General discussion


How does ADMIN get passwords on NTDomai

By michael.burgess ·
I need to know the best possible way to do this.
I have 350 users. All on a WINNT domain. Whenever I replace a multi-user PC or a user moves from OfficeA to OfficeB I always have to either hunt them down or reset their password on the domain so that I can log in as them and setup their profile.

I would like to know of a way to get their current password. So I can just do the work w/o going through all the trouble of getting passwords. I know there is software that I can install on my domain controller and hoover over the asteriks and the password pops up.. but I am running low on disk space as it is and I would rather not add that to my system.

Bascially, How do you guys do it?

I don't won't to use Roaming Profiles.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by p.j.hutchison In reply to How does ADMIN get passw ...

It is not possible to get a user's password unless you ask the user for it. If the user is not available, we normally change the password and tell the user the new password. You can use UsrMgr.exe for NT4 domains tool to change passwords. It will fit on a floppy or USB stick.

Collapse -

by michael.burgess In reply to How does ADMIN get passw ...

I know how to change the password.
I have usermgr and svrmgr on my pc.

I need to know how to find out the password w/o having to rely on the user.

Collapse -

by cmiller5400 In reply to How does ADMIN get passw ...

This is not possible as far as I know, when using the default settings in Active Directory. I believe that by default it stores a hash of the password not the actual password. If you are using the option to store the password using reversable encryption, it may be available. I would sugguest that you not go this route and change the policy to store all passwords using reversable encryption. This weakens your entire network, and until the user changes the password after you enable the option, it will not work.

Have you looked at remote control software so that you do not need to be near the pc? Look at NetOp Remote Control by Danware or Proxy by Funk software. A free solution would be VNC.

Collapse -

by Nilt In reply to How does ADMIN get passw ...

The other posters are correct. This is simply not a possibility in a domain configured normally. It is possible to have zero security so the password's stored in a plain form but that would be an absurdly insecure thing to do.

Your "best practice" for this is to reset their password, do what you need to do and then set the flag in the domain that they must set a new password on next login. Give them the temporary password you used and they'll be fine.

Collapse -

by YetAnotherAdmin In reply to How does ADMIN get passw ...

This is possible if you are Domain Admin. Search for L0phtCrack, you can buy the new version but there are older demo versions out there as well.

In my experience, this can crack weak passwords very quickly but strong passwords can take a long time.

Ethically, I'm not sure you should be doing this. L0ftCrack started as a hacking tool but is now also widely used by Domain Admins to identify weak passwords and notify the user that they should use a stronger password.

I'm not sure where you stand legally if you then intend to log in as the user.

You needn't install anything on your servers, you can install and run the program from your own desktop/laptop. You will need Domain Admin rights though.

Collapse -

by YetAnotherAdmin In reply to

BTW, if by hovering over the asterix's and can see the password you mean PassUnleash, this only works on programs like Outlook Express and Internet Explorer, NOT NT User Manager.

Related Discussions

Related Forums