I tried it man ! I tried it to see what it does and :
1) You can get the SAM on NT2000 like on NT4, through registry or directly dumping SAM file in repair or config.
you can see these accounts with password hash, but L0phtCrack will not be able to recover them.
for that you need an utility called pwdump2 wich will be able to read the SYSKEY protected hash (and i confirm this super encryption is activated bu default on NT2000). They you get a list of password that L0phtCrack can proceed and recover. I tested it with L0phtCrack 2.52 and it has worked.
as an admin, I have still not found how to counter that
2) Concerning the look for "cached password" from domain users/admin that log on this workstation, I 've heard rumor that there is way to get them (they seems to be stored into the local cached profiles). If anyone has news concerning this, i would be happy to check that.
- hantiz.
