Dragging out obligatory stick.... Whap whap whap whap. There is no good reason to do this. Honestly. If you really need it you can crack most passwords very quickly with rainbow tables but you really don't need it if you are the admin, you reset the password. That way, anyone you tag knows you had access to their stuff. If you just need access to company docs when the person is on vacation, put the info on servers in project areas where the person and their backup has access to the files.
If you openly have the passwords there is nothing to stop someone for blaming you for doing something as them unless you have the most incredible auditing imaginable and you are on Windows and don't have that logging. No, you don't have that logging. No. One other thing I would point out, if you can memorize all of the user's passwords, those are sucky passwords or you have a photographic memory. I know that security may seem more like a burden to your company than anything, but weak passwords and documented clear text passwords anywhere is extremely bad and dangerous and could be a cause of loss or tampering of data of your company. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 11:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Notification containing new password I don't think there is such tool natively. I imagine that you could put a web interface on a vbscript where you direct your users to go to when they need to change their passwords. In the code, you will then put in a routine that grabs the value they type in and email it to you. Now, I will get away quickly before Joe shows up with another "why-you-should-not-do-this" clue stick (I mean, KB article) :p Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Matthew Crape Sent: Wed 11/3/2004 10:21 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Notification containing new password Hi Group, I have already delved into the archives and I couldn't find quite what I was looking for. It is very possible that I looked over it, and if I did I apologize in advance. Now, to my question: We are a fairly small shop here (about 40 users) and the traditional way of doing a password change was to collect new passwords from everyone and then I change them in AD as well as in a couple of other places (i.e. like synchronizing them with our non-Exchange mail server). We did this so that in case somebody was away on vacation and we needed to log on to their computer (with their profile) we could do it. It saves the hassle of say, logging in with a domain account and then manually opening up a PST file or something like that. I would like to have the user's change their own passwords, but I would also like to be able to know their new passwords. We have had numerous issues in the past with people telling us their wrong passwords, so I would like to get it straight from AD if possible. Right now the only solution I can see is cracking all of the passwords, but that isn't the most feasible way. Does anyone know of a solution? Maybe something like an email generated by some sort of script with the new password? Sorry if this email dragged on for a bit. Any help is appreciated. Thanks. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
