开发者

Getting the password of a user from active directory

开发者 https://www.devze.com 2023-03-05 20:46 出处:网络
Is it possible to get the password of an account on the active directory a machine is jo开发者_开发百科ined to? I know this may sound like a dangerous thing to do, but I\'d like to launch a process wi

Is it possible to get the password of an account on the active directory a machine is jo开发者_开发百科ined to? I know this may sound like a dangerous thing to do, but I'd like to launch a process with the user ctx of an admin user, without hard-coding a password.

I'm using .NET 3.5.


@SLaks you are moderator I know but here, this is not the correct answer.

In Active-directory exists a policy that can be used to made passowrd reversible.

In Windows Server 2008 R2, it exists something called "Fine Grained Password Policy" that allow to change password policy for a given group of users. In FGPP you'll find msDS-PasswordReversibleEncryptionEnabled attribute.

Be careful @dotnetdev, I DO NOT ADVICE you to use this, but it exists. So It's not "fundamentally impossible".

My advice is to discover which privileges (system rights) you need for your work and to create a special group for that. Then you create a special user and join it to this new group. After you can store the password of this user (NEVER the admin one) crypted with the admin entity or a service entity.


This is fundamentally impossible.
Windows stores passwords using the NTLM hash; the passwords themselves are not stored at all.

0

精彩评论

暂无评论...
验证码 换一张
取 消