Originally posted by SimonMac
View Post
Holds the (encrypted) user details and password associated with the accounts SID. Delete that and the account remains but the password is blanked.
If you want to exercise a little more finess you can delete the password hash from the file for the account you want access to.
If you want even more finesse you remove the hash, get into the account, do what you want with it, put the hash back, fiddle the file modification time on the SAM, and no-one will know you were there ( well, not without some pukka forensics anyway).
Leave a comment: