where could get the details about the files (CredentialsSystemCertificatesCryptnetUrlCache\MetaData CryptoCryptnetUrlCache\Content ),only knows about the public key and private key ,but need the detailsC:\Documents and Settings\user\Application Data\Microsoft>DIR /AS /Q /S C D875-3440 C:\Documents and Settings\user\Application Data\Microsoft 2009-11-11 12:09 <DIR> LILIANJIE\user .2009-11-11 12:09 <DIR> LILIANJIE\user ..2009-05-21 09:02 <DIR> LILIANJIE\user Credentials2009-11-11 12:09 <DIR> LILIANJIE\user CryptnetUrlCache2009-05-21 09:03 <DIR> LILIANJIE\user Crypto2009-05-21 09:03 <DIR> LILIANJIE\user Protect2008-08-11 13:29 <DIR> LILIANJIE\user SystemCertificates 0 0 C:\Documents and Settings\user\Application Data\Microsoft\Credentials 2009-05-21 09:02 <DIR> LILIANJIE\user .2009-05-21 09:02 <DIR> LILIANJIE\user ..2009-05-21 09:02 <DIR> LILIANJIE\user S-1-5-21-1343024091-1682526488-839522115-1003 0 0 C:\Documents and Settings\user\Application Data\Microsoft\Credentials\S-1-5-21-1343024091-1682526488-839522115-1003 2009-05-21 09:02 <DIR> LILIANJIE\user .2009-05-21 09:02 <DIR> LILIANJIE\user .. 0 0 C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache 2009-11-11 12:09 <DIR> LILIANJIE\user .2009-11-11 12:09 <DIR> LILIANJIE\user ..2009-11-11 12:09 <DIR> LILIANJIE\user Content2009-11-11 12:09 <DIR> LILIANJIE\user MetaData 0 0 C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content 2009-11-11 12:09 <DIR> LILIANJIE\user .2009-11-11 12:09 <DIR> LILIANJIE\user ..2009-11-11 12:09 558 LILIANJIE\user A44F4E7CB3133FF765C39A53AD8FCFDD 1 558 C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData 2009-11-11 12:09 <DIR> LILIANJIE\user .2009-11-11 12:09 <DIR> LILIANJIE\user ..2009-11-11 12:09 146 LILIANJIE\user A44F4E7CB3133FF765C39A53AD8FCFDD 1 146 C:\Documents and Settings\user\Application Data\Microsoft\Crypto 2009-05-21 09:03 <DIR> LILIANJIE\user .2009-05-21 09:03 <DIR> LILIANJIE\user ..2009-05-21 09:03 <DIR> LILIANJIE\user RSA 0 0 C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA 2009-05-21 09:03 <DIR> LILIANJIE\user .2009-05-21 09:03 <DIR> LILIANJIE\user ..2009-05-21 09:03 <DIR> LILIANJIE\user S-1-5-21-1343024091-1682526488-839522115-1003 0 0 C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1343024091-1682526488-839522115-1003 2009-05-21 09:03 <DIR> LILIANJIE\user .2009-05-21 09:03 <DIR> LILIANJIE\user ..2009-06-01 08:22 61 LILIANJIE\user d1adb89f57202f6f2b1b0c17c20f91ff_7af661bb-c176-4e00-9bfa-39a407ce92292009-05-21 09:03 45 LILIANJIE\user f58155b4b1d5a524ca0261c3ee99fb50_7af661bb-c176-4e00-9bfa-39a407ce9229 2 106 C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer 2009-09-04 08:38 2,694 LILIANJIE\user Desktop.htt 1 2,694 C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch 2009-05-21 09:03 56 LILIANJIE\user desktop.ini 1 56 C:\Documents and Settings\user\Application Data\Microsoft\Protect 2009-05-21 09:03 <DIR> LILIANJIE\user .2009-05-21 09:03 <DIR> LILIANJIE\user ..2009-05-21 09:03 24 LILIANJIE\user CREDHIST2009-09-04 08:38 <DIR> LILIANJIE\user S-1-5-21-1343024091-1682526488-839522115-1003 1 24 C:\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1343024091-1682526488-839522115-1003 2009-09-04 08:38 <DIR> LILIANJIE\user .2009-09-04 08:38 <DIR> LILIANJIE\user ..2009-09-04 08:38 388 LILIANJIE\user a82c3ef6-aec5-4306-9ad7-82916a3861f22009-05-21 09:03 388 LILIANJIE\user f47bfb48-6f54-4410-8fea-d832c88242712009-09-04 08:38 24 LILIANJIE\user Preferred 3 800 C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates 2008-08-11 13:29 <DIR> LILIANJIE\user .2008-08-11 13:29 <DIR> LILIANJIE\user ..2008-08-11 13:29 <DIR> LILIANJIE\user My 0 0 C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My 2008-08-11 13:29 <DIR> LILIANJIE\user .2008-08-11 13:29 <DIR> LILIANJIE\user ..2008-08-11 13:29 <DIR> LILIANJIE\user Certificates2008-08-11 13:29 <DIR> LILIANJIE\user CRLs2008-08-11 13:29 <DIR> LILIANJIE\user CTLs 0 0 C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\Certificates 2008-08-11 13:29 <DIR> LILIANJIE\user .2008-08-11 13:29 <DIR> LILIANJIE\user .. 0 0 C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\CRLs 2008-08-11 13:29 <DIR> LILIANJIE\user .2008-08-11 13:29 <DIR> LILIANJIE\user .. 0 0 C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\CTLs 2008-08-11 13:29 <DIR> LILIANJIE\user .2008-08-11 13:29 <DIR> LILIANJIE\user .. 0 0 : 10 4,384 47 35,796,926,464 C:\Documents and Settings\user\Application Data\Microsoft>

find some detals: How Private Keys Are Stored Private keys for the Microsoft RSAbased CSPs, including the Base CSP and the Enhanced CSP, reside in the user profile under RootDirectory \Documents and Settings\< username >\Application Data\Microsoft\Crypto\RSA. In the case of a roaming user profile, the private key resides in the RSA folder on the domain controller and is downloaded to the user's computer until the user logs off or the computer is restarted. Unlike their corresponding public keys, private keys must be protected. Therefore, all files in the RSA folder are automatically encrypted with a random, symmetric key called the user's master key. The user's master key is generated by the RC4algorithm in the Base or Enhanced CSP. RC4 generates a 128-bit key for computers with the Enhanced CSP (subject to cryptography export restrictions) and a 56-bit key for computers with only the Base CSP (available for all Windows2000 computers). The master key is generated automatically and is renewed periodically. It encrypts each file in the RSA folder automatically as the file is created. The RSA folder must never be renamed or moved because this is the only place the CSPs look for private keys. Therefore, it is advisable to provide additional security. The administrator can provide additional file system security for users' computers or use roaming profiles. You should protect private keys for recovery, which is critical for backup, by exporting the certificate and private key to a floppy disk or other medium, storing the floppy disk or other medium securely, and then deleting the private key from the computer. This preserves the file from a system crash and makes it unavailable for cracking. To decrypt a data file, the recovery agent administrator inserts the floppy disk or other medium and imports the certificate and private key to the recovery agent account. For more information about how to secure recovery keys, see Windows2000 Server Help. Protect Folder The user's master key is itself encrypted automatically by the Protected Storage service and stored in the user profile under RootDirectory \Documents and Settings\< username >\Application Data\Microsoft\Protect. For a domain user who has a roaming profile, the master key resides on the domain controller and is downloaded to the user's profile on the local computer until the computer is restarted. The user's master key is encrypted twice, and each instance of encryption is stored in one of two parts of the Protect file. The first part, the password encryption key, is produced by the Hash-Based Message Authentication Code (HMAC) and SHA1 message digest function and is a hash of: A symmetric encryption of the user's master key produced by 160-bit RC4. The user's security identifier (SID). The user's logon password. The second part is the backup/restore form of the master key. This is needed if the user's password is changed on one computer but the keys are in the user profile on another computer, or if the administrator resets the user's password. In either case, the Protected Storage service, which cannot detect password changes to update Part1, uses Part2 to recover the master key and regenerate Part1. To create the backup part of the file, the encrypted user's master key is sent on to the Protected Storage service on the domain controller. That service uses HMAC and SHA1 again to make a hash of the data it has received along with the domain controller's own backup/restore master key, and sends that back to the user's computer to store in the Protect file. These transmissions are authenticated (signed and encrypted) by way of remote procedure calls so that the user's master key never goes over the wire in plaintext. The domain controllers backup/restore master key is stored on the system as a global local security authority (LSA) secret in the HKEY_LOCAL_MACHINE/SAM key in the registry and is replicated over the network by means of Active Directory. (Global LSA secrets are objects provided by the LSA to enable system services to store private data securely.) Caution Do not use a registry editor to edit the registry directly unless you have no alternative. The registry editors bypass the standard safeguards provided by administrative tools. These safeguards prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your system. Editing the registry directly can have serious, unexpected consequences that can prevent the system from starting and require that you reinstall Windows2000. To configure or customize Windows2000, use the programs in Control Panel or Microsoft Management Console (MMC) whenever possible. The System Certificates, RSA, and Protect folders have their system attributes set. This prevents the files in them from being encrypted by EFS, which would make them inaccessible.http://technet.microsoft.com/en-us/library/cc962112.aspx

windows 2003 no internet

C:\Documents and Settings\user\Application Data\Microsoft>dir /as /s /q C D875-3440 C:\Documents and Settings\user\Application Data\Microsoft 2009-11-26 12:16 <DIR> lilianjie\user . 2009-11-26 12:16 <DIR> lilianjie\user .. 2009-05-21 09:02 <DIR> lilianjie\user Credentials 2009-11-26 11:41 <DIR> lilianjie\user CryptnetUrlCache 2009-05-21 09:03 <DIR> lilianjie\user Crypto 2009-05-21 09:03 <DIR> lilianjie\user Protect 2008-08-11 13:29 <DIR> lilianjie\user SystemCertificates 0 0 Stored User Names and Passwords It is not always desirable to use one set of credentials for access to different resources. For example, when an administrator accesses a remote server, you might want him or her to use administrative rather than user credentials. Similarly, if a user will be accessing external resources such as a bank account, you might prefer that he or she use credentials that are different than their network username and password. Stored User Names and Passwords in Control Panel simplifies the management and use of multiple sets of logon credentials, including X.509 certificates used with smart cards and Passport credentials. The credentialspart of the user's profileare stored until needed. This can increase security on a per-resource basis by ensuring that if one password is compromised, it does not compromise all security. Note Microsoft Passport provides a single name and password that can be used on multiple Web sites. After a user logs on and attempts to access additional password-protected resources, such as a share on a server, and if the user's default logon credentials are not sufficient to gain access, Stored User Names and Passwords is queried. If alternate credentials with the correct logon information have been saved in Stored User Names and Passwords , these credentials are used to gain access. Otherwise, the user is prompted to supply new credentials, which can then be saved for reuse, either later in the logon session or during a subsequent session. Several restrictions apply: If Stored User Names and Passwords contains invalid or incorrect credentials for a specific resource, access to the resource will be denied and the Stored User Names and Passwords dialog box will not appear. Stored User Names and Passwords stores credentials only for NTLM, Kerberos, Passport, and SSL authentication. Microsoft Internet Explorer maintains its own cache for basic authentication. These credentials become an encrypted part of a user's local profile in the \Documents and Settings\Username\Application Data\Microsoft\Credentials directory. As a result, these credentials can roam with the user if the user's network policy supports Roaming Profiles. However, if you have copies of Stored User Names and Passwords on two different computers and change the credentials that are associated with the resource on one of these computers, the change will not be propagated to Stored User Names and Passwords on the second computer. To store a new user name and password In Control Panel , open User Accounts . On computers joined to a domain, click the Advanced tab, and then click Manage Passwords . or On computers not joined to a domain, click the icon that represents your user account, and then, under Related Tasks , click Manage your stored passwords . Click Add . Type the appropriate information in the spaces provided. Warning Educate your users about the importance of using strong passwords for all credentials stored in Stored User Names and Passwords. To store a Passport ID In Control Panel , open User Accounts . On computers not joined to a domain, click the icon that represents your user account, and then, under What do you want to change about your account? , click Create a Passport . or On computers joined to a domain, click the Advanced tab, and then click .NET Passport Wizard . Type the appropriate information in the spaces provided. In the When accessing box, type *.passport.com . Warning Some credentials are used infrequently. Others might be for extremely sensitive resources that the user wants to protect more carefully. When appropriate, have users store credentials for This logon session only. Credentials for a single logon session are typically stored by selecting the appropriate check box in the User Names and Passwords dialog box. Some administrators might not feel comfortable with allowing users to store network credentials for later use. This might be because of concerns about reduced security, or a potential increase in the number of account lockouts when credentials stored in User Names and Passwords expire. As a result, a Group Policy setting has been introduced to allow you to limit use of Stored User Names and Passwords . To limit use of Stored User Names and Passwords In the Group Policy MMC snap-in, double-click the Security Options folder (Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options). Right-click Network access: Do not allow storage of credentials or .NET Passports for network authentication. Click Enabled , and then click OK . C:\Documents and Settings\user\Application Data\Microsoft\Credentials 2009-05-21 09:02 <DIR> lilianjie\user . 2009-05-21 09:02 <DIR> lilianjie\user .. 2009-05-21 09:02 <DIR> lilianjie\user S-1-5-21-1343024091-1 682526488-839522115-1003 0 0 C:\Documents and Settings\user\Application Data\Microsoft\Credentials\S-1-5-21- 1343024091-1682526488-839522115-1003 2009-05-21 09:02 <DIR> lilianjie\user . 2009-05-21 09:02 <DIR> lilianjie\user .. 0 0 When a certificate or CRL is retrieved via LDAP or HTTP by a Windows 2000 client with MS04-11, Windows XP SP2 client, or Windows Server 2003 client, it is cached by CAPI in the Application Data folder. The per-user cache location is C:\Documents and Settings\{user name}\Application Data\Microsoft\CryptnetUrlCache and the per-machine cache location is %WINDIR%\System32\config\SystemProfile\Application Data\Microsoft\CryptnetUrlCache. C:\WINDOWS\system32\config>dir /ad /q /s C D875-3440 C:\WINDOWS\system32\config 2008-08-25 16:17 <DIR> BUILTIN\Administrators . 2008-08-25 16:17 <DIR> BUILTIN\Administrators .. 2008-08-11 13:37 <DIR> ... systemprofile 0 0 : 0 0 3 18,512,166,912 C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache 2009-11-26 11:41 <DIR> lilianjie\user . 2009-11-26 11:41 <DIR> lilianjie\user .. 2009-11-26 12:16 <DIR> lilianjie\user Content 2009-11-26 12:16 <DIR> lilianjie\user MetaData 0 0 C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Cont ent 2009-11-26 12:16 <DIR> lilianjie\user . 2009-11-26 12:16 <DIR> lilianjie\user .. 2009-11-26 12:16 558 lilianjie\user A44F4E7CB3133FF765C39 A53AD8FCFDD 2009-11-26 11:41 1,310 lilianjie\user C554DCF706A5AAB8B360F AD227EAB9C7 2009-11-26 11:41 2,214 lilianjie\user E8974A4669383843486E5 AFDB09650F5 3 4,082 C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Meta Data 2009-11-26 12:16 <DIR> lilianjie\user . 2009-11-26 12:16 <DIR> lilianjie\user .. 2009-11-26 12:16 146 lilianjie\user A44F4E7CB3133FF765C39 A53AD8FCFDD 2009-11-26 11:41 100 lilianjie\user C554DCF706A5AAB8B360F AD227EAB9C7 2009-11-26 11:41 124 lilianjie\user E8974A4669383843486E5 AFDB09650F5 3 370 Private keys for the Microsoft RSAbased CSPs, including the Base CSP and the Enhanced CSP, reside in the user profile under RootDirectory \Documents and Settings\< username >\Application Data\Microsoft\Crypto\RSA. In the case of a roaming user profile, the private key resides in the RSA folder on the domain controller and is downloaded to the user's computer until the user logs off or the computer is restarted. Unlike their corresponding public keys, private keys must be protected. Therefore, all files in the RSA folder are automatically encrypted with a random, symmetric key called the user's master key. The user's master key is generated by the RC4algorithm in the Base or Enhanced CSP. RC4 generates a 128-bit key for computers with the Enhanced CSP (subject to cryptography export restrictions) and a 56-bit key for computers with only the Base CSP (available for all Windows2000 computers). The master key is generated automatically and is renewed periodically. It encrypts each file in the RSA folder automatically as the file is created. The RSA folder must never be renamed or moved because this is the only place the CSPs look for private keys. Therefore, it is advisable to provide additional security. The administrator can provide additional file system security for users' computers or use roaming profiles. C:\Documents and Settings\user\Application Data\Microsoft\Crypto 2009-05-21 09:03 <DIR> lilianjie\user . 2009-05-21 09:03 <DIR> lilianjie\user .. 2009-05-21 09:03 <DIR> lilianjie\user RSA 0 0 C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA 2009-05-21 09:03 <DIR> lilianjie\user . 2009-05-21 09:03 <DIR> lilianjie\user .. 2009-05-21 09:03 <DIR> lilianjie\user S-1-5-21-1343024091-1 682526488-839522115-1003 0 0 C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1 343024091-1682526488-839522115-1003 2009-05-21 09:03 <DIR> lilianjie\user . 2009-05-21 09:03 <DIR> lilianjie\user .. 2009-06-01 08:22 61 lilianjie\user d1adb89f57202f6f2b1b0 c17c20f91ff_7af661bb-c176-4e00-9bfa-39a407ce9229 2009-05-21 09:03 45 lilianjie\user f58155b4b1d5a524ca026 1c3ee99fb50_7af661bb-c176-4e00-9bfa-39a407ce9229 2 106

The user's master key is itself encrypted automatically by the Protected Storage service and stored in the user profile under RootDirectory \Documents and Settings\< username >\Application Data\Microsoft\Protect. For a domain user who has a roaming profile, the master key resides on the domain controller and is downloaded to the user's profile on the local computer until the computer is restarted. The user's master key is encrypted twice, and each instance of encryption is stored in one of two parts of the Protect file. The first part, the password encryption key, is produced by the Hash-Based Message Authentication Code (HMAC) and SHA1 message digest function and is a hash of: o A symmetric encryption of the user's master key produced by 160-bit RC4. o The user's security identifier (SID). o The user's logon password. The second part is the backup/restore form of the master key. This is needed if the user's password is changed on one computer but the keys are in the user profile on another computer, or if the administrator resets the user's password. In either case, the Protected Storage service, which cannot detect password changes to update Part1, uses Part2 to recover the master key and regenerate Part1. To create the backup part of the file, the encrypted user's master key is sent on to the Protected Storage service on the domain controller. That service uses HMAC and SHA1 again to make a hash of the data it has received along with the domain controller's own backup/restore master key, and sends that back to the user's computer to store in the Protect file. These transmissions are authenticated (signed and encrypted) by way of remote procedure calls so that the user's master key never goes over the wire in plaintext. The domain controllers backup/restore master key is stored on the system as a global local security authority (LSA) secret in the HKEY_LOCAL_MACHINE/SAM key in the registry and is replicated over the network by means of Active Directory. (Global LSA secrets are objects provided by the LSA to enable system services to store private data securely.) C:\Documents and Settings\user\Application Data\Microsoft\Protect 2009-05-21 09:03 <DIR> lilianjie\user . 2009-05-21 09:03 <DIR> lilianjie\user .. 2009-05-21 09:03 24 lilianjie\user CREDHIST 2009-09-04 08:38 <DIR> lilianjie\user S-1-5-21-1343024091-1 682526488-839522115-1003 1 24 C:\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1343 024091-1682526488-839522115-1003 2009-09-04 08:38 <DIR> lilianjie\user . 2009-09-04 08:38 <DIR> lilianjie\user .. 2009-09-04 08:38 388 lilianjie\user a82c3ef6-aec5-4306-9a d7-82916a3861f2 2009-05-21 09:03 388 lilianjie\user f47bfb48-6f54-4410-8f ea-d832c8824271 2009-09-04 08:38 24 lilianjie\user Preferred 3 800 The certificate is encoded as a binary large object and stored as a binary value in the following file location: %Userprofile%\Application Data\Microsoft\SystemCertificates\My\Certificates C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates 2008-08-11 13:29 <DIR> lilianjie\user . 2008-08-11 13:29 <DIR> lilianjie\user .. 2008-08-11 13:29 <DIR> lilianjie\user My 0 0 C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My 2008-08-11 13:29 <DIR> lilianjie\user . 2008-08-11 13:29 <DIR> lilianjie\user .. 2008-08-11 13:29 <DIR> lilianjie\user Certificates 2008-08-11 13:29 <DIR> lilianjie\user CRLs 2008-08-11 13:29 <DIR> lilianjie\user CTLs 0 0 C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My \Certificates 2008-08-11 13:29 <DIR> lilianjie\user . 2008-08-11 13:29 <DIR> lilianjie\user .. 0 0 C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My \CRLs 2008-08-11 13:29 <DIR> lilianjie\user . 2008-08-11 13:29 <DIR> lilianjie\user .. 0 0 C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My \CTLs 2008-08-11 13:29 <DIR> lilianjie\user . 2008-08-11 13:29 <DIR> lilianjie\user .. 0 0 : 14 8,132 47 23,564,648,448

C:\Documents and Settings\user\Application Data\Microsoft\Protect\ CREDHIST