Click here to get back home

Password Visibility
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Password Visibility DavidW 12-14-2005
|--> Re: Password Visibility Joe Richards [M...12-15-2005
Posted by DavidW on December 14, 2005, 9:31 am
Please log in for more thread options
 This may seem a very odd or simple question but is it possible for network
administrators to see user network passwords? If the answer is yes, is there
a way of auditing which administrator reset a user's password and when?


Thanks

Posted by Danny Sanders on December 14, 2005, 11:27 am
Please log in for more thread options
> This may seem a very odd or simple question but is it possible for network
> administrators to see user network passwords?

Not with anything native to Windows.

hth
DDS W 2k MVP MCSE

> This may seem a very odd or simple question but is it possible for network
> administrators to see user network passwords? If the answer is yes, is
> there
> a way of auditing which administrator reset a user's password and when?
>
>
> Thanks



Posted by Joe Richards [MVP] on December 15, 2005, 12:20 pm
Please log in for more thread options
It depends...

If an admin can set up a website with basic auth and convince the user to enter
their userid/password they can retrieve that password from the vars. If an admin
has the ability to sniff traffic in and out of a DC and some LDAP app the user
is using is using simple authentication the password will be in clear text on
the wire. If the admin has rights to a DC they could dump the hashes for the
user database and then run something like l0phtcrack or some rainbow table
software against it to crack the passwords, possibly in milliseconds. Also if an
admin is bright enough they could install a password filter on a DC and capture
the clear text password of every userid that changes the password. There are
more vectors but these are the main ones that spring to my head.

You can audit who changes password with normal AD auditing, I suggest reading up
on the topic as it isn't something you just want to go slamming into place as
there are performance impacts that can occur.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


DavidW wrote:
> This may seem a very odd or simple question but is it possible for network
> administrators to see user network passwords? If the answer is yes, is there
> a way of auditing which administrator reset a user's password and when?
>
>
> Thanks

Posted by Steven L Umbach on December 17, 2005, 3:16 pm
Please log in for more thread options
Your best bet is to enable auditing of account management on domain
controllers and then looking in the security logs of the domain controllers
for the account management event that would be generated when the user's
password was reset. Event Comb can greatly simplify the search process and
be sure to increase the size of the security logs substantially. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308471 --- Event
Comb
http://www.microsoft.com/technet/security/topics/auditingandmonitoring/securitymonitoring/default.mspx

--- The Security Monitoring and Attack Detection Planning Guide

> This may seem a very odd or simple question but is it possible for network
> administrators to see user network passwords? If the answer is yes, is
> there
> a way of auditing which administrator reset a user's password and when?
>
>
> Thanks



Similar ThreadsPosted
Problem in Change Password! Password Recovery August 27, 2005, 1:24 am
Password Expired / Cannot Change Password May 9, 2006, 9:46 am
App Services password July 6, 2005, 9:46 pm
Password Complexity March 2, 2006, 12:12 pm
Admin Password March 9, 2006, 6:15 pm
HOW CAN i GET THE ADMINISTRATOR PASSWORD? November 20, 2006, 7:43 am
Locked Out! Despite Having The Right Password! September 24, 2007, 12:02 pm
Reset Password January 21, 2008, 7:39 pm
Password expiration April 26, 2008, 4:41 am
Multiple Password Policies? June 22, 2005, 12:15 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap