Solved

NT servers SAM file

Posted on 2001-07-16
6
354 Views
Last Modified: 2010-04-11
im just checking our password system for holes.
ive noticed that there are still peoples passowords in our sam file, even though there accounts have been deleted, and they have left.

How can i remove them from the SAM file
as surely its highly important that the SAm file is up to date and compact.

thanks

Si...
0
Comment
Question by:SIMONBRATT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6286175
do they disappear if you remove the account from User Manager for Domains?
0
 

Author Comment

by:SIMONBRATT
ID: 6289043
as i say there accounts have been removed, so yes from the UMD.

Si...
0
 
LVL 1

Expert Comment

by:auto65888
ID: 6294609
so... if you have removed the users using user manager for domains how are you seeing that there are still passwords for these users?

are you using some pasword cracker like l0phtcrack or something? are you pulling passwords from the sam._ in the c:\winnt\repair directory? if your using the sam._ file you might not have a current copy. run c:\rdisk /s to update the sam._ file with current data.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 

Author Comment

by:SIMONBRATT
ID: 6297653
i am using lopht to test our system, and i am using the latest sam by doing exactly as you describe, rdisk /s

So its all a bit weird man.

Any other ideas

si...
0
 
LVL 4

Accepted Solution

by:
andydis earned 50 total points
ID: 6298897
NT or 2000 the SAM file will keep the old user names and passwords BECUASE if you havent noticed you are not allowed to recreate the same user logins once they have been deleted.....
so the sam file remembers them so you cannot set them up again!

if you want to get rid of them you may be able to copy the sam file from your BDc (backup domain controller)...
or you still maybe able to hex edit them out.....

There is a add on for 2k and NT that puts hashes in your sam file to make them harder to crack if thats what your worried about  , however if your worried about space i would concentrate on other subjects such as temp files etc etc etc......

Please bear in mind that if you are worried about security sam._ whether in the repair directory or c:\winnt\system32 if very hard to get hold of and is always in use (locked) by NT... i mean you are gonna notice sum1 has taken a copy one way or another...

thats enough blah blah blah for 50 points
0
 

Author Comment

by:SIMONBRATT
ID: 6301292
I'll be the one to let you know when theres been enough Blah Blah for 50 points.
Its quality not quantity that counts.
But as its happens that'll do nicely..

cheers
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WAN Link comparsion 3 36
Display which user(s) is logged in to Access DB over the network 3 46
Just confused:  Router to Xfinity Tower? 9 71
firewall log 4 37
OnPage: Incident management and secure messaging on your smartphone
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question