{"id":10531,"date":"2021-08-25T18:05:31","date_gmt":"2021-08-26T01:05:31","guid":{"rendered":"https:\/\/www.coretechnologies.com\/blog\/?p=10531"},"modified":"2021-08-25T18:05:31","modified_gmt":"2021-08-26T01:05:31","slug":"windows-password-management","status":"publish","type":"post","link":"https:\/\/www.coretechnologies.com\/blog\/alwaysup\/windows-password-management\/","title":{"rendered":"Q&A: Where does AlwaysUp store the Password for my Windows Account?"},"content":{"rendered":"
\"Q&A:<\/div>\n
\n  I was looking to use AlwaysUp to run Excel as a service, and it looks like you can specify an account. How is the password stored when specifying an account? I want to make sure it\u2019s stored securely.<\/p>\n

— Ben<\/p>\n<\/div>\n

Good question Ben!<\/p>\n

You are right to be concerned about security, especially with deadly ransomware attacks<\/a> on the rise.<\/p>\n

Rest assured that AlwaysUp manages your Windows securely. Here are some of the measures in place to protect your valuable credentials.<\/p>\n

AlwaysUp hides your Windows password on the Logon tab<\/h2>\n

As a first line of defense, the field that captures your Windows password “masks” the characters, showing asterisks (“*”) instead of the characters you type:<\/p>\n

\"AlwaysUp<\/a><\/div>\n

By doing so, AlwaysUp does not reveal your password to casual onlookers.<\/p>\n

Windows stores your password — not AlwaysUp<\/h2>\n

Next, and more importantly, AlwaysUp never keeps, tracks or transmits your Windows password after it creates (or updates) a service.<\/p>\n

Instead, AlwaysUp hands your password to the Windows Services layer (via the CreateService<\/a> or ChangeServiceConfig<\/a> API functions), which stores the password securely. In that way, your password is handled just as safely as it is with the trusted operating system tools, like the Services<\/a> application.<\/p>\n

Specifically, the Service Control Manager — which launches and initializes services — stores the password with LsaStorePrivateData<\/a>. And when it’s ready to start a service, the SCM calls LsaRetrievePrivateData<\/a> to retrieve the service’s password. After the initial creation, AlwaysUp is simply not involved.<\/p>\n

AlwaysUp doesn’t include your password when you export<\/h2>\n

As another important security measure, AlwaysUp does not (actually, cannot) include your Windows password when you export your application to an XML file. Instead, you will see ENTER A PASSWORD<\/b> in the password field:<\/p>\n

\"AlwaysUp<\/a><\/div>\n

Because AlwaysUp saves a placeholder instead of your password, you will have to re-enter your password when you import the XML file. However our team thought that was a small inconvenience to avoid leaking a sensitive password.<\/p>\n

A note on Excel as a service<\/h2>\n

Please be sure to follow our tutorial showing how to run Excel 2013 with AlwaysUp<\/a>. Please heed the comment about automation at the top of the page. Unfortunately, not all Excel functions operate properly in the context of a background Windows Service.<\/p>\n

Best of luck with Excel!<\/p>\n