ÿþWindows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"auditbaseobjects"=dword:00000000

"auditbasedirectories"=dword:00000000

"crashonauditfail"=dword:00000000

"fullprivilegeauditing"=hex:00

"Bounds"=hex:00,30,00,00,00,20,00,00

"LimitBlankPasswordUse"=dword:00000001

"NoLmHash"=dword:00000001

"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,72,00,\

  61,00,73,00,73,00,66,00,6d,00,00,00,00,00

"Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\

  00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\

  6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,74,\

  00,73,00,70,00,6b,00,67,00,00,00,70,00,6b,00,75,00,32,00,75,00,00,00,00,00

"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\

  00

"LsaPid"=dword:0000020c

"SecureBoot"=dword:00000001

"ProductType"=dword:0000000a

"disabledomaincreds"=dword:00000000

"everyoneincludesanonymous"=dword:00000000

"forceguest"=dword:00000000

"restrictanonymous"=dword:00000000

"restrictanonymoussam"=dword:00000001

"DisableLoopbackCheck"=dword:00000001



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]

"MartaExtension"="ntmarta.dll"

"ProviderOrder"=hex(7):57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4e,00,\

  54,00,20,00,41,00,63,00,63,00,65,00,73,00,73,00,20,00,50,00,72,00,6f,00,76,\

  00,69,00,64,00,65,00,72,00,00,00,00,00



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]

"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\

  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\

  6e,00,74,00,6d,00,61,00,72,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditPolicy]

"AuditPolicySD"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,\

  eb,01,00,00,00,59,21,ea,43,dc,28,07,45,90,bd,75,1f,19,e7,db,5d,00,00,00,20,\

  1c,00,00,00,41,00,75,00,64,00,69,00,74,00,50,00,6f,00,6c,00,69,00,63,00,79,\

  00,53,00,44,00,00,00,10,66,00,00,00,01,00,00,20,00,00,00,eb,bd,c0,20,08,5d,\

  51,e3,f3,1d,f9,80,0e,4b,6b,ab,90,bb,7f,da,19,95,9e,fd,70,a2,93,c0,cb,35,ff,\

  a7,00,00,00,00,0e,80,00,00,00,02,00,00,20,00,00,00,1a,ea,63,bf,78,8e,73,aa,\

  13,21,d4,0d,f1,46,cd,ea,cc,a3,07,69,a8,9f,c8,88,d4,5a,f3,fc,5a,58,88,0a,70,\

  00,00,00,a4,48,2f,f1,0c,2f,e9,5a,23,9e,b2,b7,93,88,7a,da,30,64,9a,48,4d,9d,\

  31,38,49,c7,21,c9,41,6a,cd,ec,b0,16,6e,b8,e0,3b,35,09,69,10,c2,78,4c,79,e6,\

  56,6e,b1,d4,ae,ff,fb,92,04,e1,32,30,b3,71,89,db,51,e0,ec,b9,03,26,45,c4,97,\

  19,08,57,f2,10,53,dd,b9,84,f5,4c,eb,fc,ed,f1,45,50,69,65,c3,70,ef,9a,98,49,\

  b0,e3,e7,d1,47,42,59,72,77,17,49,02,a8,e6,fb,40,00,00,00,b8,6a,0f,7e,18,6e,\

  76,ed,5c,72,20,ad,67,ca,80,17,ab,aa,4c,0a,3a,45,d9,4b,c6,13,b7,4c,b7,2e,46,\

  a3,17,5f,f7,ee,7d,66,62,23,90,f6,48,d9,81,75,21,06,25,60,10,bd,2d,37,08,f4,\

  a3,e1,31,60,4c,b0,a9,dc



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CachedMachineNames]

"NameUserPrincipal"="SAAS-WFE1$@cadac.local"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]

"DebugLogLevel"=dword:00000000



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentials]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnly]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnlyDomain]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentials]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentials]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsDomain]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnly]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnlyDomain]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\DenyDefaultCredentials]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\DenyDefaultCredentialsDomain]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\DenyFreshCredentials]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\DenyFreshCredentialsDomain]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\DenySavedCredentials]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\DenySavedCredentialsDomain]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]

"Pattern"=hex:39,47,95,53,b3,56,d3,73,7f,c8,7d,04,4e,1c,c3,01



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]

"Enabled"=dword:00000000



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]

"GrafBlumGroup"=hex:3b,9f,7e,e9,1a,4b,71,1a,08



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]

"Lookup"=hex:65,8f,4e,89,29,17



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\HostToRealm]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]

"Auth132"="IISSUBA"

"NtlmMinClientSec"=dword:20000000

"NtlmMinServerSec"=dword:20000000

"Auth2"="RASSFM"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]

"SkewMatrix"=hex:64,da,2d,23,1c,33,de,05,07,ab,22,59,fc,d0,58,df



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]

"SSOURL"="http://www.passport.com"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]

"Time"=hex:b7,f0,9d,1f,6b,1c,cc,01



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\credssp.dll]

"Name"="CREDSSP"

"Comment"="Microsoft CredSSP Security Provider"

"Capabilities"=dword:00010733

"RpcId"=dword:0000ffff

"Version"=dword:00000001

"TokenSize"=dword:000090a8

"Time"=hex:40,bb,da,77,b6,88,cb,01

"Type"=dword:00000021