Re: Password Audit Software by Microsoft

Consider using dsquery to find users that have not changed their password
since the change in policy. Say your policy changed 90 days ago.

dsquery user -stalepwd 90

Then you can mark those accounts "mustchpwd" with dsmod or the gui if you
prefeer. Combined with a paswword re-use policy you could be assured that
the origininal password would no longer be in use by active accounts.

--
/kj
"David Grand" <DavidGrand@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:240E470C-226A-47ED-9EF3-8FDB18DD0901@xxxxxxxxxxxxxxxx
> When we set up our users on our domain, we use the same password for
> everyone. But we don't force a change upon initial login. So it is quite
> possible that someone could be using that same initial password for a long
> time. We have changed our policy and now of course we do require a
> password
> change on iniitial login.
> But we would like to know who may still be using the original, iniital
> password.
> The domain admins and IT management have no desire to impersonate a person
> by hacking their password and then doing some nefarious work. Just trying
> to
> see who is using a particular password.
>
> "Mark Whitby" wrote:
>
>>
>> If there were such a download, it would kind of defeat the object of
>> passwords. They're supposed to be secret - no-one else other than the
>> owner
>> of the account should know the password. In fact, a lot of work has gone
>> on
>> over the years to try and make it harder to extract passwords from the
>> directory.
>>
>> What exactly are you trying to do? I would have thought you want to find
>> out who's using a particular user account on your domain, not a
>> particular
>> password. If you provide some more details around the problem you're
>> trying
>> to solve, someone here may be able to help out. If you're just trying to
>> crack someone's password, you're probably asking this question in the
>> wrong
>> forum ;-)
>> --
>> -----------------------
>> Mark Whitby
>>
>>
>> "DavidGrand" wrote:
>>
>> > Does anyone know of a Microsoft download that allows domain
>> > administrators to
>> > list out all the passwords in a domain? We are trying to find out who
>> > is
>> > using a particular password on our network.


.

Relevant Pages

  • RE: Group Policy: multiple password policies in the same domain?
    ... > it under access to the GPO. ... The conflict only happens when both policies ... results in having the policy denied. ... > user accounts it affects be able to read it and have "apply ...
    (Focus-Microsoft)
  • Re: Password Policy Basics
    ... but assumed the POLICY would be applied to ALL ... so lcoal machines might start enforcing that policy on ... No, the local accounts are not effected by the domain policy, except you link the policy also to the OU like Florian states. ... I was thinking of service accounts on the servers... ...
    (microsoft.public.windows.group_policy)
  • Re: Windows 2000 users accounts get locked out
    ... I have disabled my accounts lockout policy in my ... >account logon events enabled in Domain Security Policy ... and Domain Controller ...
    (microsoft.public.win2000.security)
  • Re: AD 2000, Blank passwords, and Group Policy
    ... I set up an account with password policy enforced and experienced the same as you ... The only thing I can suggest is to leave the accounts as they ... accounts to change password at next logon. ... I could set the policy to not enforce this until after all ...
    (microsoft.public.win2000.security)
  • Re: RSoP Lockout Account
    ... Account Policy, or more specifically any items within Computer ... *domain accounts* can ... account policies per domain, but again, I haven't seen that in writing yet. ... >>> I'm trying to aply a GPO to an OU that contains computers, ...
    (microsoft.public.win2000.group_policy)