Grey Panther's questions

Recently I was working on recovering data from dead (bricked PSU) Windows XP machine, which included some client certificates installed into IE 6. I plugged in a temporary PSU and tried to export the certificate, only to be told that "these certificates are marked as non-exportable, and thus the private key can not be exported".

I've done some searching around the intertubes, however the only advices I could find were related to pre-install scenarios (ie. there is apparently an option which you can check during the installation to avoid this situation).

My questions would be:

• Is this a real security measure? It seems to me that you can simply patch the verification logic in IE6 (or the CryptoAPI) and force the export of the certificate / private-key
• Is there a ready-made tool to do this? (for backup purposes for example)

I've had the following problems on multiple Windows networks (using domains) which have a password expiration policy:

After a while the user can't access network resources. This seems to be caused by the fact that the users password has expired, however s/he isn't notified about the fact that the password expired, even after multiple logins/logouts/reboots. Manually changing the password always resolves the issue. The machines are running up-to-date Windows XP. An other commonality seems to be that the given machines are rebooted rarely (once or twice a week).

While it is good to have a workaround, I would be interested in eliminating the source of the problem. Does anyone know what might be the root cause of this?

PS. A problem, which might or might not be related, is that some shares are only available when using their IP rather than their name...

Does anybody know if it is possible to try out "XP Mode" in Windows 7, if Windows 7 is running inside of Virtualbox? The processor I'm running includes the VT-x capability and it is enabled in the BIOS. Theoretically VT-x allows for nesting (ie. running Xen inside of an other instance of Xen), however I couldn't get the guest Windows 7 OS to detect the availability of VT-x.

Does Virtualbox support this? What do I need to configure? Alternatively, does VMWare support this?

Update: thank you to everybody who responded. After doing further research and experimentation myself, I found that this currently isn't possible, although theoretically it would be (my original motivation was to play around with XP Mode without physically rebooting the machine - I guess I'll have to byte the bullet and do a full install / reboot physically). Further reference:

From VMWare community (emphasis added):

It is only possible to run nested VMs when the outer VM uses hardware virtualization (Intel's VT-x or AMD's AMD-V) and the inner VM uses the classical BT (binary translation) monitor. You may run any 32-bit or 64-bit operating system as the outer guest. You may only run 32-bit operating systems as the inner guest. These configurations are entirely unsupported.

Virtual PC 2008 uses the equivalent of "hardware virtualization" not "binary translation", and as such, it is incompatible with the scenario described.

From Invisible Labs (emphasis added):

We can now virtualize complex hypervisors, like e.g. Virtual PC 2007 or Virtual Box with SVM turned on (BTW, we can also run VMWare Workstation, but that doesn't count, as on AMD processors it doesn't make use of SVM instructions). We also have a prototype code that allows to run nested hypervisors on VT-x but that code requires a bit of more polishing (oh, didn’t you know that our NBP also supports VT-x these days?).

The conclusion is that it is technically possible, but no product implements it yet. I will award the bounty anyways.