Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

User Account Management

Status
Not open for further replies.
dbsnole

dbsnole

MIS
Jun 25, 2002
21
0
0
US
I am trying to manage user passwords across our organization. We are getting ready to implement a firm-wide password policy, but would like to retain a copy of each users' password when they change it. I have auditing turned on and am generating events 4738 and 4723, but there is no content that displays the old and new password.

Am I looking at the wrong events? Is this even possible? If so, I could use some help completing this task. Thanks!
 
Sort by date Sort by votes
For reasons of the most basic security I really don't this is even remotely possible. If this was possible any it admin could turn it on and seamlessly log into anyones machine as the user to cause havoc! If the clients cache the password (which most do) it is stored in the registry but is encrypted.

Regards

Adrian
 
Upvote 0 Downvote
You shouldn't need to keep a copy of their old passwords in a manual fashion. When you edit the GPO to change the password policy there is a setting called "Remember X previous passwords" or something similar to that. It will store the hashes for the previous passwords and ensure that they are not re-using those passwords again for the specified period. Note that these are the hashes, so you still cannot actually view the plaintext of their passwords without running some sort of cracking application.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
I was figuring this was going to be the general response, but that's why i posted it. Thanks for your help!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
140
DrB0b
DrB0b
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
127
goombawaho
goombawaho
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
50
penguinroundup
penguinroundup
goombawaho
  • Locked
  • Question
How to open Change user role for user accounts wizard
Replies
2
Views
46
goombawaho
goombawaho
goombawaho
  • Locked
  • Question
Continuous RDP disconnection/reconnection for administrator user
Replies
5
Views
73
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top