RE: Where are Windows "Enforce password history" passwords stored?

["dave kleiman" <dave () isecureu com>]

For Microsoft AD domain controller, the NTDS.dit file is the database you
are looking for.

The local SAM file is not going to store the AD users info.


________________________________________________________
Dave Kleiman, CAS, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE

www.SecurityBreachResponse.com www.ComputerForensicInvestigations.com
 



> -----Original Message-----
> From: Soluk, Kirk [mailto:kmsoluk () umich edu]
> Sent: Monday, August 29, 2005 18:18
> To: Charles Gillman; pen-test () securityfocus com
> Subject: RE: Where are Windows "Enforce password history"
> passwords stored?
>
> On a non-dc there stored in the SAM database (not sure where
> they are stored on a DC).
> Check out Lab 2.2 in this presentation
> http://www.citi.umich.edu/projects/itss/lectures/lecture-07.ppt
> The fifth slide (within Lab 2.2) points to the password history.
> /Kirk
>
> > -----Original Message-----
> > From: Charles Gillman [mailto:charles.gillman () gmail com]
> > Sent: Sunday, August 28, 2005 9:14 PM
> > To: pen-test () securityfocus com
> > Subject: Where are Windows "Enforce password history"
> > passwords stored?
> >
> > Can anyone tell me where the "remembered" passwords are stored when
> > the "Enforce password history" is set in Group Policy?
> >
> > If this setting is set to its maximum value of 24 then I
> would expect
> > 24 password hashes are stored for each account for the setting to
> > work.  But where?
> >
> > More importantly are there any tools/techniques for accessing the
> > "remembered" passwords?
> >
> > Thanks
> > CG