Sign in with
Sign up | Sign in
Your question

password encryption

Tags:
  • Encryption
  • Security
  • Microsoft
  • Servers
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
July 15, 2004 10:34:22 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Where are passwords held on 2000 servers and are they encrypted?

More about : password encryption

Anonymous
a b 8 Security
July 16, 2004 12:54:35 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Patrick,

password are stored in SAM database and in system registry. They are
encrypted with one way MD4 or MD5 hasing function (depends on operation and
environement...).

SAM database is located here

%systemroot%\system32\config

In the end it is up to the users to have strong - hard to guess password. No
encryption will help if users use empty or easy to guess passwords....



I hope this helps,


Mike



"Patrick" <nobody@nobody.com> wrote in message
news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
> Where are passwords held on 2000 servers and are they encrypted?
Anonymous
a b 8 Security
July 16, 2004 12:54:36 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Mike ,
thanks for the quick response. If I look in the registry for password,
it should be unreadable? what key are they in?

also would you know how to check for inactive user accounts older then
a certain age in a system , say 90 days.

thanks
On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
<miha-news@atlantis.si> wrote:

>Hi Patrick,
>
>password are stored in SAM database and in system registry. They are
>encrypted with one way MD4 or MD5 hasing function (depends on operation and
>environement...).
>
>SAM database is located here
>
>%systemroot%\system32\config
>
>In the end it is up to the users to have strong - hard to guess password. No
>encryption will help if users use empty or easy to guess passwords....
>
>
>
>I hope this helps,
>
>
>Mike
>
>
>
>"Patrick" <nobody@nobody.com> wrote in message
>news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
>> Where are passwords held on 2000 servers and are they encrypted?
>
Related resources
Anonymous
a b 8 Security
July 16, 2004 2:14:00 AM

Archived from groups: microsoft.public.win2000.security (More info?)

HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\

But you won't be able to see these keys (beyond SECURITY) by default. You
have to take permissions first. Only SYSTEM is allowed to access to this
part of the registry!

Question about accounts and 90 days. Do you have domain accounts in mind? If
yes, what domain do you have? Windows 2000 or 2003? ...

Mike

"Patrick" <nobody@nobody.com> wrote in message
news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
> Mike ,
> thanks for the quick response. If I look in the registry for password,
> it should be unreadable? what key are they in?
>
> also would you know how to check for inactive user accounts older then
> a certain age in a system , say 90 days.
>
> thanks
> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
> <miha-news@atlantis.si> wrote:
>
> >Hi Patrick,
> >
> >password are stored in SAM database and in system registry. They are
> >encrypted with one way MD4 or MD5 hasing function (depends on operation
and
> >environement...).
> >
> >SAM database is located here
> >
> >%systemroot%\system32\config
> >
> >In the end it is up to the users to have strong - hard to guess password.
No
> >encryption will help if users use empty or easy to guess passwords....
> >
> >
> >
> >I hope this helps,
> >
> >
> >Mike
> >
> >
> >
> >"Patrick" <nobody@nobody.com> wrote in message
> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
> >> Where are passwords held on 2000 servers and are they encrypted?
> >
>
Anonymous
a b 8 Security
July 16, 2004 5:01:38 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I'm looking at W2k for inactive domain accounts thanks

On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
<miha-news@atlantis.si> wrote:

>HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
>
>But you won't be able to see these keys (beyond SECURITY) by default. You
>have to take permissions first. Only SYSTEM is allowed to access to this
>part of the registry!
>
>Question about accounts and 90 days. Do you have domain accounts in mind? If
>yes, what domain do you have? Windows 2000 or 2003? ...
>
>Mike
>
>"Patrick" <nobody@nobody.com> wrote in message
>news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
>> Mike ,
>> thanks for the quick response. If I look in the registry for password,
>> it should be unreadable? what key are they in?
>>
>> also would you know how to check for inactive user accounts older then
>> a certain age in a system , say 90 days.
>>
>> thanks
>> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
>> <miha-news@atlantis.si> wrote:
>>
>> >Hi Patrick,
>> >
>> >password are stored in SAM database and in system registry. They are
>> >encrypted with one way MD4 or MD5 hasing function (depends on operation
>and
>> >environement...).
>> >
>> >SAM database is located here
>> >
>> >%systemroot%\system32\config
>> >
>> >In the end it is up to the users to have strong - hard to guess password.
>No
>> >encryption will help if users use empty or easy to guess passwords....
>> >
>> >
>> >
>> >I hope this helps,
>> >
>> >
>> >Mike
>> >
>> >
>> >
>> >"Patrick" <nobody@nobody.com> wrote in message
>> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
>> >> Where are passwords held on 2000 servers and are they encrypted?
>> >
>>
>
Anonymous
a b 8 Security
July 16, 2004 6:12:32 PM

Archived from groups: microsoft.public.win2000.security (More info?)

A couple thinks that may help.

Download the free dumpsec tool from SomarSoft and run it using the reports/dump users
as a column and select the last logon time option in the right column. Do this on a
domain controller and it will show all users last logon time.

http://www.somarsoft.com/

To specifically search for users with specific stale account time limits you can use
the AD command line tools from Windows 2003. For instance you can use dsquery user
with the -inactive switch to find those users with inactive accounts based on number
of weeks. You can use the AD tools to manage a W2K domain from an XP SP1 domain
member computer with adminpak from Windows 2003 installed on it. --- Steve

http://www.jsiinc.com/SUBO/tip7300/rh7330.htm
http://www.microsoft.com/windowsxp/home/using/productdo...

"Patrick" <nobody@nobody.com> wrote in message
news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
> I'm looking at W2k for inactive domain accounts thanks
>
> On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
> <miha-news@atlantis.si> wrote:
>
> >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
> >
> >But you won't be able to see these keys (beyond SECURITY) by default. You
> >have to take permissions first. Only SYSTEM is allowed to access to this
> >part of the registry!
> >
> >Question about accounts and 90 days. Do you have domain accounts in mind? If
> >yes, what domain do you have? Windows 2000 or 2003? ...
> >
> >Mike
> >
> >"Patrick" <nobody@nobody.com> wrote in message
> >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
> >> Mike ,
> >> thanks for the quick response. If I look in the registry for password,
> >> it should be unreadable? what key are they in?
> >>
> >> also would you know how to check for inactive user accounts older then
> >> a certain age in a system , say 90 days.
> >>
> >> thanks
> >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
> >> <miha-news@atlantis.si> wrote:
> >>
> >> >Hi Patrick,
> >> >
> >> >password are stored in SAM database and in system registry. They are
> >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
> >and
> >> >environement...).
> >> >
> >> >SAM database is located here
> >> >
> >> >%systemroot%\system32\config
> >> >
> >> >In the end it is up to the users to have strong - hard to guess password.
> >No
> >> >encryption will help if users use empty or easy to guess passwords....
> >> >
> >> >
> >> >
> >> >I hope this helps,
> >> >
> >> >
> >> >Mike
> >> >
> >> >
> >> >
> >> >"Patrick" <nobody@nobody.com> wrote in message
> >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
> >> >> Where are passwords held on 2000 servers and are they encrypted?
> >> >
> >>
> >
>
Anonymous
a b 8 Security
July 16, 2004 6:23:35 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Mike,
When a user logs on to a WS in a W2K Environment with AD. Is his
password Encypted going across the wire by default using MD5? Is this
a standard of W2K?
thanks

On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
<miha-news@atlantis.si> wrote:

>Hi Patrick,
>
>password are stored in SAM database and in system registry. They are
>encrypted with one way MD4 or MD5 hasing function (depends on operation and
>environement...).
>
>SAM database is located here
>
>%systemroot%\system32\config
>
>In the end it is up to the users to have strong - hard to guess password. No
>encryption will help if users use empty or easy to guess passwords....
>
>
>
>I hope this helps,
>
>
>Mike
>
>
>
>"Patrick" <nobody@nobody.com> wrote in message
>news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
>> Where are passwords held on 2000 servers and are they encrypted?
>
Anonymous
a b 8 Security
July 16, 2004 6:23:36 PM

Archived from groups: microsoft.public.win2000.security (More info?)

The password doesn't go across the wire during a logon. If the logon uses
kerberos which would be the default it uses kerberos methods which basically has
the client telling the server who it is and the server sending back something
that only the userid listed could decrypt. You can learn more about kerberos
authentication all over the web, it is pretty heavily documented. If it is NTLM
then it is a fairly similar challenge response mechanism where a nonce is
encoded and the client has to do something with it. This is also pretty well
documented on the web as well as the shortcomings in ntlm.

joe



--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net



Patrick wrote:
> Mike,
> When a user logs on to a WS in a W2K Environment with AD. Is his
> password Encypted going across the wire by default using MD5? Is this
> a standard of W2K?
> thanks
>
> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
> <miha-news@atlantis.si> wrote:
>
>
>>Hi Patrick,
>>
>>password are stored in SAM database and in system registry. They are
>>encrypted with one way MD4 or MD5 hasing function (depends on operation and
>>environement...).
>>
>>SAM database is located here
>>
>>%systemroot%\system32\config
>>
>>In the end it is up to the users to have strong - hard to guess password. No
>>encryption will help if users use empty or easy to guess passwords....
>>
>>
>>
>>I hope this helps,
>>
>>
>>Mike
>>
>>
>>
>>"Patrick" <nobody@nobody.com> wrote in message
>>news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
>>
>>>Where are passwords held on 2000 servers and are they encrypted?
>>
>
Anonymous
a b 8 Security
July 16, 2004 7:29:45 PM

Archived from groups: microsoft.public.win2000.security (More info?)

User's information in active directory environment is stored in ntdis.dit
file. There is nothing (that I would know of) in the registry.

Only when client logs on his credentials are stored locally in registry
(look at my previous response)

Mike

"Patrick" <nobody@nobody.com> wrote in message
news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
> I'm looking at W2k for inactive domain accounts thanks
>
> On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
> <miha-news@atlantis.si> wrote:
>
> >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
> >
> >But you won't be able to see these keys (beyond SECURITY) by default. You
> >have to take permissions first. Only SYSTEM is allowed to access to this
> >part of the registry!
> >
> >Question about accounts and 90 days. Do you have domain accounts in mind?
If
> >yes, what domain do you have? Windows 2000 or 2003? ...
> >
> >Mike
> >
> >"Patrick" <nobody@nobody.com> wrote in message
> >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
> >> Mike ,
> >> thanks for the quick response. If I look in the registry for password,
> >> it should be unreadable? what key are they in?
> >>
> >> also would you know how to check for inactive user accounts older then
> >> a certain age in a system , say 90 days.
> >>
> >> thanks
> >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
> >> <miha-news@atlantis.si> wrote:
> >>
> >> >Hi Patrick,
> >> >
> >> >password are stored in SAM database and in system registry. They are
> >> >encrypted with one way MD4 or MD5 hasing function (depends on
operation
> >and
> >> >environement...).
> >> >
> >> >SAM database is located here
> >> >
> >> >%systemroot%\system32\config
> >> >
> >> >In the end it is up to the users to have strong - hard to guess
password.
> >No
> >> >encryption will help if users use empty or easy to guess passwords....
> >> >
> >> >
> >> >
> >> >I hope this helps,
> >> >
> >> >
> >> >Mike
> >> >
> >> >
> >> >
> >> >"Patrick" <nobody@nobody.com> wrote in message
> >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
> >> >> Where are passwords held on 2000 servers and are they encrypted?
> >> >
> >>
> >
>
Anonymous
a b 8 Security
July 16, 2004 7:51:36 PM

Archived from groups: microsoft.public.win2000.security (More info?)

thanks for the response Joe,
On Fri, 16 Jul 2004 10:51:52 -0400, "Joe Richards [MVP]"
<humorexpress@hotmail.com> wrote:

>The password doesn't go across the wire during a logon. If the logon uses
>kerberos which would be the default it uses kerberos methods which basically has
>the client telling the server who it is and the server sending back something
>that only the userid listed could decrypt. You can learn more about kerberos
>authentication all over the web, it is pretty heavily documented. If it is NTLM
>then it is a fairly similar challenge response mechanism where a nonce is
>encoded and the client has to do something with it. This is also pretty well
>documented on the web as well as the shortcomings in ntlm.
>
> joe
Anonymous
a b 8 Security
July 19, 2004 6:53:22 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Steven,
Is there a way to ck in W2K with native tools, say ADCU?
On Fri, 16 Jul 2004 14:12:32 GMT, "Steven L Umbach"
<n9rou@n0-spam-for-me-comcast.net> wrote:

>A couple thinks that may help.
>
>Download the free dumpsec tool from SomarSoft and run it using the reports/dump users
>as a column and select the last logon time option in the right column. Do this on a
>domain controller and it will show all users last logon time.
>
>http://www.somarsoft.com/
>
>To specifically search for users with specific stale account time limits you can use
>the AD command line tools from Windows 2003. For instance you can use dsquery user
>with the -inactive switch to find those users with inactive accounts based on number
>of weeks. You can use the AD tools to manage a W2K domain from an XP SP1 domain
>member computer with adminpak from Windows 2003 installed on it. --- Steve
>
>http://www.jsiinc.com/SUBO/tip7300/rh7330.htm
>http://www.microsoft.com/windowsxp/home/using/productdo...
>
>"Patrick" <nobody@nobody.com> wrote in message
>news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
>> I'm looking at W2k for inactive domain accounts thanks
>>
>> On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
>> <miha-news@atlantis.si> wrote:
>>
>> >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
>> >
>> >But you won't be able to see these keys (beyond SECURITY) by default. You
>> >have to take permissions first. Only SYSTEM is allowed to access to this
>> >part of the registry!
>> >
>> >Question about accounts and 90 days. Do you have domain accounts in mind? If
>> >yes, what domain do you have? Windows 2000 or 2003? ...
>> >
>> >Mike
>> >
>> >"Patrick" <nobody@nobody.com> wrote in message
>> >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
>> >> Mike ,
>> >> thanks for the quick response. If I look in the registry for password,
>> >> it should be unreadable? what key are they in?
>> >>
>> >> also would you know how to check for inactive user accounts older then
>> >> a certain age in a system , say 90 days.
>> >>
>> >> thanks
>> >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
>> >> <miha-news@atlantis.si> wrote:
>> >>
>> >> >Hi Patrick,
>> >> >
>> >> >password are stored in SAM database and in system registry. They are
>> >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
>> >and
>> >> >environement...).
>> >> >
>> >> >SAM database is located here
>> >> >
>> >> >%systemroot%\system32\config
>> >> >
>> >> >In the end it is up to the users to have strong - hard to guess password.
>> >No
>> >> >encryption will help if users use empty or easy to guess passwords....
>> >> >
>> >> >
>> >> >
>> >> >I hope this helps,
>> >> >
>> >> >
>> >> >Mike
>> >> >
>> >> >
>> >> >
>> >> >"Patrick" <nobody@nobody.com> wrote in message
>> >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
>> >> >> Where are passwords held on 2000 servers and are they encrypted?
>> >> >
>> >>
>> >
>>
>
Anonymous
a b 8 Security
July 19, 2004 8:34:38 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Not that I know of offhand. There are probably scripting options that you can use.
See the link for the TechNet scripting center that has many scripts available.
Usrstat from the Resource Kit will display all users and their last logon time if
that would help. --- Steve

http://www.microsoft.com/technet/scriptcenter/default.m...
http://www.petri.co.il/download_free_reskit_tools.htm -- get usrstat here

"Patrick" <nobody@nobody.com> wrote in message
news:52onf0997dqifcq1f1dg6h5foe67k0jmiq@4ax.com...
> Steven,
> Is there a way to ck in W2K with native tools, say ADCU?
> On Fri, 16 Jul 2004 14:12:32 GMT, "Steven L Umbach"
> <n9rou@n0-spam-for-me-comcast.net> wrote:
>
> >A couple thinks that may help.
> >
> >Download the free dumpsec tool from SomarSoft and run it using the reports/dump
users
> >as a column and select the last logon time option in the right column. Do this on
a
> >domain controller and it will show all users last logon time.
> >
> >http://www.somarsoft.com/
> >
> >To specifically search for users with specific stale account time limits you can
use
> >the AD command line tools from Windows 2003. For instance you can use dsquery user
> >with the -inactive switch to find those users with inactive accounts based on
number
> >of weeks. You can use the AD tools to manage a W2K domain from an XP SP1 domain
> >member computer with adminpak from Windows 2003 installed on it. --- Steve
> >
> >http://www.jsiinc.com/SUBO/tip7300/rh7330.htm
>
>http://www.microsoft.com/windowsxp/home/using/productdo...
xp/home/using/productdoc/en/dsquery_user.asp
> >
> >"Patrick" <nobody@nobody.com> wrote in message
> >news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
> >> I'm looking at W2k for inactive domain accounts thanks
> >>
> >> On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
> >> <miha-news@atlantis.si> wrote:
> >>
> >> >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
> >> >
> >> >But you won't be able to see these keys (beyond SECURITY) by default. You
> >> >have to take permissions first. Only SYSTEM is allowed to access to this
> >> >part of the registry!
> >> >
> >> >Question about accounts and 90 days. Do you have domain accounts in mind? If
> >> >yes, what domain do you have? Windows 2000 or 2003? ...
> >> >
> >> >Mike
> >> >
> >> >"Patrick" <nobody@nobody.com> wrote in message
> >> >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
> >> >> Mike ,
> >> >> thanks for the quick response. If I look in the registry for password,
> >> >> it should be unreadable? what key are they in?
> >> >>
> >> >> also would you know how to check for inactive user accounts older then
> >> >> a certain age in a system , say 90 days.
> >> >>
> >> >> thanks
> >> >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
> >> >> <miha-news@atlantis.si> wrote:
> >> >>
> >> >> >Hi Patrick,
> >> >> >
> >> >> >password are stored in SAM database and in system registry. They are
> >> >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
> >> >and
> >> >> >environement...).
> >> >> >
> >> >> >SAM database is located here
> >> >> >
> >> >> >%systemroot%\system32\config
> >> >> >
> >> >> >In the end it is up to the users to have strong - hard to guess password.
> >> >No
> >> >> >encryption will help if users use empty or easy to guess passwords....
> >> >> >
> >> >> >
> >> >> >
> >> >> >I hope this helps,
> >> >> >
> >> >> >
> >> >> >Mike
> >> >> >
> >> >> >
> >> >> >
> >> >> >"Patrick" <nobody@nobody.com> wrote in message
> >> >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
> >> >> >> Where are passwords held on 2000 servers and are they encrypted?
> >> >> >
> >> >>
> >> >
> >>
> >
>
Anonymous
a b 8 Security
July 20, 2004 8:29:02 AM

Archived from groups: microsoft.public.win2000.security (More info?)

check out a tool called hyena. It does what you want graphically. They have a free export tool that exports user data also. I can't remember if it will give you stale passwords, but hyena does.

Kevin


"Patrick" wrote:

> Steven,
> Is there a way to ck in W2K with native tools, say ADCU?
> On Fri, 16 Jul 2004 14:12:32 GMT, "Steven L Umbach"
> <n9rou@n0-spam-for-me-comcast.net> wrote:
>
> >A couple thinks that may help.
> >
> >Download the free dumpsec tool from SomarSoft and run it using the reports/dump users
> >as a column and select the last logon time option in the right column. Do this on a
> >domain controller and it will show all users last logon time.
> >
> >http://www.somarsoft.com/
> >
> >To specifically search for users with specific stale account time limits you can use
> >the AD command line tools from Windows 2003. For instance you can use dsquery user
> >with the -inactive switch to find those users with inactive accounts based on number
> >of weeks. You can use the AD tools to manage a W2K domain from an XP SP1 domain
> >member computer with adminpak from Windows 2003 installed on it. --- Steve
> >
> >http://www.jsiinc.com/SUBO/tip7300/rh7330.htm
> >http://www.microsoft.com/windowsxp/home/using/productdo...
> >
> >"Patrick" <nobody@nobody.com> wrote in message
> >news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
> >> I'm looking at W2k for inactive domain accounts thanks
> >>
> >> On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
> >> <miha-news@atlantis.si> wrote:
> >>
> >> >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
> >> >
> >> >But you won't be able to see these keys (beyond SECURITY) by default. You
> >> >have to take permissions first. Only SYSTEM is allowed to access to this
> >> >part of the registry!
> >> >
> >> >Question about accounts and 90 days. Do you have domain accounts in mind? If
> >> >yes, what domain do you have? Windows 2000 or 2003? ...
> >> >
> >> >Mike
> >> >
> >> >"Patrick" <nobody@nobody.com> wrote in message
> >> >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
> >> >> Mike ,
> >> >> thanks for the quick response. If I look in the registry for password,
> >> >> it should be unreadable? what key are they in?
> >> >>
> >> >> also would you know how to check for inactive user accounts older then
> >> >> a certain age in a system , say 90 days.
> >> >>
> >> >> thanks
> >> >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
> >> >> <miha-news@atlantis.si> wrote:
> >> >>
> >> >> >Hi Patrick,
> >> >> >
> >> >> >password are stored in SAM database and in system registry. They are
> >> >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
> >> >and
> >> >> >environement...).
> >> >> >
> >> >> >SAM database is located here
> >> >> >
> >> >> >%systemroot%\system32\config
> >> >> >
> >> >> >In the end it is up to the users to have strong - hard to guess password.
> >> >No
> >> >> >encryption will help if users use empty or easy to guess passwords....
> >> >> >
> >> >> >
> >> >> >
> >> >> >I hope this helps,
> >> >> >
> >> >> >
> >> >> >Mike
> >> >> >
> >> >> >
> >> >> >
> >> >> >"Patrick" <nobody@nobody.com> wrote in message
> >> >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
> >> >> >> Where are passwords held on 2000 servers and are they encrypted?
> >> >> >
> >> >>
> >> >
> >>
> >
>
>
!