Re: password encryption

From: Kevin Parks (Parks_at_discussions.microsoft.com)
Date: 07/20/04 

Date: Tue, 20 Jul 2004 04:29:02 -0700

check out a tool called hyena. It does what you want graphically. They have a free export tool that exports user data also. I can't remember if it will give you stale passwords, but hyena does.

Kevin

"Patrick" wrote:

> Steven,
> Is there a way to ck in W2K with native tools, say ADCU?
> On Fri, 16 Jul 2004 14:12:32 GMT, "Steven L Umbach"
> <n9rou@n0-spam-for-me-comcast.net> wrote:
>
> >A couple thinks that may help.
> >
> >Download the free dumpsec tool from SomarSoft and run it using the reports/dump users
> >as a column and select the last logon time option in the right column. Do this on a
> >domain controller and it will show all users last logon time.
> >
> >http://www.somarsoft.com/
> >
> >To specifically search for users with specific stale account time limits you can use
> >the AD command line tools from Windows 2003. For instance you can use dsquery user
> >with the -inactive switch to find those users with inactive accounts based on number
> >of weeks. You can use the AD tools to manage a W2K domain from an XP SP1 domain
> >member computer with adminpak from Windows 2003 installed on it. --- Steve
> >
> >http://www.jsiinc.com/SUBO/tip7300/rh7330.htm
> >http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/dsquery_user.asp
> >
> >"Patrick" <nobody@nobody.com> wrote in message
> >news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
> >> I'm looking at W2k for inactive domain accounts thanks
> >>
> >> On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
> >> <miha-news@atlantis.si> wrote:
> >>
> >> >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
> >> >
> >> >But you won't be able to see these keys (beyond SECURITY) by default. You
> >> >have to take permissions first. Only SYSTEM is allowed to access to this
> >> >part of the registry!
> >> >
> >> >Question about accounts and 90 days. Do you have domain accounts in mind? If
> >> >yes, what domain do you have? Windows 2000 or 2003? ...
> >> >
> >> >Mike
> >> >
> >> >"Patrick" <nobody@nobody.com> wrote in message
> >> >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
> >> >> Mike ,
> >> >> thanks for the quick response. If I look in the registry for password,
> >> >> it should be unreadable? what key are they in?
> >> >>
> >> >> also would you know how to check for inactive user accounts older then
> >> >> a certain age in a system , say 90 days.
> >> >>
> >> >> thanks
> >> >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
> >> >> <miha-news@atlantis.si> wrote:
> >> >>
> >> >> >Hi Patrick,
> >> >> >
> >> >> >password are stored in SAM database and in system registry. They are
> >> >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
> >> >and
> >> >> >environement...).
> >> >> >
> >> >> >SAM database is located here
> >> >> >
> >> >> >%systemroot%\system32\config
> >> >> >
> >> >> >In the end it is up to the users to have strong - hard to guess password.
> >> >No
> >> >> >encryption will help if users use empty or easy to guess passwords....
> >> >> >
> >> >> >
> >> >> >
> >> >> >I hope this helps,
> >> >> >
> >> >> >
> >> >> >Mike
> >> >> >
> >> >> >
> >> >> >
> >> >> >"Patrick" <nobody@nobody.com> wrote in message
> >> >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
> >> >> >> Where are passwords held on 2000 servers and are they encrypted?
> >> >> >
> >> >>
> >> >
> >>
> >
>
>

Quantcast