Re: User's password
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Sat, 25 Jun 2005 18:26:36 -0400
If I were your customer I would be very concerned that you knew my old password to be able to send it to me if there was anything important I stored in your system.
I understand the idea, but it shouldn't be that you give them the old password if they forgot, they should be able to set a new one.
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net
Manny Borges wrote:
I agree with you 95% of the time.
There are times when seeing the password is useful.
We have several systemst hat are only web accessible. We use AD as the user repository, and use a custom page for users to register and change thier passwords. We log all password changes to a database and the foward to several internal systems to create additional user identities. We are working on an SSO solution using Netegrity.
Evreything is locked down via SSL, SSH, and several OTP encryption systems as well as several firewalls.
Since our customers spend quite a bit of money for our products we give them individual attention, including informing them of lost/forgotten passwords after they validate who they are.
"Mike Brannigan [MSFT]" wrote:
"JIM.H." <JIMH@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:9251DE1D-65EE-4574-B4B2-80A577216121@xxxxxxxxxxxxxxxx
Hello, Is there any way as an administrator I could see the users password in active directory or anywhere else? Thanks,
No, of course not.
What would be the point of security if you can just view a users password.
Why do you need to do this ? The only possible reason for doing this is for some kind of checking process where you check to see if a users password meets a specified security requirement/standard you have issued. If this is the case then you need to purchase one of third party password database cracking tools - this will not guarantee success.
There are no other cases where you need to see a users password.
--
Regards,
Mike -- Mike Brannigan [Microsoft]
This posting is provided "AS IS" with no warranties, and confers no rights
Please note I cannot respond to e-mailed questions, please use these newsgroups
"JIM.H." <JIMH@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:9251DE1D-65EE-4574-B4B2-80A577216121@xxxxxxxxxxxxxxxx
Hello, Is there any way as an administrator I could see the users password in active directory or anywhere else? Thanks, Jim.
.
- Follow-Ups:
- Re: User's password
- From: Manny Borges
- Re: User's password
- References:
- Q: User's password
- From: JIM.H.
- Re: User's password
- From: Mike Brannigan [MSFT]
- Re: User's password
- From: Manny Borges
- Q: User's password
- Prev by Date: Re: Adding User
- Next by Date: Re: ADAM MaxPageSize
- Previous by thread: Re: User's password
- Next by thread: Re: User's password
- Index(es):
