Re: password encryption
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 07/16/04
- Next message: Steven L Umbach: "Re: Keys to Encryption"
- Previous message: Steven L Umbach: "Re: HIDING FILES USING DFS"
- In reply to: Patrick: "Re: password encryption"
- Next in thread: Patrick: "Re: password encryption"
- Reply: Patrick: "Re: password encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Jul 2004 14:12:32 GMT
A couple thinks that may help.
Download the free dumpsec tool from SomarSoft and run it using the reports/dump users
as a column and select the last logon time option in the right column. Do this on a
domain controller and it will show all users last logon time.
To specifically search for users with specific stale account time limits you can use
the AD command line tools from Windows 2003. For instance you can use dsquery user
with the -inactive switch to find those users with inactive accounts based on number
of weeks. You can use the AD tools to manage a W2K domain from an XP SP1 domain
member computer with adminpak from Windows 2003 installed on it. --- Steve
http://www.jsiinc.com/SUBO/tip7300/rh7330.htm
http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/dsquery_user.asp
"Patrick" <nobody@nobody.com> wrote in message
news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
> I'm looking at W2k for inactive domain accounts thanks
>
> On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
> <miha-news@atlantis.si> wrote:
>
> >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
> >
> >But you won't be able to see these keys (beyond SECURITY) by default. You
> >have to take permissions first. Only SYSTEM is allowed to access to this
> >part of the registry!
> >
> >Question about accounts and 90 days. Do you have domain accounts in mind? If
> >yes, what domain do you have? Windows 2000 or 2003? ...
> >
> >Mike
> >
> >"Patrick" <nobody@nobody.com> wrote in message
> >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
> >> Mike ,
> >> thanks for the quick response. If I look in the registry for password,
> >> it should be unreadable? what key are they in?
> >>
> >> also would you know how to check for inactive user accounts older then
> >> a certain age in a system , say 90 days.
> >>
> >> thanks
> >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
> >> <miha-news@atlantis.si> wrote:
> >>
> >> >Hi Patrick,
> >> >
> >> >password are stored in SAM database and in system registry. They are
> >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
> >and
> >> >environement...).
> >> >
> >> >SAM database is located here
> >> >
> >> >%systemroot%\system32\config
> >> >
> >> >In the end it is up to the users to have strong - hard to guess password.
> >No
> >> >encryption will help if users use empty or easy to guess passwords....
> >> >
> >> >
> >> >
> >> >I hope this helps,
> >> >
> >> >
> >> >Mike
> >> >
> >> >
> >> >
> >> >"Patrick" <nobody@nobody.com> wrote in message
> >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
> >> >> Where are passwords held on 2000 servers and are they encrypted?
> >> >
> >>
> >
>
- Next message: Steven L Umbach: "Re: Keys to Encryption"
- Previous message: Steven L Umbach: "Re: HIDING FILES USING DFS"
- In reply to: Patrick: "Re: password encryption"
- Next in thread: Patrick: "Re: password encryption"
- Reply: Patrick: "Re: password encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
