The reason why DPAPI doesn't require administrator rights is Is it because it uses the user's password as the key value? If I am mistaken, please comment.
Sorry for My English skills. Have a nice day!
Asked
Active
Viewed 91 times
1 Answers
0
DPAPI encrypts some secret value using a key that is ultimately derived from your credentials in Windows (can be a domain secret too, or some public key certificate even, but on a typical computer knowing the password (or actually its SHA1-hash, or in a domain its NT hash) is enough. It's often even tied to specific computers, but can be set up so as to allow domain-credentials to work on every machine you have logon rights on for that domain. It's quite flexible.
Henno Brandsma
- 2,116
- 11
- 12