"DaveMo" <> wrote in message
news:4bd19147-4822-42ec-b91b-...
On Apr 28, 1:43 pm, "Ace Fekay [MVP - Directory Services, MCT]"
<ace...@mvps.RemoveThisPart.org> wrote:
> On Wed, 28 Apr 2010 07:35:02 -0700, Bob
>
>
>
>
>
> <B...@discussions.microsoft.com> wrote:
>
> >Is there any way to view users passwords in Server 2003 AD ?
>
> >We run a server 2003 SP2 domain, us Administrators have a list of all
> >users
> >password on a spreadsheet, locked up. We need their passwords in the
> >event we
> >must sign onto their computers as an admin while they are away, we log
> >back
> >into the computer with their user name/password when done. You would be
> >surprised how many people "do not" look at the user name when they log
> >on -
> >we had panic --- I can not log in, we go to their desktop and the user
> >name
> >is that of one of the administrators - user did not look.
>
> >So the problem is when they change their passwords --- we ask for their
> >new
> >password. We were searching around the net and so far found no way to
> >view
> >their passwords in AD, just wondering --- if there is something we are
> >missing, anyone know a way to view users passwords in AD 2003 ? And this
> >is
> >all legit, users and managers know that we have and need their
> >passwords ---
> >we are trust worthy in our shop.
>
> >Thanks,
> >Bob
>
> As Meinolf and Richard stated, this is not possible.
>
> If it were possible, I don't believe AD would be a viable and secure
> product to run a secure environment and not many would consider it's
> use.
>
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
> MCSA 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
> Microsoft MVP - Directory Services
>
> If you feel this is an urgent issue and require immediate assistance,
> please contact Microsoft PSS directly. Please
> checkhttp://support.microsoft.comfor regional support phone numbers.- Hide
> quoted text -
>
> - Show quoted text -
Although the MVPs who have chimed are correct for normal situations,
but I have heard plenty of use cases where it would be completely
valid for the admins to know every user's password. This is typically
the case where the information worker staff is highly transitory or
performing some trivial task.
If the admins do have a valid case for persisting user passwords then
you can install a password filter/notification DLL on your domain
controllers. This does not allow you to retrieve existing passwords,
but will allow you to collect them as they are created and changed.
This is typically a development task which consists of compiling the
SDK sample (assuming you can still find it) but there may be freeware
versions out there.
HTH,
Dave
-------------------------
I guess I have seen similar situations, like classroom training sessions, or
a temporary contractor. Perhaps it would be easier in these cases to not
allow the user to change their password. They would use the password you
initially provide. Just recognize that the account could be one where many
people potentially know the password, so it should be restricted. You could
reset the password just before giving the new password to the user, then
reset it when the user is finished, or reset it yourself periodically and
communicate the new password to the user.
--
Richard Mueller
MVP Directory Services
Hilltop Lab -
http://www.rlmueller.net
--
Similar Threads
Linear Mode
