Integrated windows authentication and cloning users from xp

Question

Hi,

I have a security question about integrated windows authentication.

Let say we are using .net remoting hosted in iis. The system uses integrated windows authentication.

What if some client manages to clone the OS to other PC or just clone the user to other PC. (Other PC whit the same username and same password hash)

Then also the other PC can access the server resources pretending that it is someone else and make some bad thinks.

Is this possible? Cloning the same user to other PC is a peace of cake. The user that is using the client can find several ways to to this.

How can I prevent this scenario?

Answer 1

After cloning you would also need an active session with the user being logged on. This only works if

1. The user was logged on to the original PC and the PC was hibernated, and
2. If Windows has been configured not to ask for credentials when resuming a hibernated session.

So basically attackers can use that to impersonate as someone else only if they have physical access to the machine and if the system is not configured in a secure way.