Re: User's password

From: Manny Borges <MannyBorges@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 23 Jun 2005 13:23:14 -0700

I agree with you 95% of the time.

There are times when seeing the password is useful.
We have several systemst hat are only web accessible. We use AD as the user
repository, and use a custom page for users to register and change thier
passwords. We log all password changes to a database and the foward to
several internal systems to create additional user identities. We are working
on an SSO solution using Netegrity.

Evreything is locked down via SSL, SSH, and several OTP encryption systems
as well as several firewalls.

Since our customers spend quite a bit of money for our products we give them
individual attention, including informing them of lost/forgotten passwords
after they validate who they are.

"Mike Brannigan [MSFT]" wrote:

> "JIM.H." <JIMH@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:9251DE1D-65EE-4574-B4B2-80A577216121@xxxxxxxxxxxxxxxx
> > Hello,
> > Is there any way as an administrator I could see the users password in
> > active directory or anywhere else?
> > Thanks,
>
> No, of course not.
> What would be the point of security if you can just view a users password.
> Why do you need to do this ? The only possible reason for doing this is for
> some kind of checking process where you check to see if a users password
> meets a specified security requirement/standard you have issued. If this is
> the case then you need to purchase one of third party password database
> cracking tools - this will not guarantee success.
>
> There are no other cases where you need to see a users password.
>
> --
>
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "JIM.H." <JIMH@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:9251DE1D-65EE-4574-B4B2-80A577216121@xxxxxxxxxxxxxxxx
> > Hello,
> > Is there any way as an administrator I could see the users password in
> > active directory or anywhere else?
> > Thanks,
> > Jim.
> >
> >
>
>
>
.

Follow-Ups:
- Re: User's password
  - From: Joe Richards [MVP]

References:
- Q: User's password
  - From: JIM.H.
- Re: User's password
  - From: Mike Brannigan [MSFT]

Prev by Date: Re: How to remove attributes
Next by Date: userAccountControl Values
Previous by thread: Re: User's password
Next by thread: Re: User's password
Index(es):
- Date
- Thread