>> Both these attributes are DES encrypted with the user's RID. > >Btw, is this explained anywhere ? >Is there any available documentation about it ? Jeremy figured it out back in 1997 :-) http://www.insecure.org/sploits/WinNT.passwordhashes.deobfuscation.html -- Luke --