Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13
  1. #11
    Junior Member
    Join Date
    Dec 2005
    The sad thing about all of this is, I noticed the activity after I had reimaged a lab so anything that my "arch-enemy" was doing was wiped out. Of course, without the image I might not have noticed in the first place...double edged sword. It has taught me that I need to be WAY more vigilant though. One other question I have though, if the domain admin account had a profile on a machine, can the password somehow be decrypted out if that profile? I thought I read something about that in the past few days while I have been trying to figure out, just how much I don't know...which apparently is quite a bit.

  2. #12
    Join Date
    Apr 2003
    It may be possible, with a cracking tool, to ferret out the domain admin passwords. My own policies cleared those from systems on logout, in my previous life. But, I also didn't use those for logins. Use a non-priviledged account for login, then runas for the heavy stuff.

    Tutorial: Setting Up Promiscuous Mode

    1. Saturday Night, Shower and shave.
    2. Polish the black Justins.
    3. Dust off the Stetson.
    4. Dress with nice western shirt, jeans, Justins and Stetson. Skoal in back pocket.
    5. Drive to honkey tonk.
    6. Enter honkey tonk.
    7. Order three shots whiskey at bar and slam 'em down.
    8. Order beer for chaser.
    9. Turn around and scan the floor.
    10. Promiscuous Mode ON!
    Just hadda do that.

  3. #13
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    If you set the domain policy such that the clients don't cache passwords then there will be no passwords or their hashes from the domain stored on the client. The authentication will have to take place over the network.

    To test for this setting log in as a domain user that has rights on the local machine. Log out, disconnect the network cable and try logging in as the same domain user. If it comes back telling you the domain can't be found then the setting is set correctly. If it logs you in to the local machine then it is not.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.