?
Solved

Obtaining User passwords

Posted on 2006-10-19
14
Medium Priority
?
278 Views
Last Modified: 2013-12-04
Is there a tool or a piece of software out there that I can have in my AD domain that will log username and passwords?

0
Comment
Question by:jimmy1264
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3
14 Comments
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 500 total points
ID: 17771795
Hi jimmy1264,

This is verging on a hacking question - infact, I think it is.

So, the answer is, no, there is no way to log users passwords from active directory.

When I need a users password, I ask for it, or manually reset it.  If you are not in a position to do the same, then you are not in a position to ask how to bypass your environment

-red
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17771937
Agree with RedSea.....

There are plenty of tools available on the internet to sniff out passwords, but I don't want to provide any links to them.

Many good AV tools will also detect and remove these programs automatically.

Why do you need to log username and passwords ?

Cheers
Si
0
 

Author Comment

by:jimmy1264
ID: 17774407
We recently let a member of the IT department go. Since before that we kept track of all user passwords on a document, we no longer have them. We need to keep track of them so we can work on their systems when they are away from their desks or on weekends. Trying to avoid door knocking everyone to update the list again.

thanks for the input,

Jim
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Expert Comment

by:Chatable
ID: 17777100
First question - why not just use your domain admin privileges to access their computers?
If you really need this, you might try to check out pwdump2 - which will work on the AD only if you are already a domain admin...
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778015
I never understood why people would want to record user passwords.

First, it should be regularly changed (making tracking a pain).  Second, it can always be reset if you need to log on as the user (or if they forget it).  Third it is a really poor security practice to have passwords written down, the more passwords in the one place, the worse that is.

-red
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17786220
You do not need the password records, as pointed out above, what's the point? you can reset a password to a known value anytime you wish, you can also run an audit on passwords, JohnTheRipper and PwDump are a good combination, as is RainbowCrack or OphCrack. There are no tools to "instantly" show you the pass's except a keylogger, and if you need the pass in a few minutes or an hour, use a rainbow table, that is if the pass is under 14 chars. If it's longer, then brute-force will be the next step. Writing down the pass's in one location is an added and unnecessary security risk.
-rich
0
 
LVL 7

Expert Comment

by:Chatable
ID: 17786845
This kind of issues always make me wonder why Windows will not allow you to su into any user from Administrator...
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17787974
Runas is more like SU than Sudo, and it's a good start for M$, but it's pretty late in the game, even when win2k first introduced it. Others have written windows shells that use runas and it's API to be "more unix" like in your daily tasks, this is a great site to look at for tools that help you to implement the Principal of least privilege:
http://nonadmin.editme.com/ and a link from that site is "sudo for windows" http://sourceforge.net/project/showfiles.php?group_id=143653&package_id=157780&release_id=427299
-rich
0
 
LVL 7

Expert Comment

by:Chatable
ID: 17792952
richrumble - runas will not allow you to execute programs as a certain user without his/her password even if you are system / administrator.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17795038
True, I wasn't thinking :) Indeed, runas is more like su than it is sudo.
-rich
0
 

Author Comment

by:jimmy1264
ID: 17796315
Look at you guys go back and forth...

 - Yes I can use my Domain Admin privileges to log into the computer
 - Yes I can reset the password if I have to work on the computer - Then I would still have to obtain the information verbally from the user to reset the password back because Attorneys don't like change.

When diagnosing a desktop issue , profile corruption, Word, DM5 anomalies, Outlook email folder problems  - YOU HAVE to log in as the user otherwise what's the point.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 500 total points
ID: 17797614
If the users are logged in, why not try an application like VNC, they remain logged in, and you take over the mouse/keyboard ? Then you don't need to know their pass, and they don't need to tell you, it's still a secret. There are many flavors of VNC, some encrypted some not, still the principal is the same, you take over their session without logging them off or the need to login as them. If they are not logged in, verbally get the password from them, or indicate to them that you will reset the pass, and afterward they will have to change it when they login, and you place a check-box next to the "change password upon next login" depending on your password policies, they might even be able to use the old pass.
-rich
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101085
Forced accept.

Computer101
EE Admin
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
OfficeMate Freezes on login or does not load after login credentials are input.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses
Course of the Month10 days, 4 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question