Password Storage Locations For Popular Windows Applications

Many people ask me about the location in the Registry or file system that Windows applications store the passwords. So I prepared a list of password storage locations for more than 20 popular applications and Windows components.

Be aware that even if you know the location of the saved password, it doesn't mean that you can move it from one computer to another. many applications store the passwords in a way that prevent you from moving them to another computer or user profile.
However, you can use this information to remove unwanted saved passwords from your system.

• Windows Network Passwords (XP/Vista/2003): When you connect to the file system of another computer on your network (something like \\MyComp\MyFolder), Windows allows you to save the password. If you choose to save the password, the encrypted password is stored in a credential file.
  The credential file is stored in the following locations:
  • Windows XP/2003: [Windows Profile]\Application Data\Microsoft\Credentials\[User SID]\Credentials and [Windows Profile]\Local Settings\Application Data\Microsoft\Credentials\[User SID]\Credentials
  • Windows Vista: [Windows Profile]\AppData\Roaming\Microsoft\Credentials\[Random ID] and [Windows Profile]\AppData\Local\Microsoft\Credentials\[Random ID]

  You can use my Network Password Recovery utility to view all passwords stored in these Credentials files.

• Dialup/VPN Passwords (2000/XP/Vista/2003): Dialup/VPN passwords are stored as LSA secrets under HKEY_LOCAL_MACHINE\Security\Policy\Secrets. This key contains multiple sub-keys, and the sub-keys which store the dialup passwords contains one of the following strings: RasDefaultCredentials and RasDialParams.

  This key is not accessible from RegEdit and other tools by default, but you can use one of the following methods to access this key:

  1. Use at command to run RegEdit.exe as SYSTEM user: (doesn't work under Vista)
     For Example:
     at 16:14 /interactive regedit.exe
  2. Change the permission of entire Security key. If you do that, it's recommeneded to return the permissions back to the original after you finish.

• Internet Explorer 4.00 - 6.00: The passwords are stored in a secret location in the Registry known as the "Protected Storage". The base key of the Protected Storage is located under the following key: "HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider". In order to view the subkeys of this key in RegEdit, you must do the same process as explained for the LSA secrets.
  Even when you browse the above key in the Registry Editor (RegEdit), you won't be able to watch the passwords, because they are encrypted. Also, this key cannot easily moved from one computer to another, like you do with regular Registry keys.

  IE PassView and Protected Storage PassView utilities allow you to recover these passwords.

• Internet Explorer 7.00 - 8.00: The new versions of Internet Explorer stores the passwords in 2 different locations. AutoComplete passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2. HTTP Authentication passwords are stored in the Credentials file under Documents and Settings\Application Data\Microsoft\Credentials , together with login passwords of LAN computers and other passwords.

  IE PassView can be used to recover these passwords.

  More on: http://www.nirsoft.net/articles/saved_password_location.html

Easy way to install windows 7 or Vista on a Netbook using usb flash drive

Creating Bootable Vista / Windows 7 USB Flash Drive

It surprised me to find that there are very few dead-simple guides to creating a bootable USB thumb/pen/flash drive for a Vista and/or Windows 7 installation. I cobbled together the following from VistaPCGuy and another source I don’t remember right now.

This will walk through the steps to create a bootable USB flash drive for the purpose of installing a Vista or Windows 7 OS. These instructions assume that you have a computer with Windows Vista installed on it.

Required:

USB Flash Drive (4GB+)

Microsoft OS Disk (Vista / Windows 7)

A computer running Vista / Windows 7

Step 1: Format the Drive

The steps here are to use the command line to format the disk properly using the diskpart utility. [Be warned: this will erase everything on your drive. Be careful.]

Plug in your USB Flash Drive

Open a command prompt as administrator (Right click on Start > All Programs > Accessories > Command Prompt and select “Run as administrator”

Find the drive number of your USB Drive by typing the following into the Command Prompt window:

- diskpart

- list disk

The number of your USB drive will listed. You’ll need this for the next step. I’ll assume that the USB flash drive is disk 1.

Format the drive by typing the next instructions into the same window. Replace the number “1” with the number of your disk below.

- select disk 1

- clean
- create partition primary

- select partition 1

- active

- format fs=NTFS

- assign

- exit

When that is done you’ll have a formatted USB flash drive ready to be made bootable.

Step 2: Make the Drive Bootable

Next we’ll use the bootsect utility that comes on the Vista or Windows 7 disk to make the flash drive bootable. In the same command window that you were using in Step 1:

Insert your Windows Vista / 7 DVD into your drive.

Change directory to the DVD’s boot directory where bootsect lives:

d:

cd d:\boot

Use bootsect to set the USB as a bootable NTFS drive prepared for a Vista/7 image. I’m assuming that your USB flash drive has been labeled disk G:\ by the computer:

bootsect /nt60 g:

You can now close the command prompt window, we’re done here.

Step 3: Copy the installation DVD to the USB drive

The easiest way is to use Windows explorer to copy all of the files on your DVD on to the formatted flash drive. After you’ve copied all of the files the disk you are ready to go.

Step 4: Set your BIOS to boot from USB

This is where you’re on your own since every computer is different. Most BIOS’s allow you to hit a key at F2

Disable or Remove virus which acts as debugger of explorer.exe

This virus tricked with a small change as other viruses. Other viruses places itself on windows startup which loads them but this virus simply makes a debugger of explorer.exe which is the main execution file of windows. Thus resulting in loading itself everytime windows runs.

Its state as a debugger to explorer.exe is defined by registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

To unset that either remove that key or rename the explorer.exe file and set the renamed file as the shell name in :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell->renamed filename

Disable Startup Items in Windows

A simple command msconfig starts a small utility program of windows which helps control the start up most of all the startup programs...

Steps:

1. Simple type msconfig in run and press enter.
2. Click on startup tab
3. Check/uncheck the program names from the list that we want to start at the startup.

*Note:

• From here we can stop almost all virus file execution at startup.
• It does not stops the debugger program which has been release as virus late 2009. A small worm tricked and starts itself as a debugger of explorer.exe. And removing that virus would halts loading of explorer.exe program making windows fail to login.

Enable or Disable Hibernate in Windows Vista or above

Hibernate options has been hidden in windows vista.

It can be enabled via powercfg command from command line.

To Enable:

powercfg /hibernate on

To Disable:

powercfg /hibernate off

*note

- To effect both command we have to be logged on as administrator.

- Command prompt should be opened using administrative power.

To open/run command prompt with administrative power

- Right Click on command prompt shortcut iocn

- Choose run as administrator

- Enter password if required.