Working on a win2k system image where syskey mode was set to 2:
Observed behaviour:
calling lsadump::sam returns the SAM without any notice that it is encrypted.
Expected behaviour:
lsadump::sam checks SYSTEM\CurrentControlSet\Control\Lsa\SecureBoot if value is not 1 return notice to user.
Working on a win2k system image where syskey mode was set to 2: Observed behaviour: calling lsadump::sam returns the SAM without any notice that it is encrypted. Expected behaviour: lsadump::sam checks SYSTEM\CurrentControlSet\Control\Lsa\SecureBoot if value is not 1 return notice to user.