Account.Edit.PasswordHashes

Account.Edit.PasswordHashes

Sets or edits Windows NT4, 2000 or 2003 server user account password hashes

Notice: This command cannot set hashes without full Administrative rights. This command can thus not be used to reset a forgotten administrator password.

Windows server does not store the actual passwords entered, instead it stores one-way encrypted representations of passwords, called hashes. It is possible to transfer passwords from one Windows server to another, or from a Windows server to a Linux Samba server or vice versa, by copying password hashes.

Use Data.Get.SAM.PasswordHashes to extract hashes from a Windows NT, 2000 or 2003 server.

Requirements

·	128-bit encryption must be installed locally on the computer running AdmWin

·	128-bit encryption must be installed on the server on which to edit hashes

·	Remote admin service

·	General security requirements

Category
SamAccount

Script section
All, but usually [Batch], inside Data.Loop..EndLoop statement

Account.Edit.PasswordHashes \\Machine, SamAccountName, lmPassword, ntPassword

\\Machine

NetBIOS server name

SamAccountName

SamAccountName of account to edit hashes for

lmPassword

Lanman password hash (for non-NT clients - Windows 95, 98, ME)

Format: 32 character hex string or "INACTIVE" (without quotes) to disable hash

ntPassword

NT password hash (for NT clients - NT, 2000, XP, 2003)

Format: 32 character hex string or "INACTIVE" (without quotes) to disable hash

Full examples

·	Transfer accounts from Samba to Windows

·	Transfer accounts from Windows to Windows