Solved

Exactly where is a user's password stored if using "reversible encryption" option SBS 2003?

Posted on 2006-06-21
11
285 Views
Last Modified: 2010-04-19
Just need to know where the information is actually kept. I've read up on why it can be a bad idea to do so but I am trying to figure out a simple solution that will give me access to a users password in case I should need it. Although it isn't necessary to do so often, there are and have been times I've had to log on to a users account to double check how a setting or a program might function while logged on as that user. Most of the major stuff I can do as Administrator but as I'm sure everyone might know there are those rare cases where some programs act up once you try to operate under limited user accounts. I suppose that I could ask everyone to provide them to me but I am refusing to do so because the minimum password complexity and the fact that I would have to remember to update the list every 90 days only would add to my tasks. I'd rather be able to access the information only if and when it is needed but again I don't want to keep a master list that would have to be updated. I know that I can force users to change the password when necessary but again that would not be a real solution or the one I'm seeking.
0
Comment
Question by:JeTopete
  • 5
  • 5
11 Comments
 
LVL 12

Assisted Solution

by:fruhj
fruhj earned 62 total points
Comment Utility
Hi JeTopete,
   There are some utilities that you can use to crack passwords on your server. Beware however, as many of these are hacker/cracker tools, and I would not feel comfortable using them.

   Also at issue is - should you have this level of access?  I know you think you do or you would not have asked, but this is akin to the government having security cameras in your home - the possiblity is just too great for abuse.

  I personally make it a point to ask users to enter thier own passwords, then turn my head so as not to see them. The people I support need to know they can trust me, and to that end I go out of my way to make sure to respect thier privacy.

  Anyhow, i don't really know your situation, so don't let my preaching stop you - have a google search for 'password cracking tools' or similar.  I'd be very doubtful that anyone would post the name of one here as it's borderline prohibited on this site to discuss.

  good luck

   
 

Thanks!
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 63 total points
Comment Utility
You should NEVER want to know anyone's password, and it's bad practice to do so.  It only weakens their concern over keeping their passwords a secret.

A user's password is all that exists between your network and the outside world... anyone that wants to cause real havoc on your network would only need the user's password to do so... (and their username, but that's usually in their email address).  Additionally a disgruntled worker could easily claim that YOU were the one that wrote that nasty email to the boss, and who would ever know the difference?

The way to resolve your problem is to create a limited account that you use to test with. That would provide you with the solution you are seeking... except in the rare event that you need to change a configuration for a user that can't seem to do so for themselves... then you should change their password and set it to prompt them to change again upon first login.

All other methods would eventually be a bad idea in the long run, and I certainly couldn't recommend anything else.

Jeff
TechSoEasy
0
 

Author Comment

by:JeTopete
Comment Utility
I agree with the trust thing which is why I'd rather not resort to using a tool like the one's you mentioned. I appreciate the honesty and the point of view. I've never quite thought about it in terms of breaching any one's trust and have only assumed that everyone (as I have) accepted that this is just part today's workplace. For the most part I do as you stated; allow a user to type in their own passwords. However, and this was the case earlier today, there are times when I will have to access a user's machine and have a need to log on to their account to set up a service. Thanks just the same.
0
 

Author Comment

by:JeTopete
Comment Utility
Okay. I guess the limited account is a good idea and I have to admit even as obvious as it sounds it never dawned on me. Thanks for the tips and the warning.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
One thing that I might add... is that by you setting the example of how sacred passwords are, it will keep employees from sharing them with eachother... which is a horid problem.

Also, try to deploy services for users by Group Policy... then no need to log on by their username.

Good Luck!

Jeff
TechSoEasy
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:JeTopete
Comment Utility
How do you pull a question?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
what do you define as "pull"?
0
 

Author Comment

by:JeTopete
Comment Utility
Sorry, old term meaning to remove, take off shelf that sort of stuff. I can't award any points and I just don't want to abandon it.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Uh... "delete" would be the term used here.  :-)  

Just post a request to the Community Support TA.  

I would be curious though what you decided to do.

Jeff
TechSoEasy
0
 

Author Comment

by:JeTopete
Comment Utility
Yeah delete would be good. I will do that then, post a request to Support TA to have the question deleted.
I don't think I'll do anything really. I mean, for starters I will just use a temp account when I have to do something on a machine that isn't user specific. If it is, I will just do it while the user is there if it isn't time prohibitive. I attended a seminar yesterday on Wireless Security and I know that there are programs out there that I could use to crack the SAM file but I don't think that it is worth the trouble. We're a small company here and most users are perhaps a bit naive about a lot of security issues. I've seen the passwords on sticky notes and heard the complaints because we have to change the password every 90 days. I am sure you can imagine the trouble I go through to implement even the most basic of security precautions or procedures.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Take a look at http://sbsurl.com/security which talks about "good-enough" security for small business.

I've had problems with smaller companies and changing passwords every 90 days, so I've made it every 4 to 5 months to start them off... and then eventually move it up a bit after they get used to it.

I must tell you though, that just because there was really "no" answer for your question, you should still leave it here and accept an answer or answers.  There really is no valid reason to delete this Q.

Jeff
TechSoEasy
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now