03    <DIR>          lilianjie\user             .

    2009-05-21  09:03    <DIR>          lilianjie\user             ..

    2009-05-21  09:03    <DIR>          lilianjie\user             RSA

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA 的目录

     

    2009-05-21  09:03    <DIR>          lilianjie\user             .

    2009-05-21  09:03    <DIR>          lilianjie\user             ..

    2009-05-21  09:03    <DIR>          lilianjie\user             S-1-5-21-1343024091-1

    682526488-839522115-1003

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1

    343024091-1682526488-839522115-1003 的目录

     

    2009-05-21  09:03    <DIR>          lilianjie\user             .

    2009-05-21  09:03    <DIR>          lilianjie\user             ..

    2009-06-01  08:22                61 lilianjie\user             d1adb89f57202f6f2b1b0

    c17c20f91ff_7af661bb-c176-4e00-9bfa-39a407ce9229

    2009-05-21  09:03                45 lilianjie\user             f58155b4b1d5a524ca026

    1c3ee99fb50_7af661bb-c176-4e00-9bfa-39a407ce9229

                   2 个文件            106 字节

     

     

     

     

     

     

     

     

     

     

     

     

     

     


    fei
    Thursday, November 26, 2009 6:10 AM

All replies

  • find some detals:



    How Private Keys Are Stored

    Private keys for the Microsoft RSAbased CSPs, including the Base CSP and the Enhanced CSP, reside in the user profile under RootDirectory \Documents and Settings\< username >\Application Data\Microsoft\Crypto\RSA. In the case of a roaming user profile, the private key resides in the RSA folder on the domain controller and is downloaded to the user's computer until the user logs off or the computer is restarted.

    Unlike their corresponding public keys, private keys must be protected. Therefore, all files in the RSA folder are automatically encrypted with a random, symmetric key called the user's master key. The user's master key is generated by the RC4 algorithm in the Base or Enhanced CSP. RC4 generates a 128-bit key for computers with the Enhanced CSP (subject to cryptography export restrictions) and a 56-bit key for computers with only the Base CSP (available for all Windows 2000 computers). The master key is generated automatically and is renewed periodically. It encrypts each file in the RSA folder automatically as the file is created.

    The RSA folder must never be renamed or moved because this is the only place the CSPs look for private keys. Therefore, it is advisable to provide additional security. The administrator can provide additional file system security for users' computers or use roaming profiles.

    You should protect private keys for recovery, which is critical for backup, by exporting the certificate and private key to a floppy disk or other medium, storing the floppy disk or other medium securely, and then deleting the private key from the computer. This preserves the file from a system crash and makes it unavailable for cracking. To decrypt a data file, the recovery agent administrator inserts the floppy disk or other medium and imports the certificate and private key to the recovery agent account. For more information about how to secure recovery keys, see Windows 2000 Server Help.

    Protect Folder

    The user's master key is itself encrypted automatically by the Protected Storage service and stored in the user profile under RootDirectory \Documents and Settings\< username >\Application Data\Microsoft\Protect. For a domain user who has a roaming profile, the master key resides on the domain controller and is downloaded to the user's profile on the local computer until the computer is restarted.

    The user's master key is encrypted twice, and each instance of encryption is stored in one of two parts of the Protect file. The first part, the password encryption key, is produced by the Hash-Based Message Authentication Code (HMAC) and SHA1 message digest function and is a hash of:

    • A symmetric encryption of the user's master key produced by 160-bit RC4.

    • The user's security identifier (SID).

    • The user's logon password.

    The second part is the backup/restore form of the master key. This is needed if the user's password is changed on one computer but the keys are in the user profile on another computer, or if the administrator resets the user's password. In either case, the Protected Storage service, which cannot detect password changes to update Part 1, uses Part 2 to recover the master key and regenerate Part 1.

    To create the backup part of the file, the encrypted user's master key is sent on to the Protected Storage service on the domain controller. That service uses HMAC and SHA1 again to make a hash of the data it has received along with the domain controller's own backup/restore master key, and sends that back to the user's computer to store in the Protect file. These transmissions are authenticated (signed and encrypted) by way of remote procedure calls so that the user's master key never goes over the wire in plaintext.

    The domain controllers backup/restore master key is stored on the system as a global local security authority (LSA) secret in the HKEY_LOCAL_MACHINE/SAM key in the registry and is replicated over the network by means of Active Directory. (Global LSA secrets are objects provided by the LSA to enable system services to store private data securely.)

    caution-icon Caution

    Do not use a registry editor to edit the registry directly unless you have no alternative. The registry editors bypass the standard safeguards provided by administrative tools. These safeguards prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your system. Editing the registry directly can have serious, unexpected consequences that can prevent the system from starting and require that you reinstall Windows 2000. To configure or customize Windows 2000, use the programs in Control Panel or Microsoft Management Console (MMC) whenever possible.

    The System Certificates, RSA, and Protect folders have their system attributes set. This prevents the files in them from being encrypted by EFS, which would make them inaccessible.


    http://technet.microsoft.com/en-us/library/cc962112.aspx


    fei
    Thursday, November 26, 2009 4:27 AM
  • windows 2003  no internet 





    fei
    Thursday, November 26, 2009 4:38 AM
  • C:\Documents and Settings\user\Application Data\Microsoft>dir /as /s /q

     驱动器 C 中的卷没有标签。

     卷的序列号是 D875-3440

     

     C:\Documents and Settings\user\Application Data\Microsoft 的目录

     

    2009-11-26  12:16    <DIR>          lilianjie\user             .

    2009-11-26  12:16    <DIR>          lilianjie\user             ..

    2009-05-21  09:02    <DIR>          lilianjie\user             Credentials

    2009-11-26  11:41    <DIR>          lilianjie\user             CryptnetUrlCache

    2009-05-21  09:03    <DIR>          lilianjie\user             Crypto

    2009-05-21  09:03    <DIR>          lilianjie\user             Protect

    2008-08-11  13:29    <DIR>          lilianjie\user             SystemCertificates

                   0 个文件              0 字节

     

     

     

    Stored User Names and Passwords

    It is not always desirable to use one set of credentials for access to different resources. For example, when an administrator accesses a remote server, you might want him or her to use administrative rather than user credentials. Similarly, if a user will be accessing external resources such as a bank account, you might prefer that he or she use credentials that are different than their network username and password.

    Stored User Names and Passwords in Control Panel simplifies the management and use of multiple sets of logon credentials, including X.509 certificates used with smart cards and Passport credentials. The credentials—part of the user's profile—are stored until needed. This can increase security on a per-resource basis by ensuring that if one password is compromised, it does not compromise all security.

    Note Microsoft Passport provides a single name and password that can be used on multiple Web sites.

    After a user logs on and attempts to access additional password-protected resources, such as a share on a server, and if the user's default logon credentials are not sufficient to gain access, Stored User Names and Passwords is queried. If alternate credentials with the correct logon information have been saved in Stored User Names and Passwords , these credentials are used to gain access. Otherwise, the user is prompted to supply new credentials, which can then be saved for reuse, either later in the logon session or during a subsequent session.

    Several restrictions apply:

    • If Stored User Names and Passwords contains invalid or incorrect credentials for a specific resource, access to the resource will be denied and the Stored User Names and Passwords dialog box will not appear.
    • Stored User Names and Passwords stores credentials only for NTLM, Kerberos, Passport, and SSL authentication. Microsoft Internet Explorer maintains its own cache for basic authentication.

    These credentials become an encrypted part of a user's local profile in the \Documents and Settings\Username\Application Data\Microsoft\Credentials directory. As a result, these credentials can roam with the user if the user's network policy supports Roaming Profiles. However, if you have copies of Stored User Names and Passwords on two different computers and change the credentials that are associated with the resource on one of these computers, the change will not be propagated to Stored User Names and Passwords on the second computer.

    To store a new user name and password

    1. In Control Panel , open User Accounts .
    2. On computers joined to a domain, click the Advanced tab, and then click Manage Passwords .

    – or –

    On computers not joined to a domain, click the icon that represents your user account, and then, under Related Tasks , click Manage your stored passwords .

    1. Click Add .单击添加
    2. Type the appropriate information in the spaces provided.

    Warning Educate your users about the importance of using strong passwords for all credentials stored in Stored User Names and Passwords.

    To store a Passport ID

    1. In Control Panel , open User Accounts .
    2. On computers not joined to a domain, click the icon that represents your user account, and then, under What do you want to change about your account? , click Create a Passport .

    – or –

    On computers joined to a domain, click the Advanced tab, and then click .NET Passport Wizard .

    1. Type the appropriate information in the spaces provided.
    2. In the When accessing box, type *.passport.com .

    Warning Some credentials are used infrequently. Others might be for extremely sensitive resources that the user wants to protect more carefully. When appropriate, have users store credentials for “This logon session only.” Credentials for a single logon session are typically stored by selecting the appropriate check box in the User Names and Passwords dialog box.

    Some administrators might not feel comfortable with allowing users to store network credentials for later use. This might be because of concerns about reduced security, or a potential increase in the number of account lockouts when credentials stored in User Names and Passwords expire. As a result, a Group Policy setting has been introduced to allow you to limit use of Stored User Names and Passwords .

    To limit use of Stored User Names and Passwords

    1. In the Group Policy MMC snap-in, double-click the Security Options folder (Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options).
    2. Right-click Network access: Do not allow storage of credentials or .NET Passports for network authentication.
    3. Click Enabled , and then click OK .

     

     

     

     

     

     

     C:\Documents and Settings\user\Application Data\Microsoft\Credentials 的目录

     

    2009-05-21  09:02    <DIR>          lilianjie\user             .

    2009-05-21  09:02    <DIR>          lilianjie\user             ..

    2009-05-21  09:02    <DIR>          lilianjie\user             S-1-5-21-1343024091-1

    682526488-839522115-1003

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\Credentials\S-1-5-21-

    1343024091-1682526488-839522115-1003 的目录

     

    2009-05-21  09:02    <DIR>          lilianjie\user             .

    2009-05-21  09:02    <DIR>          lilianjie\user             ..

                   0 个文件              0 字节

     

     

     

     

     

    When a certificate or CRL is retrieved via LDAP or HTTP by a Windows 2000 client with MS04-11, Windows XP SP2 client, or Windows Server 2003 client, it is cached by CAPI in the “Application Data” folder. The per-user cache location is “C:\Documents and Settings\{user name}\Application Data\Microsoft\CryptnetUrlCache” and the per-machine cache location is “%WINDIR%\System32\config\SystemProfile\Application Data\Microsoft\CryptnetUrlCache”.

     

     

     

    C:\WINDOWS\system32\config>dir /ad /q /s

     驱动器 C 中的卷没有标签。

     卷的序列号是 D875-3440

     

     C:\WINDOWS\system32\config 的目录

     

    2008-08-25  16:17    <DIR>          BUILTIN\Administrators .

    2008-08-25  16:17    <DIR>          BUILTIN\Administrators ..

    2008-08-11  13:37    <DIR>          ...                    systemprofile

                   0 个文件              0 字节

     

         所列文件总数:

                   0 个文件              0 字节

                   3 个目录 18,512,166,912 可用字节

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache 的目

     

    2009-11-26  11:41    <DIR>          lilianjie\user             .

    2009-11-26  11:41    <DIR>          lilianjie\user             ..

    2009-11-26  12:16    <DIR>          lilianjie\user             Content

    2009-11-26  12:16    <DIR>          lilianjie\user             MetaData

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Cont

    ent 的目录

     

    2009-11-26  12:16    <DIR>          lilianjie\user             .

    2009-11-26  12:16    <DIR>          lilianjie\user             ..

    2009-11-26  12:16               558 lilianjie\user             A44F4E7CB3133FF765C39

    A53AD8FCFDD

    2009-11-26  11:41             1,310 lilianjie\user             C554DCF706A5AAB8B360F

    AD227EAB9C7

    2009-11-26  11:41             2,214 lilianjie\user             E8974A4669383843486E5

    AFDB09650F5

                   3 个文件          4,082 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Meta

    Data 的目录

     

    2009-11-26  12:16    <DIR>          lilianjie\user             .

    2009-11-26  12:16    <DIR>          lilianjie\user             ..

    2009-11-26  12:16               146 lilianjie\user             A44F4E7CB3133FF765C39

    A53AD8FCFDD

    2009-11-26  11:41               100 lilianjie\user             C554DCF706A5AAB8B360F

    AD227EAB9C7

    2009-11-26  11:41               124 lilianjie\user             E8974A4669383843486E5

    AFDB09650F5

                   3 个文件            370 字节

     

    ·                         Private keys for the Microsoft RSAbased CSPs, including the Base CSP and the Enhanced CSP, reside in the user profile under RootDirectory \Documents and Settings\< username >\Application Data\Microsoft\Crypto\RSA. In the case of a roaming user profile, the private key resides in the RSA folder on the domain controller and is downloaded to the user's computer until the user logs off or the computer is restarted.

    Unlike their corresponding public keys, private keys must be protected. Therefore, all files in the RSA folder are automatically encrypted with a random, symmetric key called the user's master key. The user's master key is generated by the RC4 algorithm in the Base or Enhanced CSP. RC4 generates a 128-bit key for computers with the Enhanced CSP (subject to cryptography export restrictions) and a 56-bit key for computers with only the Base CSP (available for all Windows 2000 computers). The master key is generated automatically and is renewed periodically. It encrypts each file in the RSA folder automatically as the file is created.

    The RSA folder must never be renamed or moved because this is the only place the CSPs look for private keys. Therefore, it is advisable to provide additional security. The administrator can provide additional file system security for users' computers or use roaming profiles.

     

     

     

     

     

     

     C:\Documents and Settings\user\Application Data\Microsoft\Crypto 的目录

     

    2009-05-21  09:03    <DIR>          lilianjie\user             .

    2009-05-21  09:03    <DIR>          lilianjie\user             ..

    2009-05-21  09:03    <DIR>          lilianjie\user             RSA

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA 的目录

     

    2009-05-21  09:03    <DIR>          lilianjie\user             .

    2009-05-21  09:03    <DIR>          lilianjie\user             ..

    2009-05-21  09:03    <DIR>          lilianjie\user             S-1-5-21-1343024091-1

    682526488-839522115-1003

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1

    343024091-1682526488-839522115-1003 的目录

     

    2009-05-21  09:03    <DIR>          lilianjie\user             .

    2009-05-21  09:03    <DIR>          lilianjie\user             ..

    2009-06-01  08:22                61 lilianjie\user             d1adb89f57202f6f2b1b0

    c17c20f91ff_7af661bb-c176-4e00-9bfa-39a407ce9229

    2009-05-21  09:03                45 lilianjie\user             f58155b4b1d5a524ca026

    1c3ee99fb50_7af661bb-c176-4e00-9bfa-39a407ce9229

                   2 个文件            106 字节

     

     

     

     

     

     

     

     

     

     

     

     

     

     


    fei
    Thursday, November 26, 2009 6:10 AM
  • ·                         The user's master key is itself encrypted automatically by the Protected Storage service and stored in the user profile under RootDirectory \Documents and Settings\< username >\Application Data\Microsoft\Protect. For a domain user who has a roaming profile, the master key resides on the domain controller and is downloaded to the user's profile on the local computer until the computer is restarted.

    The user's master key is encrypted twice, and each instance of encryption is stored in one of two parts of the Protect file. The first part, the password encryption key, is produced by the Hash-Based Message Authentication Code (HMAC) and SHA1 message digest function and is a hash of:

    o                        A symmetric encryption of the user's master key produced by 160-bit RC4.

    o                        The user's security identifier (SID).

    o                        The user's logon password.

    The second part is the backup/restore form of the master key. This is needed if the user's password is changed on one computer but the keys are in the user profile on another computer, or if the administrator resets the user's password. In either case, the Protected Storage service, which cannot detect password changes to update Part 1, uses Part 2 to recover the master key and regenerate Part 1.

    To create the backup part of the file, the encrypted user's master key is sent on to the Protected Storage service on the domain controller. That service uses HMAC and SHA1 again to make a hash of the data it has received along with the domain controller's own backup/restore master key, and sends that back to the user's computer to store in the Protect file. These transmissions are authenticated (signed and encrypted) by way of remote procedure calls so that the user's master key never goes over the wire in plaintext.

    The domain controllers backup/restore master key is stored on the system as a global local security authority (LSA) secret in the HKEY_LOCAL_MACHINE/SAM key in the registry and is replicated over the network by means of Active Directory. (Global LSA secrets are objects provided by the LSA to enable system services to store private data securely.)

     

     

     C:\Documents and Settings\user\Application Data\Microsoft\Protect 的目录

     

    2009-05-21  09:03    <DIR>          lilianjie\user             .

    2009-05-21  09:03    <DIR>          lilianjie\user             ..

    2009-05-21  09:03                24 lilianjie\user             CREDHIST

    2009-09-04  08:38    <DIR>          lilianjie\user             S-1-5-21-1343024091-1

    682526488-839522115-1003

                   1 个文件             24 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1343

    024091-1682526488-839522115-1003 的目录

     

    2009-09-04  08:38    <DIR>          lilianjie\user             .

    2009-09-04  08:38    <DIR>          lilianjie\user             ..

    2009-09-04  08:38               388 lilianjie\user             a82c3ef6-aec5-4306-9a

    d7-82916a3861f2

    2009-05-21  09:03               388 lilianjie\user             f47bfb48-6f54-4410-8f

    ea-d832c8824271

    2009-09-04  08:38                24 lilianjie\user             Preferred

                   3 个文件            800 字节

     

     

     

     

     

     

     

    • The certificate is encoded as a binary large object and stored as a binary value in the following file location:

    %Userprofile%\Application Data\Microsoft\SystemCertificates\My\Certificates

     

     

     C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates

    目录

     

    2008-08-11  13:29    <DIR>          lilianjie\user             .

    2008-08-11  13:29    <DIR>          lilianjie\user             ..

    2008-08-11  13:29    <DIR>          lilianjie\user             My

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My

     的目录

     

    2008-08-11  13:29    <DIR>          lilianjie\user             .

    2008-08-11  13:29    <DIR>          lilianjie\user             ..

    2008-08-11  13:29    <DIR>          lilianjie\user             Certificates

    2008-08-11  13:29    <DIR>          lilianjie\user             CRLs

    2008-08-11  13:29    <DIR>          lilianjie\user             CTLs

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My

    \Certificates 的目录

     

    2008-08-11  13:29    <DIR>          lilianjie\user             .

    2008-08-11  13:29    <DIR>          lilianjie\user             ..

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My

    \CRLs 的目录

     

    2008-08-11  13:29    <DIR>          lilianjie\user             .

    2008-08-11  13:29    <DIR>          lilianjie\user             ..

                   0 个文件              0 字节

     

     C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My

    \CTLs 的目录

     

    2008-08-11  13:29    <DIR>          lilianjie\user             .

    2008-08-11  13:29    <DIR>          lilianjie\user             ..

                   0 个文件              0 字节

     

         所列文件总数:

                  14 个文件          8,132 字节

                  47 个目录 23,564,648,448 可用字节

     


    fei
    Thursday, November 26, 2009 6:11 AM
  • C:\Documents and Settings\user\Application Data\Microsoft\Protect\ CREDHIST


    fei
    Thursday, November 26, 2009 6:28 AM