Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Obtaining User passwords

Posted on 2006-10-19
14
Medium Priority
?
279 Views
Last Modified: 2013-12-04
Is there a tool or a piece of software out there that I can have in my AD domain that will log username and passwords?

0
Comment
Question by:jimmy1264
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3
14 Comments
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 500 total points
ID: 17771795
Hi jimmy1264,

This is verging on a hacking question - infact, I think it is.

So, the answer is, no, there is no way to log users passwords from active directory.

When I need a users password, I ask for it, or manually reset it.  If you are not in a position to do the same, then you are not in a position to ask how to bypass your environment

-red
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17771937
Agree with RedSea.....

There are plenty of tools available on the internet to sniff out passwords, but I don't want to provide any links to them.

Many good AV tools will also detect and remove these programs automatically.

Why do you need to log username and passwords ?

Cheers
Si
0
 

Author Comment

by:jimmy1264
ID: 17774407
We recently let a member of the IT department go. Since before that we kept track of all user passwords on a document, we no longer have them. We need to keep track of them so we can work on their systems when they are away from their desks or on weekends. Trying to avoid door knocking everyone to update the list again.

thanks for the input,

Jim
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 7

Expert Comment

by:Chatable
ID: 17777100
First question - why not just use your domain admin privileges to access their computers?
If you really need this, you might try to check out pwdump2 - which will work on the AD only if you are already a domain admin...
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778015
I never understood why people would want to record user passwords.

First, it should be regularly changed (making tracking a pain).  Second, it can always be reset if you need to log on as the user (or if they forget it).  Third it is a really poor security practice to have passwords written down, the more passwords in the one place, the worse that is.

-red
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17786220
You do not need the password records, as pointed out above, what's the point? you can reset a password to a known value anytime you wish, you can also run an audit on passwords, JohnTheRipper and PwDump are a good combination, as is RainbowCrack or OphCrack. There are no tools to "instantly" show you the pass's except a keylogger, and if you need the pass in a few minutes or an hour, use a rainbow table, that is if the pass is under 14 chars. If it's longer, then brute-force will be the next step. Writing down the pass's in one location is an added and unnecessary security risk.
-rich
0
 
LVL 7

Expert Comment

by:Chatable
ID: 17786845
This kind of issues always make me wonder why Windows will not allow you to su into any user from Administrator...
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17787974
Runas is more like SU than Sudo, and it's a good start for M$, but it's pretty late in the game, even when win2k first introduced it. Others have written windows shells that use runas and it's API to be "more unix" like in your daily tasks, this is a great site to look at for tools that help you to implement the Principal of least privilege:
http://nonadmin.editme.com/ and a link from that site is "sudo for windows" http://sourceforge.net/project/showfiles.php?group_id=143653&package_id=157780&release_id=427299
-rich
0
 
LVL 7

Expert Comment

by:Chatable
ID: 17792952
richrumble - runas will not allow you to execute programs as a certain user without his/her password even if you are system / administrator.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17795038
True, I wasn't thinking :) Indeed, runas is more like su than it is sudo.
-rich
0
 

Author Comment

by:jimmy1264
ID: 17796315
Look at you guys go back and forth...

 - Yes I can use my Domain Admin privileges to log into the computer
 - Yes I can reset the password if I have to work on the computer - Then I would still have to obtain the information verbally from the user to reset the password back because Attorneys don't like change.

When diagnosing a desktop issue , profile corruption, Word, DM5 anomalies, Outlook email folder problems  - YOU HAVE to log in as the user otherwise what's the point.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 500 total points
ID: 17797614
If the users are logged in, why not try an application like VNC, they remain logged in, and you take over the mouse/keyboard ? Then you don't need to know their pass, and they don't need to tell you, it's still a secret. There are many flavors of VNC, some encrypted some not, still the principal is the same, you take over their session without logging them off or the need to login as them. If they are not logged in, verbally get the password from them, or indicate to them that you will reset the pass, and afterward they will have to change it when they login, and you place a check-box next to the "change password upon next login" depending on your password policies, they might even be able to use the old pass.
-rich
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101085
Forced accept.

Computer101
EE Admin
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question