password encryption

Archived from groups: microsoft.public.win2000.security (More info?)

Where are passwords held on 2000 servers and are they encrypted?
12 answers Last reply
More about password encryption
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Patrick,

    password are stored in SAM database and in system registry. They are
    encrypted with one way MD4 or MD5 hasing function (depends on operation and
    environement...).

    SAM database is located here

    %systemroot%\system32\config

    In the end it is up to the users to have strong - hard to guess password. No
    encryption will help if users use empty or easy to guess passwords....


    I hope this helps,


    Mike


    "Patrick" <nobody@nobody.com> wrote in message
    news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
    > Where are passwords held on 2000 servers and are they encrypted?
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Mike ,
    thanks for the quick response. If I look in the registry for password,
    it should be unreadable? what key are they in?

    also would you know how to check for inactive user accounts older then
    a certain age in a system , say 90 days.

    thanks
    On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
    <miha-news@atlantis.si> wrote:

    >Hi Patrick,
    >
    >password are stored in SAM database and in system registry. They are
    >encrypted with one way MD4 or MD5 hasing function (depends on operation and
    >environement...).
    >
    >SAM database is located here
    >
    >%systemroot%\system32\config
    >
    >In the end it is up to the users to have strong - hard to guess password. No
    >encryption will help if users use empty or easy to guess passwords....
    >
    >
    >
    >I hope this helps,
    >
    >
    >Mike
    >
    >
    >
    >"Patrick" <nobody@nobody.com> wrote in message
    >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
    >> Where are passwords held on 2000 servers and are they encrypted?
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\

    But you won't be able to see these keys (beyond SECURITY) by default. You
    have to take permissions first. Only SYSTEM is allowed to access to this
    part of the registry!

    Question about accounts and 90 days. Do you have domain accounts in mind? If
    yes, what domain do you have? Windows 2000 or 2003? ...

    Mike

    "Patrick" <nobody@nobody.com> wrote in message
    news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
    > Mike ,
    > thanks for the quick response. If I look in the registry for password,
    > it should be unreadable? what key are they in?
    >
    > also would you know how to check for inactive user accounts older then
    > a certain age in a system , say 90 days.
    >
    > thanks
    > On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
    > <miha-news@atlantis.si> wrote:
    >
    > >Hi Patrick,
    > >
    > >password are stored in SAM database and in system registry. They are
    > >encrypted with one way MD4 or MD5 hasing function (depends on operation
    and
    > >environement...).
    > >
    > >SAM database is located here
    > >
    > >%systemroot%\system32\config
    > >
    > >In the end it is up to the users to have strong - hard to guess password.
    No
    > >encryption will help if users use empty or easy to guess passwords....
    > >
    > >
    > >
    > >I hope this helps,
    > >
    > >
    > >Mike
    > >
    > >
    > >
    > >"Patrick" <nobody@nobody.com> wrote in message
    > >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
    > >> Where are passwords held on 2000 servers and are they encrypted?
    > >
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    I'm looking at W2k for inactive domain accounts thanks

    On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
    <miha-news@atlantis.si> wrote:

    >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
    >
    >But you won't be able to see these keys (beyond SECURITY) by default. You
    >have to take permissions first. Only SYSTEM is allowed to access to this
    >part of the registry!
    >
    >Question about accounts and 90 days. Do you have domain accounts in mind? If
    >yes, what domain do you have? Windows 2000 or 2003? ...
    >
    >Mike
    >
    >"Patrick" <nobody@nobody.com> wrote in message
    >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
    >> Mike ,
    >> thanks for the quick response. If I look in the registry for password,
    >> it should be unreadable? what key are they in?
    >>
    >> also would you know how to check for inactive user accounts older then
    >> a certain age in a system , say 90 days.
    >>
    >> thanks
    >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
    >> <miha-news@atlantis.si> wrote:
    >>
    >> >Hi Patrick,
    >> >
    >> >password are stored in SAM database and in system registry. They are
    >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
    >and
    >> >environement...).
    >> >
    >> >SAM database is located here
    >> >
    >> >%systemroot%\system32\config
    >> >
    >> >In the end it is up to the users to have strong - hard to guess password.
    >No
    >> >encryption will help if users use empty or easy to guess passwords....
    >> >
    >> >
    >> >
    >> >I hope this helps,
    >> >
    >> >
    >> >Mike
    >> >
    >> >
    >> >
    >> >"Patrick" <nobody@nobody.com> wrote in message
    >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
    >> >> Where are passwords held on 2000 servers and are they encrypted?
    >> >
    >>
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    A couple thinks that may help.

    Download the free dumpsec tool from SomarSoft and run it using the reports/dump users
    as a column and select the last logon time option in the right column. Do this on a
    domain controller and it will show all users last logon time.

    http://www.somarsoft.com/

    To specifically search for users with specific stale account time limits you can use
    the AD command line tools from Windows 2003. For instance you can use dsquery user
    with the -inactive switch to find those users with inactive accounts based on number
    of weeks. You can use the AD tools to manage a W2K domain from an XP SP1 domain
    member computer with adminpak from Windows 2003 installed on it. --- Steve

    http://www.jsiinc.com/SUBO/tip7300/rh7330.htm
    http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/dsquery_user.asp

    "Patrick" <nobody@nobody.com> wrote in message
    news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
    > I'm looking at W2k for inactive domain accounts thanks
    >
    > On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
    > <miha-news@atlantis.si> wrote:
    >
    > >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
    > >
    > >But you won't be able to see these keys (beyond SECURITY) by default. You
    > >have to take permissions first. Only SYSTEM is allowed to access to this
    > >part of the registry!
    > >
    > >Question about accounts and 90 days. Do you have domain accounts in mind? If
    > >yes, what domain do you have? Windows 2000 or 2003? ...
    > >
    > >Mike
    > >
    > >"Patrick" <nobody@nobody.com> wrote in message
    > >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
    > >> Mike ,
    > >> thanks for the quick response. If I look in the registry for password,
    > >> it should be unreadable? what key are they in?
    > >>
    > >> also would you know how to check for inactive user accounts older then
    > >> a certain age in a system , say 90 days.
    > >>
    > >> thanks
    > >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
    > >> <miha-news@atlantis.si> wrote:
    > >>
    > >> >Hi Patrick,
    > >> >
    > >> >password are stored in SAM database and in system registry. They are
    > >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
    > >and
    > >> >environement...).
    > >> >
    > >> >SAM database is located here
    > >> >
    > >> >%systemroot%\system32\config
    > >> >
    > >> >In the end it is up to the users to have strong - hard to guess password.
    > >No
    > >> >encryption will help if users use empty or easy to guess passwords....
    > >> >
    > >> >
    > >> >
    > >> >I hope this helps,
    > >> >
    > >> >
    > >> >Mike
    > >> >
    > >> >
    > >> >
    > >> >"Patrick" <nobody@nobody.com> wrote in message
    > >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
    > >> >> Where are passwords held on 2000 servers and are they encrypted?
    > >> >
    > >>
    > >
    >
  6. Archived from groups: microsoft.public.win2000.security (More info?)

    Mike,
    When a user logs on to a WS in a W2K Environment with AD. Is his
    password Encypted going across the wire by default using MD5? Is this
    a standard of W2K?
    thanks

    On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
    <miha-news@atlantis.si> wrote:

    >Hi Patrick,
    >
    >password are stored in SAM database and in system registry. They are
    >encrypted with one way MD4 or MD5 hasing function (depends on operation and
    >environement...).
    >
    >SAM database is located here
    >
    >%systemroot%\system32\config
    >
    >In the end it is up to the users to have strong - hard to guess password. No
    >encryption will help if users use empty or easy to guess passwords....
    >
    >
    >
    >I hope this helps,
    >
    >
    >Mike
    >
    >
    >
    >"Patrick" <nobody@nobody.com> wrote in message
    >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
    >> Where are passwords held on 2000 servers and are they encrypted?
    >
  7. Archived from groups: microsoft.public.win2000.security (More info?)

    The password doesn't go across the wire during a logon. If the logon uses
    kerberos which would be the default it uses kerberos methods which basically has
    the client telling the server who it is and the server sending back something
    that only the userid listed could decrypt. You can learn more about kerberos
    authentication all over the web, it is pretty heavily documented. If it is NTLM
    then it is a fairly similar challenge response mechanism where a nonce is
    encoded and the client has to do something with it. This is also pretty well
    documented on the web as well as the shortcomings in ntlm.

    joe


    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    www.joeware.net


    Patrick wrote:
    > Mike,
    > When a user logs on to a WS in a W2K Environment with AD. Is his
    > password Encypted going across the wire by default using MD5? Is this
    > a standard of W2K?
    > thanks
    >
    > On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
    > <miha-news@atlantis.si> wrote:
    >
    >
    >>Hi Patrick,
    >>
    >>password are stored in SAM database and in system registry. They are
    >>encrypted with one way MD4 or MD5 hasing function (depends on operation and
    >>environement...).
    >>
    >>SAM database is located here
    >>
    >>%systemroot%\system32\config
    >>
    >>In the end it is up to the users to have strong - hard to guess password. No
    >>encryption will help if users use empty or easy to guess passwords....
    >>
    >>
    >>
    >>I hope this helps,
    >>
    >>
    >>Mike
    >>
    >>
    >>
    >>"Patrick" <nobody@nobody.com> wrote in message
    >>news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
    >>
    >>>Where are passwords held on 2000 servers and are they encrypted?
    >>
    >
  8. Archived from groups: microsoft.public.win2000.security (More info?)

    User's information in active directory environment is stored in ntdis.dit
    file. There is nothing (that I would know of) in the registry.

    Only when client logs on his credentials are stored locally in registry
    (look at my previous response)

    Mike

    "Patrick" <nobody@nobody.com> wrote in message
    news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
    > I'm looking at W2k for inactive domain accounts thanks
    >
    > On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
    > <miha-news@atlantis.si> wrote:
    >
    > >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
    > >
    > >But you won't be able to see these keys (beyond SECURITY) by default. You
    > >have to take permissions first. Only SYSTEM is allowed to access to this
    > >part of the registry!
    > >
    > >Question about accounts and 90 days. Do you have domain accounts in mind?
    If
    > >yes, what domain do you have? Windows 2000 or 2003? ...
    > >
    > >Mike
    > >
    > >"Patrick" <nobody@nobody.com> wrote in message
    > >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
    > >> Mike ,
    > >> thanks for the quick response. If I look in the registry for password,
    > >> it should be unreadable? what key are they in?
    > >>
    > >> also would you know how to check for inactive user accounts older then
    > >> a certain age in a system , say 90 days.
    > >>
    > >> thanks
    > >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
    > >> <miha-news@atlantis.si> wrote:
    > >>
    > >> >Hi Patrick,
    > >> >
    > >> >password are stored in SAM database and in system registry. They are
    > >> >encrypted with one way MD4 or MD5 hasing function (depends on
    operation
    > >and
    > >> >environement...).
    > >> >
    > >> >SAM database is located here
    > >> >
    > >> >%systemroot%\system32\config
    > >> >
    > >> >In the end it is up to the users to have strong - hard to guess
    password.
    > >No
    > >> >encryption will help if users use empty or easy to guess passwords....
    > >> >
    > >> >
    > >> >
    > >> >I hope this helps,
    > >> >
    > >> >
    > >> >Mike
    > >> >
    > >> >
    > >> >
    > >> >"Patrick" <nobody@nobody.com> wrote in message
    > >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
    > >> >> Where are passwords held on 2000 servers and are they encrypted?
    > >> >
    > >>
    > >
    >
  9. Archived from groups: microsoft.public.win2000.security (More info?)

    thanks for the response Joe,
    On Fri, 16 Jul 2004 10:51:52 -0400, "Joe Richards [MVP]"
    <humorexpress@hotmail.com> wrote:

    >The password doesn't go across the wire during a logon. If the logon uses
    >kerberos which would be the default it uses kerberos methods which basically has
    >the client telling the server who it is and the server sending back something
    >that only the userid listed could decrypt. You can learn more about kerberos
    >authentication all over the web, it is pretty heavily documented. If it is NTLM
    >then it is a fairly similar challenge response mechanism where a nonce is
    >encoded and the client has to do something with it. This is also pretty well
    >documented on the web as well as the shortcomings in ntlm.
    >
    > joe
  10. Archived from groups: microsoft.public.win2000.security (More info?)

    Steven,
    Is there a way to ck in W2K with native tools, say ADCU?
    On Fri, 16 Jul 2004 14:12:32 GMT, "Steven L Umbach"
    <n9rou@n0-spam-for-me-comcast.net> wrote:

    >A couple thinks that may help.
    >
    >Download the free dumpsec tool from SomarSoft and run it using the reports/dump users
    >as a column and select the last logon time option in the right column. Do this on a
    >domain controller and it will show all users last logon time.
    >
    >http://www.somarsoft.com/
    >
    >To specifically search for users with specific stale account time limits you can use
    >the AD command line tools from Windows 2003. For instance you can use dsquery user
    >with the -inactive switch to find those users with inactive accounts based on number
    >of weeks. You can use the AD tools to manage a W2K domain from an XP SP1 domain
    >member computer with adminpak from Windows 2003 installed on it. --- Steve
    >
    >http://www.jsiinc.com/SUBO/tip7300/rh7330.htm
    >http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/dsquery_user.asp
    >
    >"Patrick" <nobody@nobody.com> wrote in message
    >news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
    >> I'm looking at W2k for inactive domain accounts thanks
    >>
    >> On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
    >> <miha-news@atlantis.si> wrote:
    >>
    >> >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
    >> >
    >> >But you won't be able to see these keys (beyond SECURITY) by default. You
    >> >have to take permissions first. Only SYSTEM is allowed to access to this
    >> >part of the registry!
    >> >
    >> >Question about accounts and 90 days. Do you have domain accounts in mind? If
    >> >yes, what domain do you have? Windows 2000 or 2003? ...
    >> >
    >> >Mike
    >> >
    >> >"Patrick" <nobody@nobody.com> wrote in message
    >> >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
    >> >> Mike ,
    >> >> thanks for the quick response. If I look in the registry for password,
    >> >> it should be unreadable? what key are they in?
    >> >>
    >> >> also would you know how to check for inactive user accounts older then
    >> >> a certain age in a system , say 90 days.
    >> >>
    >> >> thanks
    >> >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
    >> >> <miha-news@atlantis.si> wrote:
    >> >>
    >> >> >Hi Patrick,
    >> >> >
    >> >> >password are stored in SAM database and in system registry. They are
    >> >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
    >> >and
    >> >> >environement...).
    >> >> >
    >> >> >SAM database is located here
    >> >> >
    >> >> >%systemroot%\system32\config
    >> >> >
    >> >> >In the end it is up to the users to have strong - hard to guess password.
    >> >No
    >> >> >encryption will help if users use empty or easy to guess passwords....
    >> >> >
    >> >> >
    >> >> >
    >> >> >I hope this helps,
    >> >> >
    >> >> >
    >> >> >Mike
    >> >> >
    >> >> >
    >> >> >
    >> >> >"Patrick" <nobody@nobody.com> wrote in message
    >> >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
    >> >> >> Where are passwords held on 2000 servers and are they encrypted?
    >> >> >
    >> >>
    >> >
    >>
    >
  11. Archived from groups: microsoft.public.win2000.security (More info?)

    Not that I know of offhand. There are probably scripting options that you can use.
    See the link for the TechNet scripting center that has many scripts available.
    Usrstat from the Resource Kit will display all users and their last logon time if
    that would help. --- Steve

    http://www.microsoft.com/technet/scriptcenter/default.mspx
    http://www.petri.co.il/download_free_reskit_tools.htm -- get usrstat here

    "Patrick" <nobody@nobody.com> wrote in message
    news:52onf0997dqifcq1f1dg6h5foe67k0jmiq@4ax.com...
    > Steven,
    > Is there a way to ck in W2K with native tools, say ADCU?
    > On Fri, 16 Jul 2004 14:12:32 GMT, "Steven L Umbach"
    > <n9rou@n0-spam-for-me-comcast.net> wrote:
    >
    > >A couple thinks that may help.
    > >
    > >Download the free dumpsec tool from SomarSoft and run it using the reports/dump
    users
    > >as a column and select the last logon time option in the right column. Do this on
    a
    > >domain controller and it will show all users last logon time.
    > >
    > >http://www.somarsoft.com/
    > >
    > >To specifically search for users with specific stale account time limits you can
    use
    > >the AD command line tools from Windows 2003. For instance you can use dsquery user
    > >with the -inactive switch to find those users with inactive accounts based on
    number
    > >of weeks. You can use the AD tools to manage a W2K domain from an XP SP1 domain
    > >member computer with adminpak from Windows 2003 installed on it. --- Steve
    > >
    > >http://www.jsiinc.com/SUBO/tip7300/rh7330.htm
    >
    >http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windows
    xp/home/using/productdoc/en/dsquery_user.asp
    > >
    > >"Patrick" <nobody@nobody.com> wrote in message
    > >news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
    > >> I'm looking at W2k for inactive domain accounts thanks
    > >>
    > >> On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
    > >> <miha-news@atlantis.si> wrote:
    > >>
    > >> >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
    > >> >
    > >> >But you won't be able to see these keys (beyond SECURITY) by default. You
    > >> >have to take permissions first. Only SYSTEM is allowed to access to this
    > >> >part of the registry!
    > >> >
    > >> >Question about accounts and 90 days. Do you have domain accounts in mind? If
    > >> >yes, what domain do you have? Windows 2000 or 2003? ...
    > >> >
    > >> >Mike
    > >> >
    > >> >"Patrick" <nobody@nobody.com> wrote in message
    > >> >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
    > >> >> Mike ,
    > >> >> thanks for the quick response. If I look in the registry for password,
    > >> >> it should be unreadable? what key are they in?
    > >> >>
    > >> >> also would you know how to check for inactive user accounts older then
    > >> >> a certain age in a system , say 90 days.
    > >> >>
    > >> >> thanks
    > >> >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
    > >> >> <miha-news@atlantis.si> wrote:
    > >> >>
    > >> >> >Hi Patrick,
    > >> >> >
    > >> >> >password are stored in SAM database and in system registry. They are
    > >> >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
    > >> >and
    > >> >> >environement...).
    > >> >> >
    > >> >> >SAM database is located here
    > >> >> >
    > >> >> >%systemroot%\system32\config
    > >> >> >
    > >> >> >In the end it is up to the users to have strong - hard to guess password.
    > >> >No
    > >> >> >encryption will help if users use empty or easy to guess passwords....
    > >> >> >
    > >> >> >
    > >> >> >
    > >> >> >I hope this helps,
    > >> >> >
    > >> >> >
    > >> >> >Mike
    > >> >> >
    > >> >> >
    > >> >> >
    > >> >> >"Patrick" <nobody@nobody.com> wrote in message
    > >> >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
    > >> >> >> Where are passwords held on 2000 servers and are they encrypted?
    > >> >> >
    > >> >>
    > >> >
    > >>
    > >
    >
  12. Archived from groups: microsoft.public.win2000.security (More info?)

    check out a tool called hyena. It does what you want graphically. They have a free export tool that exports user data also. I can't remember if it will give you stale passwords, but hyena does.

    Kevin


    "Patrick" wrote:

    > Steven,
    > Is there a way to ck in W2K with native tools, say ADCU?
    > On Fri, 16 Jul 2004 14:12:32 GMT, "Steven L Umbach"
    > <n9rou@n0-spam-for-me-comcast.net> wrote:
    >
    > >A couple thinks that may help.
    > >
    > >Download the free dumpsec tool from SomarSoft and run it using the reports/dump users
    > >as a column and select the last logon time option in the right column. Do this on a
    > >domain controller and it will show all users last logon time.
    > >
    > >http://www.somarsoft.com/
    > >
    > >To specifically search for users with specific stale account time limits you can use
    > >the AD command line tools from Windows 2003. For instance you can use dsquery user
    > >with the -inactive switch to find those users with inactive accounts based on number
    > >of weeks. You can use the AD tools to manage a W2K domain from an XP SP1 domain
    > >member computer with adminpak from Windows 2003 installed on it. --- Steve
    > >
    > >http://www.jsiinc.com/SUBO/tip7300/rh7330.htm
    > >http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/dsquery_user.asp
    > >
    > >"Patrick" <nobody@nobody.com> wrote in message
    > >news:vbkff015t95o0h06i0dehhbrck09dird2i@4ax.com...
    > >> I'm looking at W2k for inactive domain accounts thanks
    > >>
    > >> On Thu, 15 Jul 2004 22:14:00 +0200, "Miha Pihler"
    > >> <miha-news@atlantis.si> wrote:
    > >>
    > >> >HKEY_LOCAL_MACINE\SECURITY\SAM\Domains\Account\Users\
    > >> >
    > >> >But you won't be able to see these keys (beyond SECURITY) by default. You
    > >> >have to take permissions first. Only SYSTEM is allowed to access to this
    > >> >part of the registry!
    > >> >
    > >> >Question about accounts and 90 days. Do you have domain accounts in mind? If
    > >> >yes, what domain do you have? Windows 2000 or 2003? ...
    > >> >
    > >> >Mike
    > >> >
    > >> >"Patrick" <nobody@nobody.com> wrote in message
    > >> >news:8iodf016937pd533vvuh7o7n1pccj14qan@4ax.com...
    > >> >> Mike ,
    > >> >> thanks for the quick response. If I look in the registry for password,
    > >> >> it should be unreadable? what key are they in?
    > >> >>
    > >> >> also would you know how to check for inactive user accounts older then
    > >> >> a certain age in a system , say 90 days.
    > >> >>
    > >> >> thanks
    > >> >> On Thu, 15 Jul 2004 20:54:35 +0200, "Miha Pihler"
    > >> >> <miha-news@atlantis.si> wrote:
    > >> >>
    > >> >> >Hi Patrick,
    > >> >> >
    > >> >> >password are stored in SAM database and in system registry. They are
    > >> >> >encrypted with one way MD4 or MD5 hasing function (depends on operation
    > >> >and
    > >> >> >environement...).
    > >> >> >
    > >> >> >SAM database is located here
    > >> >> >
    > >> >> >%systemroot%\system32\config
    > >> >> >
    > >> >> >In the end it is up to the users to have strong - hard to guess password.
    > >> >No
    > >> >> >encryption will help if users use empty or easy to guess passwords....
    > >> >> >
    > >> >> >
    > >> >> >
    > >> >> >I hope this helps,
    > >> >> >
    > >> >> >
    > >> >> >Mike
    > >> >> >
    > >> >> >
    > >> >> >
    > >> >> >"Patrick" <nobody@nobody.com> wrote in message
    > >> >> >news:3gjdf0h9f57l42ai6aao61nq05nlh33k0s@4ax.com...
    > >> >> >> Where are passwords held on 2000 servers and are they encrypted?
    > >> >> >
    > >> >>
    > >> >
    > >>
    > >
    >
    >
Ask a new question

Read More

Encryption Security Microsoft Servers Windows