tag:blogger.com,1999:blog-7971789192074433033.post8429775373608918409..comments2011-10-03T14:59:31.788+02:00Niels Teusinkhttp://www.blogger.com/profile/02392760369555256652noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-7971789192074433033.post-11650082979163401812010-01-06T20:16:23.514+01:002010-01-06T20:16:23.514+01:00@Jay<br /><br />You could probably write a script to see which accounts have the &#39;Store password using reversible encryption&#39; flag on.<br /><br />@Bonadio<br /><br />Yes I tried it on Windows 2008 as well recently. It doesn&#39;t seem to work, it seems Microsoft has changed some things.Niels Teusinkhttp://www.blogger.com/profile/02392760369555256652noreply@blogger.comtag:blogger.com,1999:blog-7971789192074433033.post-90289910434803955512009-12-16T19:10:19.406+01:002009-12-16T19:10:19.406+01:00Hi Niels<br /><br />I downloaded an compiled Revdump 0.2, <br /><br />when I run it on my Windows 2008 server 32 bits it always says:<br /><br />D:\revdump&gt;revdump<br />RevDump 0.2 by Niels Teusink <br /><br />LsaRetrievePrivateData returned 2<br />ERR: Cannot get LSA secret, maybe this is not a domain controller or reversible<br />encryption is disabled?<br /><br />I have enabled reversible passward for just one user and changed his password.<br /><br />Am I missing anything<br /><br />ThanksBonadiohttp://www.blogger.com/profile/01852551188895147269noreply@blogger.comtag:blogger.com,1999:blog-7971789192074433033.post-708159972985707572009-10-05T17:24:12.101+02:002009-10-05T17:24:12.101+02:00A good post, looking forward to part two. This is actually very timely, I&#39;ve been asked to find out if there is some way to detect this is in use prior to diabling it.<br /><br />You mention two protocols that we could monitor for, are you aware of any others, or point me to some research in that space?<br /><br />Thanks!Jay Bensonhttp://www.blogger.com/profile/09565578576508253228noreply@blogger.com