[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

NT servers SAM file

im just checking our password system for holes.
ive noticed that there are still peoples passowords in our sam file, even though there accounts have been deleted, and they have left.

How can i remove them from the SAM file
as surely its highly important that the SAm file is up to date and compact.

thanks

Si...
0
SIMONBRATT
Asked:
SIMONBRATT
1 Solution
 
ahoffmannCommented:
do they disappear if you remove the account from User Manager for Domains?
0
 
SIMONBRATTAuthor Commented:
as i say there accounts have been removed, so yes from the UMD.

Si...
0
 
auto65888Commented:
so... if you have removed the users using user manager for domains how are you seeing that there are still passwords for these users?

are you using some pasword cracker like l0phtcrack or something? are you pulling passwords from the sam._ in the c:\winnt\repair directory? if your using the sam._ file you might not have a current copy. run c:\rdisk /s to update the sam._ file with current data.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
SIMONBRATTAuthor Commented:
i am using lopht to test our system, and i am using the latest sam by doing exactly as you describe, rdisk /s

So its all a bit weird man.

Any other ideas

si...
0
 
andydisCommented:
NT or 2000 the SAM file will keep the old user names and passwords BECUASE if you havent noticed you are not allowed to recreate the same user logins once they have been deleted.....
so the sam file remembers them so you cannot set them up again!

if you want to get rid of them you may be able to copy the sam file from your BDc (backup domain controller)...
or you still maybe able to hex edit them out.....

There is a add on for 2k and NT that puts hashes in your sam file to make them harder to crack if thats what your worried about  , however if your worried about space i would concentrate on other subjects such as temp files etc etc etc......

Please bear in mind that if you are worried about security sam._ whether in the repair directory or c:\winnt\system32 if very hard to get hold of and is always in use (locked) by NT... i mean you are gonna notice sum1 has taken a copy one way or another...

thats enough blah blah blah for 50 points
0
 
SIMONBRATTAuthor Commented:
I'll be the one to let you know when theres been enough Blah Blah for 50 points.
Its quality not quantity that counts.
But as its happens that'll do nicely..

cheers
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now