Verify Local Account Password for Windows NT?

[rbenfield25]

Hi,
I hope someone can help me out with this. I am wondering if there is a way to verify a local account password in Windows NT. Here is what I want to do. I am creating a small program and I want to have the user sign on to Windows NT and then my program with their local NT account information. So that there is no maintenance. I can just use the same username and password as their local account and if they change the NT password so it changes for my app. Hope thats clear. Basically though. just want them to type in a username and password and my program verify that is who is logged in (I have that part figured out now) and verify that the password they typed is the correct NT password.

Thanks in advance,
Richard

[Razzle]

I don't think that this is possible. That's why Windows NT is called safe

[rbenfield25]

Thanks,
It is supposed to be, but its not quite as secure as it is cracked up to be. None the less, If anyone knows any creative ideas for testing the password I am all ears. maybe the program could do something on the system that required the user id and password and if it errors I could assume it's a bad password or if it works then it knows the password is correct. Any help is appreciated, even if its just to say it cant be done.

btw, Razzle thx for the timely reply.

Richard

[Razzle]

Well, you could try to find the place where WinNT saves the passwords and try to crack the encryption... That's the only suggestion I can think of... sorry

[rbenfield25]

Thanks for trying. That is probably a little out of my league but thanks for the help.

[WadeD]

You can use the GetUserName API to get the userID of the person logged on. You know they're an NT user with a valid password since they're logged on, and since you're reading their ID (without their intervention), you know that the person is who they signed on as. So their password becomes a mute point.

Hope this helps.

[rbenfield25]

Thanks WadeD,
While that is all true. The problem is that my app requires a bit more security than the environment. In the enviroment it will be used in there are many users who leave ther desk with their workstations still logged on. They do not lock their workstations and are not forced to keep the screensaver enabled and set to require password. My app needs to be a little more secure than that. It doesnt have to be some super ultimate secure app. But, having them key in the password and verify it with NT was one of the requirements set out for this and if at all possible I really want to do it. Thanks for all of your help though.

Richard

[Chris]

May be you can try to use the ADSI Object?

Code:

The GetInfo Method
Call GetInfo to refresh all of an ADSI object's cached properties from the underlying directory service. To refresh specific properties, use GetInfoEx.

ADSI invokes an implicit GetInfo if a Get is performed on a specific property in the property cache and no value is found. Once GetInfo has been called, an implicit call will not be repeated. If a value already exists in the property cache, however, calling Get without first calling GetInfo will retrieve the cached value rather than the most current value from the underlying directory. To obtain the most recent values for an object, always call GetInfo. Any changes you have made in the property cache will be replaced with the current values from the server. If you need to preserve your changes on the server, you should do a SetInfo to save your changes before you do a GetInfo.

Dim MyUser as IADsUser
'MyUser will be used to demonstrate an implicit GetInfo.
Dim MyUser2 as IADsUser
'Myuser2 will show the explicit GetInfo.
 
' Bind to a specific user object.
set MyUser = GetObject("LDAP://MyMachine/CN=JamesSmith,DC=Microsoft,DC=COM")
set MyUser2 = GetObject("LDAP://MyMachine/CN=JamesSmith2,DC=Microsoft,DC=COM");
 
'Code assumes that the property description has a single value in the directory.
'Note that this will IMPLICITLY call GetInfo because at the point this call is made GetInfo
'has not yet been called (implicitly or explicitly) on the MyUser object.
Debug.print "MyUser's description value is "; MyUser.Get("Description")
 
'Since GetInfo has already been called implicitly, this call is satisfied from
'the value in the cache.
Debug.print "MyUser's sAMAccountName is "; MyUser.Get("sAMAccountName")
 
' Refresh the cache explicitly to get the most current value
MyUser2.GetInfo
 
 
'Note that this call is satisfied from the cache because GetInfo has already been called
'explicitly for this object.
Debug.print "MyUser2 has the description set to "; MyUser.Get("Description")