Question : Password hash security on Server 2003

Hello all,
I was just curious how likely it is to have someone dump the password hashes of active directory into a normal file to be cracked. I'm a network tech/admin of a small company which is a subsidiary of a larger corporation. Our parent company controls the DC and we basically aren't allowed to touch it. But we can control AD for our domain from one of our local servers (doing things such as creating accounts, resetting passwords etc etc). I know how easy it is to dump the password hashes from a local machine if you're an administrator, but i was just curious how easy it is to dump the hashes from a server machine. I guess what I'm asking is, does server store it a different way to make it more difficult to get to? Should this be something i should be concerned over? Our company has a lot of computer savvy people, and i just want to make sure everything is as secure as possibly can be

Answer : Password hash security on Server 2003

Hi!

Usually password hashes (LM hashes) are stored on client computers and that's why they are vulnerable. Sniffing for hashes on network would be second best choice. Cracking AD would require physical access to domain conotroller which is or should be always secured.

HTH

Toni

Random Solutions

employee getting married

How to gracefully degrade html formatted emails when not online!

OWA Service Unavailable Intermitently

Hot to determine if file exists in path

Office 2003 installed w/ gpo Outlook fails - Event ID 1004

how to stop AutoPlay in Flash movie?

Infopath Sharepoint problem

New exchange email group can only shown in "All Groups" in contact list, but cannot shown in "All contacts in Domain"

Streaming vs. Progressive Flv flash player

Sendmail stat=Data format error