Re: password encryption

From: Patrick (nobody_at_nobody.com)
Date: 07/19/04 

Date: Mon, 19 Jul 2004 14:53:22 GMT

Steven,
Is there a way to ck in W2K with native tools, say ADCU?
On Fri, 16 Jul 2004 14:12:32 GMT, "Steven L Umbach"
<n9rou@n0-spam-for-me-comcast.net> wrote:

>A couple thinks that may help.
>
>Download the free dumpsec tool from SomarSoft and run it using the reports/dump users
>as a column and select the last logon time option in the right column. Do this on a
>domain controller and it will show all users last logon time.
>
>http://www.somarsoft.com/
>
>To specifically search for users with specific stale account time limits you can use
>the AD command line tools from Windows 2003. For instance you can use dsquery user
>with the -inactive switch to find those users with inactive accounts based on number
>of weeks. You can use the AD tools to manage a W2K domain from an XP SP1 domain
>member computer with adminpak from Windows 2003 installed on it. --- Steve
>
>http://www.jsiinc.com/SUBO/tip7300/rh7330.htm
>http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/dsquery_user.asp
>
>"Patrick" <nobody@nobody.com> wrote in message
>news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
>> I'm looking at W2k for inactive domain accounts thanks
>>
>> On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
>> <miha-news@atlantis.si> wrote:
>>
>> >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
>> >
>> >But you won't be able to see these keys (beyond SECURITY) by default. You
>> >have to take permissions first. Only SYSTEM is allowed to access to this
>> >part of the registry!
>> >
>> >Question about accounts and 90 days. Do you have domain accounts in mind? If
>> >yes, what domain do you have? Windows 2000 or 2003? ...
>> >
>> >Mike
>> >
>> >"Patrick" <nobody@nobody.com> wrote in message
>> >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
>> >> Mike ,
>> >> thanks for the quick response. If I look in the registry for password,
>> >> it should be unreadable? what key are they in?
>> >>
>> >> also would you know how to check for inactive user accounts older then
>> >> a certain age in a system , say 90 days.
>> >>
>> >> thanks
>> >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
>> >> <miha-news@atlantis.si> wrote:
>> >>
>> >> >Hi Patrick,
>> >> >
>> >> >password are stored in SAM database and in system registry. They are
>> >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
>> >and
>> >> >environement...).
>> >> >
>> >> >SAM database is located here
>> >> >
>> >> >%systemroot%\system32\config
>> >> >
>> >> >In the end it is up to the users to have strong - hard to guess password.
>> >No
>> >> >encryption will help if users use empty or easy to guess passwords....
>> >> >
>> >> >
>> >> >
>> >> >I hope this helps,
>> >> >
>> >> >
>> >> >Mike
>> >> >
>> >> >
>> >> >
>> >> >"Patrick" <nobody@nobody.com> wrote in message
>> >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
>> >> >> Where are passwords held on 2000 servers and are they encrypted?
>> >> >
>> >>
>> >
>>
>