Notifications
Clear all
Topic starter 01/08/2025 9:32 pm
🛡️ Microsoft SAM Database (Security Account Manager) is a core component of Windows operating systems that securely stores user credentials and account information for local logins.
🧠 What It Does
The SAM database is responsible for:
- Storing usernames and password hashes for local user accounts
- Authenticating users when they log into a Windows machine
- Managing local groups and security identifiers (SIDs)
It’s like a vault that Windows checks every time someone tries to log in locally.
📍 Where It Lives
- Located in:
C:\Windows\System32\config\SAM - Also mirrored in the Windows Registry under:
HKEY_LOCAL_MACHINE\SAM - Not accessible while the system is running—Windows locks it down to prevent tampering
🔐 Security Features
- Passwords are stored as hashed values, not plain text
- Uses cryptographic methods like NTLM hashes to protect credentials
- Only system-level processes can access the SAM file directly
🧬 SAM vs Active Directory
| Feature | SAM Database | Active Directory (AD) |
|---|---|---|
| Scope | Local machine | Entire network/domain |
| User Type | Local users | Domain users |
| Authentication | Handled by SAM | Handled by AD + Domain Controllers |
| Use Case | Workgroup computers | Enterprise environments |
🛠️ Special Case: DSRM
Even on a Domain Controller, SAM is still used for Directory Services Restore Mode (DSRM)—a recovery account stored locally in SAM for emergency access.
