Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exactly where is a user's password stored if using "reversible encryption" option SBS 2003?

Posted on 2006-06-21
11
Medium Priority
?
303 Views
Last Modified: 2010-04-19
Just need to know where the information is actually kept. I've read up on why it can be a bad idea to do so but I am trying to figure out a simple solution that will give me access to a users password in case I should need it. Although it isn't necessary to do so often, there are and have been times I've had to log on to a users account to double check how a setting or a program might function while logged on as that user. Most of the major stuff I can do as Administrator but as I'm sure everyone might know there are those rare cases where some programs act up once you try to operate under limited user accounts. I suppose that I could ask everyone to provide them to me but I am refusing to do so because the minimum password complexity and the fact that I would have to remember to update the list every 90 days only would add to my tasks. I'd rather be able to access the information only if and when it is needed but again I don't want to keep a master list that would have to be updated. I know that I can force users to change the password when necessary but again that would not be a real solution or the one I'm seeking.
0
Comment
Question by:JeTopete
  • 5
  • 5
11 Comments
 
LVL 12

Assisted Solution

by:fruhj
fruhj earned 248 total points
ID: 16955736
Hi JeTopete,
   There are some utilities that you can use to crack passwords on your server. Beware however, as many of these are hacker/cracker tools, and I would not feel comfortable using them.

   Also at issue is - should you have this level of access?  I know you think you do or you would not have asked, but this is akin to the government having security cameras in your home - the possiblity is just too great for abuse.

  I personally make it a point to ask users to enter thier own passwords, then turn my head so as not to see them. The people I support need to know they can trust me, and to that end I go out of my way to make sure to respect thier privacy.

  Anyhow, i don't really know your situation, so don't let my preaching stop you - have a google search for 'password cracking tools' or similar.  I'd be very doubtful that anyone would post the name of one here as it's borderline prohibited on this site to discuss.

  good luck

   
 

Thanks!
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 252 total points
ID: 16955763
You should NEVER want to know anyone's password, and it's bad practice to do so.  It only weakens their concern over keeping their passwords a secret.

A user's password is all that exists between your network and the outside world... anyone that wants to cause real havoc on your network would only need the user's password to do so... (and their username, but that's usually in their email address).  Additionally a disgruntled worker could easily claim that YOU were the one that wrote that nasty email to the boss, and who would ever know the difference?

The way to resolve your problem is to create a limited account that you use to test with. That would provide you with the solution you are seeking... except in the rare event that you need to change a configuration for a user that can't seem to do so for themselves... then you should change their password and set it to prompt them to change again upon first login.

All other methods would eventually be a bad idea in the long run, and I certainly couldn't recommend anything else.

Jeff
TechSoEasy
0
 

Author Comment

by:JeTopete
ID: 16955869
I agree with the trust thing which is why I'd rather not resort to using a tool like the one's you mentioned. I appreciate the honesty and the point of view. I've never quite thought about it in terms of breaching any one's trust and have only assumed that everyone (as I have) accepted that this is just part today's workplace. For the most part I do as you stated; allow a user to type in their own passwords. However, and this was the case earlier today, there are times when I will have to access a user's machine and have a need to log on to their account to set up a service. Thanks just the same.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:JeTopete
ID: 16955901
Okay. I guess the limited account is a good idea and I have to admit even as obvious as it sounds it never dawned on me. Thanks for the tips and the warning.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16967823
One thing that I might add... is that by you setting the example of how sacred passwords are, it will keep employees from sharing them with eachother... which is a horid problem.

Also, try to deploy services for users by Group Policy... then no need to log on by their username.

Good Luck!

Jeff
TechSoEasy
0
 

Author Comment

by:JeTopete
ID: 16969549
How do you pull a question?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16971344
what do you define as "pull"?
0
 

Author Comment

by:JeTopete
ID: 16971387
Sorry, old term meaning to remove, take off shelf that sort of stuff. I can't award any points and I just don't want to abandon it.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16971580
Uh... "delete" would be the term used here.  :-)  

Just post a request to the Community Support TA.  

I would be curious though what you decided to do.

Jeff
TechSoEasy
0
 

Author Comment

by:JeTopete
ID: 16972539
Yeah delete would be good. I will do that then, post a request to Support TA to have the question deleted.
I don't think I'll do anything really. I mean, for starters I will just use a temp account when I have to do something on a machine that isn't user specific. If it is, I will just do it while the user is there if it isn't time prohibitive. I attended a seminar yesterday on Wireless Security and I know that there are programs out there that I could use to crack the SAM file but I don't think that it is worth the trouble. We're a small company here and most users are perhaps a bit naive about a lot of security issues. I've seen the passwords on sticky notes and heard the complaints because we have to change the password every 90 days. I am sure you can imagine the trouble I go through to implement even the most basic of security precautions or procedures.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16973524
Take a look at http://sbsurl.com/security which talks about "good-enough" security for small business.

I've had problems with smaller companies and changing passwords every 90 days, so I've made it every 4 to 5 months to start them off... and then eventually move it up a bit after they get used to it.

I must tell you though, that just because there was really "no" answer for your question, you should still leave it here and accept an answer or answers.  There really is no valid reason to delete this Q.

Jeff
TechSoEasy
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question