Re: Are Active Directory passwords encrypted?
- From: "Florian Frommherz [MVP]" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 17 Dec 2008 18:43:52 +0100
Eddie,
EddieF wrote:
We're trying to make sure passwords are encrypted on all of our systems. Just want to verify that passwords are automatically encrypted in Active Directory and on the domain controllers. Also, are the local account passwords encrypted on file servers? If not are there any suggestions on how to do this? Thanks in advance for any help and suggestions.
They are stored as hashes - no chance you get to see the real passwords in the database. Passwords aren't transmitted over the wire - always the hashes. What happens when you connect to a file is you basically acquire a service ticket at the DC by encrypting a message from the DC with your hashed password. The DC verifies the encrypted answer and - if the password is correct - hands out a ticket for the file server service. Go then connect to the file server and show that ticket. Have a look at the well-known kerberos authentication protocol - that's what it is.
cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
.
- References:
- Are Active Directory passwords encrypted?
- From: EddieF
- Are Active Directory passwords encrypted?
- Prev by Date: Re: New Domain Contollers
- Next by Date: Re: Reconnect Old DC to Network? Get Current copy of AD?
- Previous by thread: Re: Are Active Directory passwords encrypted?
- Next by thread: Re: Are Active Directory passwords encrypted?
- Index(es):
Relevant Pages
|
