Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there a way to get the hashed value of Windows password for a specific local user? Which Win32 API would that be? I don’t want to know what the actual password is, just the hash value of the password.
I’d like to be able to tell which workstations/servers don’t have the same password for a specific user.
Please advise, thanks.
I haven’t tried this technique recently, so I’m not sure it still works, but at one time it definitely did, and I’d guess it probably still does.
Call
NetUserChangePasswordfor that user’s account on each of the target computers, but do it from an account that does not have the right to change that users password (e.g., another normal user account). When you call this, you have to pass (among other things) the user’s old password. Since you’re calling it from an account that isn’t allowed to change that user’s password, this call will always fail.What you’re interested in is the error code when it fails. If what you passed as the old password is recognized by the system (i.e., is the correct password for the account), the call will fail with
ERROR_ACCESS_DENIED. If the password you pass is incorrect (i.e., not recognized for that account), it’ll fail withERROR_INVALID_PASSWORD.