Axiom User Account ...
 
Notifications
Clear all

Axiom User Account Information

5 Posts
3 Users
0 Likes
685 Views
(@clou93)
Posts: 4
New Member
Topic starter
 

Hi,

Can anybody let me know if they have had issues with Axiom reporting that a user account has a password applied to it…yet when powered up in VFC, no password is required and boots straight into said account.

Thanks!

 
Posted : 25/06/2018 2:15 pm
(@mcman)
Posts: 189
Estimable Member
 

Without looking at the exact column, I can't be 100% certain but there is a column doesn't say whether there's a password or not, it's from the registry and tracks whether a password is required or not. It's a subtle difference but pretty common as it's part of the user's registry profiles and what's available.

let me know if that's the column you're looking at or if it's something else.

Jamie
Magnet Forensics

 
Posted : 25/06/2018 2:42 pm
(@clou93)
Posts: 4
New Member
Topic starter
 

Hi Jamie,

Thanks for your response, I hope the below helps

I am looking at at 'user accounts'. When looking at a particular user's account, in the pane on the right hand side it states 'password required' and is marked 'True'.

Further down from that there is a 'login count' which shows a number in the thousands.

From the information supplied by Axiom, one would assume that the desktop is password protected - this is not the case after booting it up into VFC.

Thanks

 
Posted : 25/06/2018 2:47 pm
(@chad131)
Posts: 63
Trusted Member
 

It's possible for a user to have a password, but auto login enabled not requiring it to be entered…

 
Posted : 25/06/2018 2:53 pm
(@mcman)
Posts: 189
Estimable Member
 

Hi Jamie,

Thanks for your response, I hope the below helps

I am looking at at 'user accounts'. When looking at a particular user's account, in the pane on the right hand side it states 'password required' and is marked 'True'.

Further down from that there is a 'login count' which shows a number in the thousands.

From the information supplied by Axiom, one would assume that the desktop is password protected - this is not the case after booting it up into VFC.

Thanks

Interesting, do you know if it's a domain account or no? GPO can force a pw, if not domain, it can be separate.

As Chad mentioned, it's definitely possible to have it required but not actually have a password. Those things are not related.

We also have a column for LM/NTLM pw hash, do you have anything in that column? as we will check for a hash (which again, is separate from the registry key checking if a password is required or not).

 
Posted : 25/06/2018 3:11 pm
Share: