Machine password encrypted by admin password in SP3?

Paul Ashton paul at argo.demon.co.uk
Tue Apr 21 20:55:15 GMT 1998


paulle at microsoft.com said:
> You have to add the workstation to the DC _from the workstation_ by
> specifying the name of an account with the right to create machine accounts
> and its password. Usually, that's an admin. If you add the account at the
> PDC (or remotely to the PDC from a workstation already in the domain) it
> will create a well known password (the machine name) for the new machine.
> That's not what we're talking about here.

So, since in SP2 or less you didn't do this, the SP3 workstation has
to be compatible with a non-SP3 PDC. So presumably if I'm listening
on the wire I can forge a negative acknowledgement to the presumably
new RPC that requests a secure machine password change, as long
as I can reply quicker than the SP3 PDC? Then the SP3 workstation
would end up with password=hostname?

Paul



More information about the samba-ntdom mailing list