Windows has 2 types of security, local and domain. LSA or Local Security Authority is defined by Microsoft as “A protected subsystem that authenticates and logs users onto the local system. LSA also maintains information about all aspects of local security on a system, collectively known as the Local Security Policy of the system. In addition to housing policy information, the LSA provides services for translation between names and security identifiers (SIDs).” The process that is responsible for this is Local Security Authority Subsystem Service (LSASS.EXE)

The private database for LSA is called LSA Secrets and they are stored HKEY_LOCAL_MACHINESecurityPolicySecrets. These registry settings are all encrypted, but you should be able to find some software that allows you to view this information, LSADump, LSASecretsDump, pwdumpx, gsecdump, and Cain & Able are just a few that can.

Sources:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms721592%28v=vs.85%29.aspx#_security_local_security_authority_gly
http://msdn.microsoft.com/en-us/library/windows/desktop/aa378326%28v=vs.85%29.aspx
http://security.widyani.com/windows-security/windows-security-authority-with-local-security-authority-lsa.html
http://www.passcape.com/index.php?section=docsys&cmd=details&id=23

Advertisements