Is it possible to retrieve login passwords via the network

[framedNlv]

Does the guy in charge of the server (Microsoft) have direct access to our login passwords or would he have to go out of his way to retrieve them (plug-in or third party software)?


Thanks,
Chris

[.T.]

Does the guy in charge of the server (Microsoft) have direct access to our login passwords or would he have to go out of his way to retrieve them (plug-in or third party software)?


Thanks,
Chris

Hi Chris,

As far as I know, the administrator can only set a switch that forces the user to change the password at the next login, can set up the password scheme (number of characters, etc.), and can change the password themselves, but I don't think there is a way for admin to see the actual password the user selects without some digging. At least I haven't seen a way to do that (MS Server 2003).

You might want to scour microsoft.com to be sure.

[arcadia_x27]

Chris,

Unless you gave your server admin your password or theyre running a keylogger or something similar on your workstation theres no way the admins can know your password at all.

[framedNlv]

Thanks guys.

I'm not up on Microsoft server (or any server) but I just found it strange to see a printed list of everyones login name with there password.

Could someone post a link where I might be able to contact MS about this matter?

Thanks again,
Chris

[cadtag]

It's not an MS problem, it's an IT Guy problem. Either people gave him their password, or he's running a keylogger or equivalent hacker tool in the background on your workstations to capture them.

Microsoft does not store the password in clear text anywhere! If i recall correctly, it doesn't even store the password, just a hashed value that your encrypted password will match. It's a one-way hash, so the stored value cannot be converted back to a password.

Now the more interesting question is why is IT doing this? It's arguably unethical, certainly an immense security hole, and if your organization has any formal IT Policy manual, it's almost certainly a violation of that policy.

[framedNlv]

Thanks guys.

Could someone post a link where I might be able to contact MS about this matter?

Thanks again,
Chris

I meant a link where I might be able to confirm that MS has no tools for retrieving/harvesting user login passwords.


Chris

[arcadia_x27]

You will not probably find any link per say for what youre looking for, I'd suggest a Google search, looking through the Microsoft knowledge Base articles relating to Windows Server, or a good read through any book for the Windows Server Certification exam(s) should give you an idea of how it works. If there is some way to rehash a password (and I doubt there is) then its not something that MS would ever publicise. I've administered Windows and Novell servers and there's no way to discover a users password without using some kind of outside tool like a keylogger or hack.

[Commissar Rod]

Was this list just laying around as well? Kinda Scary

[framedNlv]

Was this list just laying around as well? Kinda Scary

8x11 pinned to his wall with a strip of paper over the passwords.

[CGM]

8x11 pinned to his wall with a strip of paper over the passwords.

Hello there,
Why don't you start to change your password more frequently. As an administrator can access your post anyway without knowing your password, I don't see any justification for you allowing him acess to "private " emails, pics, etc... (In my own experience some IT guys like to abuse their power.
So I agree with Cadtag, it's unethical; even if the IT guy can be trusted, anyone at all can log-in in your absence & read your emails, just by refering to his list. That's just dumb, from an management point of view. ) Just my two cents.

Here's a random website with some suggestions on how to get organised with passwords.