Menu
Is it possible to get the password of an account on the active directory a machine is joined to? I know this may sound like a dangerous thing to do, but I'd like to launch a process with the user ctx of an admin user, without hard-coding a password.
I'm using .NET 3.5.
669
@SLaks you are moderator I know but here, this is not the correct answer.
In Active-directory exists a policy that can be used to made passowrd reversible.
In Windows Server 2008 R2, it exists something called "Fine Grained Password Policy" that allow to change password policy for a given group of users. In FGPP you'll find msDS-PasswordReversibleEncryptionEnabled attribute.
Be careful @dotnetdev, I DO NOT ADVICE you to use this, but it exists. So It's not "fundamentally impossible".
My advice is to discover which privileges (system rights) you need for your work and to create a special group for that. Then you create a special user and join it to this new group. After you can store the password of this user (NEVER the admin one) crypted with the admin entity or a service entity.
51
This is fundamentally impossible.
Windows stores passwords using the NTLM hash; the passwords themselves are not stored at all.
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
