Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Where are Windows "Enforce password history" passwords stored?
From: "dave kleiman" <dave () isecureu com>
Date: Tue, 30 Aug 2005 20:28:29 -0400

For Microsoft AD domain controller, the NTDS.dit file is the database you
are looking for.

The local SAM file is not going to store the AD users info.


________________________________________________________
Dave Kleiman, CAS, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE

www.SecurityBreachResponse.com www.ComputerForensicInvestigations.com
 



-----Original Message-----
From: Soluk, Kirk [mailto:kmsoluk () umich edu]
Sent: Monday, August 29, 2005 18:18
To: Charles Gillman; pen-test () securityfocus com
Subject: RE: Where are Windows "Enforce password history"
passwords stored?

On a non-dc there stored in the SAM database (not sure where
they are stored on a DC).
Check out Lab 2.2 in this presentation
http://www.citi.umich.edu/projects/itss/lectures/lecture-07.ppt
The fifth slide (within Lab 2.2) points to the password history.
/Kirk

-----Original Message-----
From: Charles Gillman [mailto:charles.gillman () gmail com]
Sent: Sunday, August 28, 2005 9:14 PM
To: pen-test () securityfocus com
Subject: Where are Windows "Enforce password history"
passwords stored?

Can anyone tell me where the "remembered" passwords are stored when
the "Enforce password history" is set in Group Policy?

If this setting is set to its maximum value of 24 then I
would expect
24 password hashes are stored for each account for the setting to
work.  But where?

More importantly are there any tools/techniques for accessing the
"remembered" passwords?

Thanks
CG






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]