Domain passwords

05-17-05, 09:05 PM

Using active directory, are all the users passwords also kept locally, and not just on the server?

05-17-05, 09:07 PM

A cached copy of the passwords are kept for logging in when not connected to the domain network.

The clients use NTLM to authenticate to the DC. If a DC isn't present, or the network cable is unplugged, the LSASS service uses the cached password information stored in the client PC's registry.

deftech · 05-17-05, 09:07 PM

It depends on how the network is configured. The client machines could be set to cache passwords, but most places disable that if they are using AD.

05-17-05, 09:08 PM

In the SAM file in the registry like regular users, by any chance, lol?

Howard2k · 05-17-05, 09:13 PM

They still use NTLM? Aren't they using Kerberos now as the primary and NTLM2 as the backup?

Could be wrong. Not an NT geek anymore...

deftech · 05-17-05, 09:13 PM

Which registry key are you referring to?

In AD, the sAMAccountName is the same as a userid (with domain\ on the front of it).

05-17-05, 09:15 PM

No, not a key, the whole file. (sam, security, default, etc). (Wanting to brute force it all summer, lol.)