[paulroper]

Hi there,

I am studying for a computer audit exam and would really appreciate some guidance on using Petter Nordahl-Hagen's Windows NT/2000 password editor on NT Domain Controllers.

I have read the instructions and these suggest that the password for the local administrator account can be changed on NT workstations, NT Member Servers and NT Domain Controllers.

However, this only changes the machine (local) administrator account, not the domain administrator account.

Does NT prohibit the use of local accounts on domain controllers? I do not have access to a NT network to test this control.

If not, could a hacker logon to a domain controller as the local administrator, run pwdump and attack the extracted hashes?

If so, can hackers follow the instrcutions from MSCE World's article "Forgot the Administrator's Password? - Reset Domain Admin Password in Windows 2000 AD" to reset the domain administrator password for an NT Domain.


Thanks in advance

[paulroper]

Sorry, forgot to ask this next question -

Is the SAM on a NT domain controller made up of two parts? i.e. local account database and domain account database

If someone could direct me to a paper explaing how the SAM on a domain controller is made up I would be very grateful.

I assume a hash value of the domain administrator password is stored in the SAM on the domain controllers. Why is it not possible for Windows NT/2000 Offline Password Editor to edit the password for the domain administrator account instead of the machine administrator account? I am sure there is a very good reason, but I lack the knowledge and experience to figure this out. If anyone does not the answer please let us know (in simplistic terms if possible!!!!)

Thanks again!