We have recently purchased LC5 to perform password audits to discover weak passwords. The documentation indicates to use PWDUMP3 to extract password hashes from the Active Directory. I have looked everywhere and cannot find a legitimate site to download this tool nor can I find documentation. Has anyone ever used this tool that can shed some light on my frustration?
I have never used this utility but I would say you are approaching the problem from the wrong angle. I would change the Password Requirement to Strong Password requirements. More that 8 Charectors and Must use numbers and Capitals (special charectors like !@#$%^&*() never hurt either.)
I would then Set all accounts to require a password change at next login. I would inform the users of the change and I would Audit accounts that are not changed in a timely fashion. You should remove unused accounts. and you should know specificaly your IT accounts.
Last Wiki Answer Submitted: October 14, 2005 10:24 am by Rfergus280 pts.