+ Post New Thread
Results 1 to 11 of 11
How do you do....it? Thread, Changing a users password without remembering it! in Technical; Oh boy, Hi All. :P This one is a good case of management implementing things they dont know anything about. ...
  1. #1
    acrobson's Avatar
    Join Date
    May 2007
    Location
    Tyne & Wear
    Posts
    519
    Thank Post
    5
    Thanked 6 Times in 6 Posts
    Rep Power
    17

    Changing a users password without remembering it!

    Oh boy,

    Hi All. :P

    This one is a good case of management implementing things they dont know anything about. :x

    My place is tightening up security, at present we are moving people from an old NT system on to Ad on server2003, we have to reset the users password if they are not present in order to transfer the documents etc, however the user also has to keep mapped drives etc connecting to the old NT4 system once logging onto AD as some resources cannot be transferred etc at present.

    However, as we override there NT4 account we have to supply a specified password, but if the user isnt there we choose this ourselves, meaning if they claim there is anything missing/changed we get the blame as a lot of them are senior bods etc. and you know the score, if there on more money than us, we lose :!:

    We need a way of them changing the password from there old NT account once logged onto AD either thereselves, or for us to type in there details, username, domain etc and for it to set a password which we do not know but which possibly places a text file on the users AD desktop to enable them to access it in the future.

    This is very long winded and too big to explain fully, feel free to ask direct questions etc, it may be easier as to trying to explain the whole thing :!:


    Where's my resignation letter again.......

  2. #2

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594

    Re: Changing a users password without remembering it!

    There are a variety of tools that can scavenge passwords from the SAM file on NT4. One option (which we took 3+ years ago) was to scavenge passwords, enter them into the new AD and then force a change of password for those that we believed to be too insecure.

    A bit laborious typing the passwords back in (can be done by script be we chose not to keep a record of the passwords anywhere other than the active window of the software running on the old PDC) but it saved me a heap of time in the long run.

  3. #3
    acrobson's Avatar
    Join Date
    May 2007
    Location
    Tyne & Wear
    Posts
    519
    Thank Post
    5
    Thanked 6 Times in 6 Posts
    Rep Power
    17

    Re: Changing a users password without remembering it!

    Quote Originally Posted by GrumbleDook
    There are a variety of tools that can scavenge passwords from the SAM file on NT4. One option (which we took 3+ years ago) was to scavenge passwords, enter them into the new AD and then force a change of password for those that we believed to be too insecure.

    A bit laborious typing the passwords back in (can be done by script be we chose not to keep a record of the passwords anywhere other than the active window of the software running on the old PDC) but it saved me a heap of time in the long run.
    The thing is, ideally we cannot come into contact with the NEW password as all, as in only the user can know whatever password is set to their account. This is to try and keep the ring of security. Before, only two people new that given password, the techy and the user, now they only want the user to know that password from start to finish.

  4. #4

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594

    Re: Changing a users password without remembering it!

    If you have admin access to the domain (especially the DCs) you can get the passwords.

    Ok, a possible solution. You have access to shares anyway, you can dump the relevant files in there. Once you have set up the account on the new domain you enforce 'change password at next logon'. You tell staff members that the first time they login they must use a specified computer (on the new domain) and sat next to it is a computer on the NT domain. They change their password on the new domain ... they logoff and change it on the old domain to the same one.

    They are in control and if there is any cockups then it is there problem.

    It is possible to write a small VB app to map a drive from another domain based on specified credentials ... not neat either ...

    The final solution is to transfer files ... get everyone to log in to the new domain once, scavenge from the new domain without anyone knowing and change the passwords on the NT domain.

    Then again ... I am looking at this from a particular point of view and you can probably chuck some level of trust in there and add permissions to the drives to give access ... I just like making things difficult. I never really got into the NT4 side of things so a 2003 to NT4 trust is not really in my skillset.

    Better ask Geoff^Google.

  5. #5


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,462
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195

    Re: Changing a users password without remembering it!

    Hmm..
    1. Recover NT passwords using rainbow table (NT passwords SUCK)
    2. Do job as originally intended leaving AD password = NT password
    3. Deny all knowledge of ever knowing any pasword and claim the magic fairies did it

  6. #6

    Join Date
    Nov 2006
    Location
    Kendal
    Posts
    1,555
    Thank Post
    112
    Thanked 177 Times in 144 Posts
    Rep Power
    71

    Re: Changing a users password without remembering it!

    Quote Originally Posted by acrobson

    However, as we override there NT4 account we have to supply a specified password, but if the user isnt there we choose this ourselves, meaning if they claim there is anything missing/changed we get the blame as a lot of them are senior bods etc. and you know the score, if there on more money than us, we lose :!:
    But as administrator you can see all documents etc anyway so even if you don't know the password they could still blame you for losses etc if they are of that mindset.

    Therefore how does it matter to them if you know the passwords?

  7. #7

    Join Date
    Mar 2007
    Posts
    307
    Thank Post
    3
    Thanked 9 Times in 8 Posts
    Rep Power
    16

    Re: Changing a users password without remembering it!

    Dont see why it matters, as jcollings has said, as administrator, you have access to all their files anyway. If they are saying that because you gave them a new password, if any files have changed stored under their account they are going to blame you, I would complain. How many times have you seen passwords written on a piece of paper stuck on the monitor? Or given to someone so they can just get access to a file they needed?

    I would inform them that if you needed to get access to their documents you can, you dont need their password.

  8. #8
    acrobson's Avatar
    Join Date
    May 2007
    Location
    Tyne & Wear
    Posts
    519
    Thank Post
    5
    Thanked 6 Times in 6 Posts
    Rep Power
    17

    Re: Changing a users password without remembering it!

    Quote Originally Posted by pallen
    Dont see why it matters, as jcollings has said, as administrator, you have access to all their files anyway. If they are saying that because you gave them a new password, if any files have changed stored under their account they are going to blame you, I would complain. How many times have you seen passwords written on a piece of paper stuck on the monitor? Or given to someone so they can just get access to a file they needed?

    I would inform them that if you needed to get access to their documents you can, you dont need their password.
    The thing is, i get your point of views totally with regards to being admins we can access their files etc anyway, however, we need them to think we cannot, or atleast the senior managers of the areas which we support. Meaning we have to have something in place which on paper and in technical practice seems as if we cannot access there stuff, at least, via logging into their account directly, in reality, they dont know about the server side of things!

  9. #9
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: Changing a users password without remembering it!

    Can't you use Active Directory Migration Toolkit? This will drag the passwords from the old accounts into the new accounts and you will never see them.

  10. #10
    OutLawTorn's Avatar
    Join Date
    Jul 2007
    Location
    Sydney, Australia
    Posts
    216
    Thank Post
    8
    Thanked 8 Times in 8 Posts
    Rep Power
    32

    Re: Changing a users password without remembering it!

    can you migrate the usernames and passwords accross to 2003 domain, and then just make the NT server part of the new domain (not as a DC). The older files can then be accessed, and you are still using one username?

  11. #11


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,630
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223

    Re: Changing a users password without remembering it!

    Like others have said, the Active Directory Migration Tool is what you need - you have the option to keep the accounts live in both domains.

    With regard to sysadmins knowing passwords, it boils down to:

    "If no-one knows your password, no-one can impersonate you on the school network."

    As a sysadmin, I don't want to know users passwords - not only do I have to be professional and honest, I have to be seen to be professional and honest. I don't need to know the password and I leave a clear auditable trail (or the rather suspicious lack of one) if I alter a users files using administrator privileges.

SHARE:
+ Post New Thread

Similar Threads

  1. Prevent users changing wallpaper ?
    By pinemarten in forum How do you do....it?
    Replies: 14
    Last Post: 14th January 2010, 04:15 PM
  2. FAO: ELGG users and Moodle Users
    By thegrassisgreener in forum Virtual Learning Platforms
    Replies: 18
    Last Post: 3rd July 2009, 07:12 PM
  3. Changing windows explorer views for users.
    By Galway in forum Windows
    Replies: 1
    Last Post: 11th August 2007, 01:03 PM
  4. Set all Users in an OU to receive a dedicated password.
    By tosca925 in forum How do you do....it?
    Replies: 4
    Last Post: 4th June 2007, 09:58 AM
  5. Resolution Changing for RM
    By Mintsoft in forum Windows
    Replies: 17
    Last Post: 10th May 2006, 07:39 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •