A program that uses the LSA secret $Machine.acc does not work correctly in Windows 8 or in Windows Server 2012

Article translations Article translations
Article ID: 2743127 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Assume that you have a program that uses the Local Security Authority (LSA) secret $Machine.acc of a computer. However, the program does not work correctly on a computer that is running Windows 8 or Windows Server 2012.

Note The program works correctly in earlier versions of Windows.

Cause

The issue occurs because an encrypted result is returned when the secret $Machine.acc is queried in Windows 8 and in Windows Server 2012. This behavior is by design and improves protection of the LSA secret.

Resolution

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To have us fix this problem for you on Windows 8 , go to the "Fix it for me" section. If you prefer to fix this problem yourself, or if you are running Windows Server 2012 , go to the "Let me fix it myself" section.

Fix it for me

Collapse this imageExpand this image
assets folding start expanded
To fix this problem automatically, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard.


Collapse this imageExpand this image
assets fixit1
Fix this problem
Microsoft Fix it 25005
Collapse this imageExpand this image
assets fixit2


Notes
  • This Fix it solution applies to Windows 8 only.
  • This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
  • If you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.
  • We would appreciate your feedback. To provide feedback or to report any issues with this solution, please leave a comment on the "Fix it for me" blog or send us an email message.
To restore the changes made by Microsoft Fix it 25005, go to the "Restore the changes made by Microsoft Fix it 25005" section.
Collapse this imageExpand this image
assets folding end

Let me fix it myself

Collapse this imageExpand this image
assets folding start collapsed
To resolve this issue, follow these steps:
  1. Press the Windows logo Key+R to open the Run box.
  2. Type regedit in the Run box, and then press Enter.
  3. Locate and then select the following registry subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
  4. On the Edit menu, click New, and then click DWORD(32-bit) Value .
  5. Type LsaAllowReturningUnencryptedSecrets, and then press Enter.
  6. Right-click LsaAllowReturningUnencryptedSecrets, click Modify…, type 1 in the Value data box, and then click OK.
  7. Exit Registry Editor.
You can also deploy the registry entry by using Group Policy Object (GPO). For more information about how to do this, go to the following Microsoft website:
How to deploy custom registry changes by using Group Policy
Collapse this imageExpand this image
assets folding end collapsed

Restore the changes made by Microsoft Fix it 25005

Collapse this imageExpand this image
assets folding start collapsed
To restore the changes made by Microsoft Fix it 25005 automatically, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard.


Collapse this imageExpand this image
assets fixit1
Restore changes back
Microsoft Fix it 25006
Collapse this imageExpand this image
assets fixit2


Notes
  • This Fix it solution applies to Windows 8 only.
  • This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
  • If you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.
  • We would appreciate your feedback. To provide feedback or to report any issues with this solution, please leave a comment on the "Fix it for me" blog or send us an email message.
Collapse this imageExpand this image
assets folding end collapsed

Properties

Article ID: 2743127 - Last Review: January 29, 2013 - Revision: 4.0
Applies to
  • Windows 8 Enterprise
  • Windows 8 Pro
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Essentials
  • Windows Server 2012 Standard
  • Windows Server 2012 Foundation
  • Microsoft Hyper-V Server 2012
Keywords: 
kbinfo kbexpertiseadvanced kbsurveynew kbfixme kbmsifixme kbtshoot KB2743127

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com