7

Is it possible to get the password of an account on the active directory a machine is joined to? I know this may sound like a dangerous thing to do, but I'd like to launch a process with the user ctx of an admin user, without hard-coding a password.

I'm using .NET 3.5.

Kiquenet
  • 14,494
  • 35
  • 148
  • 243
GurdeepS
  • 65,107
  • 109
  • 251
  • 387

2 Answers2

14

@SLaks you are moderator I know but here, this is not the correct answer.

In Active-directory exists a policy that can be used to made passowrd reversible.

In Windows Server 2008 R2, it exists something called "Fine Grained Password Policy" that allow to change password policy for a given group of users. In FGPP you'll find msDS-PasswordReversibleEncryptionEnabled attribute.

Be careful @dotnetdev, I DO NOT ADVICE you to use this, but it exists. So It's not "fundamentally impossible".

My advice is to discover which privileges (system rights) you need for your work and to create a special group for that. Then you create a special user and join it to this new group. After you can store the password of this user (NEVER the admin one) crypted with the admin entity or a service entity.

JPBlanc
  • 70,406
  • 17
  • 130
  • 175
  • Reversibly-encrypted just means that it should use a weaker hash. (LM vs. NTLM) You'd still need to crack that hash; it just becomes somewhat easier. – SLaks May 16 '11 at 12:58
  • 5
    There is nothing wrong with correcting a moderator. We're here to manage spam and other problems; not to be infallible. – SLaks May 16 '11 at 13:00
  • In Microsoft documentation : "_Store passwords using reversible encryption_" provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. – JPBlanc May 16 '11 at 15:41
  • 2
    You're right; I was confusing it with a different policy. http://blog.teusink.net/2009/08/passwords-stored-using-reversible.html – SLaks May 16 '11 at 15:47
7

This is fundamentally impossible.
Windows stores passwords using the NTLM hash; the passwords themselves are not stored at all.

SLaks
  • 868,454
  • 176
  • 1,908
  • 1,964
  • I just react because of the "fundamentally" word. @Slacks, It's a shortcut. As far as @dotnetdev spoke about Active-Directory, it exists a policy in which passwords are reversible crypted (I agree not generaly used but it exists). – JPBlanc May 16 '11 at 03:32