I'll go along with ASB and say that it's a bad idea. That being said, rainbow crack and ophcrack take about 30 GB of disk space for the crack files (a "full" set) and can crack several hundred passwords an hour. There are online websites that present these interfaces, as long as you know the password hash (see pwdump3 for obtaining those).
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 1:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Notification containing new password I don't think there is such tool natively. I imagine that you could put a web interface on a vbscript where you direct your users to go to when they need to change their passwords. In the code, you will then put in a routine that grabs the value they type in and email it to you. Now, I will get away quickly before Joe shows up with another "why-you-should-not-do-this" clue stick (I mean, KB article) :p Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Matthew Crape Sent: Wed 11/3/2004 10:21 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Notification containing new password Hi Group, I have already delved into the archives and I couldn't find quite what I was looking for. It is very possible that I looked over it, and if I did I apologize in advance. Now, to my question: We are a fairly small shop here (about 40 users) and the traditional way of doing a password change was to collect new passwords from everyone and then I change them in AD as well as in a couple of other places (i.e. like synchronizing them with our non-Exchange mail server). We did this so that in case somebody was away on vacation and we needed to log on to their computer (with their profile) we could do it. It saves the hassle of say, logging in with a domain account and then manually opening up a PST file or something like that. I would like to have the user's change their own passwords, but I would also like to be able to know their new passwords. We have had numerous issues in the past with people telling us their wrong passwords, so I would like to get it straight from AD if possible. Right now the only solution I can see is cracking all of the passwords, but that isn't the most feasible way. Does anyone know of a solution? Maybe something like an email generated by some sort of script with the new password? Sorry if this email dragged on for a bit. Any help is appreciated. Thanks. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
