Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows 2003 server user password

Posted on 2009-12-31
5
Medium Priority
?
309 Views
Last Modified: 2012-05-08
I have the administrator password for a Windows 2003 domain.      Is there any way the admin account can see users' passwords.   I know I can change the password.     But I don't want to reset it if I don't have to.  
0
Comment
Question by:Gary Fuqua, CISSP
  • 3
  • 2
5 Comments
 
LVL 86

Accepted Solution

by:
oBdA earned 2000 total points
ID: 26156095
No. Only the password hashes are stored, not the actual password. You can't reconstruct the password from the hash.
0
 
LVL 86

Expert Comment

by:oBdA
ID: 26156118
Btw.: not only is there never a need to logon with the user's account and without the user being present/informed about this, but it's in your own best interest to never know any user password.
Or do you want to find yourself in a situation where a user can say "No, I didn't write this insulting email; this must have been the administrator logging on with my account, he knows my password."
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 26156165
This was a management request for all user names and passwords.     I explained that I could reset any account, but that wasn't good enough.    Now I have a third party saying it can't be done.   Thanks for your help.
0
 
LVL 86

Expert Comment

by:oBdA
ID: 26156227
Especially management shouldn't be considering this even remotely, and not from a technical standpoint. When user passwords are compromised this way (and a password that is known to anyone else other than the user himself is compromised) invalidates every kind of auditing and accountability. It means giving the user a free pass ("I didn't do it", http://en.wikipedia.org/wiki/Bart_Gets_Famous) on everything happening in the network under his name, unless he's actually caught in the act.
0
 
LVL 3

Author Comment

by:Gary Fuqua, CISSP
ID: 26156315
If the OWNER of the company asks for it,  the right answer is "OK here they are."    I will pass along your concerns, but my guess it the list is going into his office safe.  
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Loops Section Overview
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question