Why did this sysadmin use Reversible Encryption?

I've just taken over support on a small Windows server from a prior sysadmin who the Director no longer trusted.  I've looked at the network setup, and notice that the Director's User account is the ONLY account on the network set with "Reversible Encryption".   She does nothing beyond ordinary Office applications, and sometimes uses Remote Web Workspace to connect from home.

Why might he have set this, and what might he have been up to?  If he was snooping, he would have wanted to do it from home, but I'm not sure what benefit there would have been to this setting, when he could already remote in with Admin rights.  The only thing he might have wanted to do which isn't as easy just logging in as admin was to follow her email... so perhaps he wanted to log on as her to snoop that way?  if so, could this have helped?

He was definitely antagonistic towards her - I knew him!


LVL 4
jennynoverAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave HoweSoftware and Hardware EngineerCommented:
The main use of reversible encryption is to decrypt the password of a user who frequently forgets it - however, it is more likely that in this case the former admin was interested in the password not to log into that system (which could be done easily) but for either or both of

1) access to EFS encrypted files that lack a recovery agent

2) access to other systems (like webmail) as most users use the same password for all their systems.

given he could just have set a recovery agent though, its much more likely to be the latter.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jennynoverAuthor Commented:
Thanks. ... and how do you decrypt the password?
0
jennynoverAuthor Commented:
... and is there anything else I should be looking out for to lock down the server (extra points!).  I've closed all ports at the router, except those needed for RWW...   Or any other security holes he might have left I should look out for on the server (I notice that he downloaded TSWeb and saw logon type 8 records from before he left - which may be related).
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Dave HoweSoftware and Hardware EngineerCommented:
I think the "cain" tool from cain and able can do it - admittedly though, I have never tried.
0
jennynoverAuthor Commented:
Thanks Cocobill also for the links, not specific to the Q; but useful information.  Will go through.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.