Solved

NT servers SAM file

Posted on 2001-07-16
6
353 Views
Last Modified: 2010-04-11
im just checking our password system for holes.
ive noticed that there are still peoples passowords in our sam file, even though there accounts have been deleted, and they have left.

How can i remove them from the SAM file
as surely its highly important that the SAm file is up to date and compact.

thanks

Si...
0
Comment
Question by:SIMONBRATT
6 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6286175
do they disappear if you remove the account from User Manager for Domains?
0
 

Author Comment

by:SIMONBRATT
ID: 6289043
as i say there accounts have been removed, so yes from the UMD.

Si...
0
 
LVL 1

Expert Comment

by:auto65888
ID: 6294609
so... if you have removed the users using user manager for domains how are you seeing that there are still passwords for these users?

are you using some pasword cracker like l0phtcrack or something? are you pulling passwords from the sam._ in the c:\winnt\repair directory? if your using the sam._ file you might not have a current copy. run c:\rdisk /s to update the sam._ file with current data.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:SIMONBRATT
ID: 6297653
i am using lopht to test our system, and i am using the latest sam by doing exactly as you describe, rdisk /s

So its all a bit weird man.

Any other ideas

si...
0
 
LVL 4

Accepted Solution

by:
andydis earned 50 total points
ID: 6298897
NT or 2000 the SAM file will keep the old user names and passwords BECUASE if you havent noticed you are not allowed to recreate the same user logins once they have been deleted.....
so the sam file remembers them so you cannot set them up again!

if you want to get rid of them you may be able to copy the sam file from your BDc (backup domain controller)...
or you still maybe able to hex edit them out.....

There is a add on for 2k and NT that puts hashes in your sam file to make them harder to crack if thats what your worried about  , however if your worried about space i would concentrate on other subjects such as temp files etc etc etc......

Please bear in mind that if you are worried about security sam._ whether in the repair directory or c:\winnt\system32 if very hard to get hold of and is always in use (locked) by NT... i mean you are gonna notice sum1 has taken a copy one way or another...

thats enough blah blah blah for 50 points
0
 

Author Comment

by:SIMONBRATT
ID: 6301292
I'll be the one to let you know when theres been enough Blah Blah for 50 points.
Its quality not quantity that counts.
But as its happens that'll do nicely..

cheers
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question