question regarding SAM file / l0phtcrack / pwdump2

From: Mike Shaw (mshaw@wwisp.com)
Date: 12/17/01 

Date: Mon, 17 Dec 2001 15:01:35 -0600
To: focus-ms@securityfocus.com
From: Mike Shaw <mshaw@wwisp.com>

I'm currently in a quandry over a password audit.

The servers are all win2k.

I tried running pwdump2 and pwdump3. They both stop at the blinking cursor
and never report anything back (waited 1.5 hours). After that, the server
becomes unstable after awhile and a reboot is required (which needless to
say made the admin very happy). This happens on workstations too. The
only common thread is norton anti-virus. Anyone else observed this?

I can boot to dos and snag the SAM file, but it seems very old. When I
actually extracted the info it was only the local account info--not domain.
I assume that Active Directory user information is stored differently even
on a PDC?

I've also sniffed the hashes, but this proves way to time consuming. The
double whammy here is when they ask why they have to have secure passwords
when the system seems impervious to the common pw dumping tools.

Has anyone else run into this issue? If so what did you do to get around it?

-Mike