Re: Need to read "Store password in reversible encryption for all users in the domain"

Raymond Vought wrote:

Does anybody know how to return the "Store password in reversible
encryption for all users in the domain" setting on the local security
password policy setting?

The resultant will do, whether it is set locally or by domain policy.

A bit of the userAccountControl attribute of the user object controls this.
As far as I know, the setting can be different for different users. A
VBScript program to check a specified user:
==================
Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H80

Set objUser = GetObject("LDAP://cn=Jim User,ou=Sales,dc=MyDomain,dc=com")
lngFlags = objUser.userAccountControl
If (lngFlags AND ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) <> 0 Then
Wscript.Echo "Store password using reversible encryption set"
Else
Wscript.Echo "Store password using reversible encryption NOT set"
End If
==============
To retrieve all users where this is set, use the following filter:

(&(objectCategory=person)(objectClass=user)" _

& "(userAccountControl:1.2.840.113556.1.4.803:=128))



To retrieve all users where this is NOT set, use:



(&(objectCategory=person)(objectClass=user)" _

& "(!userAccountControl:1.2.840.113556.1.4.803:=128))



You can use these filters in ADUC. Or, see this link for using ADO to
retrieve info on users, which explains how to use these filters:



http://www.rlmueller.net/ADOSearchTips.htm


--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net


.

Relevant Pages

  • Obfuscating sensitive data? (was: response to tax software not encrypting tax info)
    ... Encryption without a key is useless. ... If you can retrieve the file, brute force is always possible, so nothing ... attacker laugh, assuming he is just a bit smarter than a piece of wood. ... Never just obfuscate the passwords by using a generic key. ...
    (Bugtraq)
  • Re: Modelling Interference Filter Performance Using Zemax and Encrypted Coatings Files
    ... light incident on the filters can have varying amounts of non-random ...  This variation in incident polarization will have an effect ... Encryption is usually very easy to break. ...
    (sci.optics)
  • Re: protecting objects from being changed
    ... After all, if the company retains a copy of the customer's key, they can always retrieve that copy. ... Maybe there is in fact a reliable encryption scheme in which two different keys can be used to decrypt an encrypted document. ... It's possible you would...I've seen some esoteric crypto stuff discussed here. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Any value in installing this free software?
    ... For such apps, I prefer AirSnare: ... there are IP filters in place, then the attacker has to guess the IP ... the aformentioned software is designed for unencrypted networks, ... cracking the WEP/WPA encryption key. ...
    (alt.internet.wireless)
  • Re: how to fight a password cracker
    ... encryption, how a password cracker can retrieve that stored password ... even compiled object code, ...
    (microsoft.public.dotnet.languages.csharp)