locked
如何檢查到本機的某帳戶曾更改過密碼 ??? RRS feed

  • 問題

  • 由於事前沒有作 Security Aduit 的設定, 故沒有 Security Log 可查看, 事後有沒有方法可以從 Registery 或其他的 Windows 記錄可知道有沒有某帳戶曾更改過密碼的時間??

     

    發生情況的電腦為 Windows 2000 SP4 繁體中文版。

     

    謝謝 !!

    2008年4月17日 9:38

解答

  • is it a Domain computer and Domain User? If so, you may check the AD.

    You could download and install the Windows 2003 Support Tools from http://go.microsoft.com/fwlink/?LinkId=100114 (in your case, you may have to find your Win2000 Server CD, there is a /Support folder. More detail in http://support.microsoft.com/kb/301423)

     

    And you run the mmc, add/remove snap-in and add the ADSIEdit.

    Browse to your DC and find your user (Say if your domain is your_DomainName.com, then by default, go to DC=your_DomainName, DC=COM-->CN=Users except you moved your user to other OU).

    From right hand side, find the user you want to get, right click and select Properties. A "CN=userName" properties windows comes up and you can browse and search "pwdLastSet". This value is the time value in 8 Byte==64 bit.

     

    You may open a C# project, and do the follow to get the datetime from this value.

    DateTime pwdChangeDate;

    pwdChangeDate = new DateTime('the value you got from ADSIEdit');

    pwdChangeDate = pwdChangeDate.AddYears(1600);

     

    Why I add 1600, because the value is start from 1st, Jan, 1600 00:00:00

     

    Hope I could answer your question. 這篇文章有用嗎?

    2008年4月23日 7:49

所有回覆

  • is it a Domain computer and Domain User? If so, you may check the AD.

    You could download and install the Windows 2003 Support Tools from http://go.microsoft.com/fwlink/?LinkId=100114 (in your case, you may have to find your Win2000 Server CD, there is a /Support folder. More detail in http://support.microsoft.com/kb/301423)

     

    And you run the mmc, add/remove snap-in and add the ADSIEdit.

    Browse to your DC and find your user (Say if your domain is your_DomainName.com, then by default, go to DC=your_DomainName, DC=COM-->CN=Users except you moved your user to other OU).

    From right hand side, find the user you want to get, right click and select Properties. A "CN=userName" properties windows comes up and you can browse and search "pwdLastSet". This value is the time value in 8 Byte==64 bit.

     

    You may open a C# project, and do the follow to get the datetime from this value.

    DateTime pwdChangeDate;

    pwdChangeDate = new DateTime('the value you got from ADSIEdit');

    pwdChangeDate = pwdChangeDate.AddYears(1600);

     

    Why I add 1600, because the value is start from 1st, Jan, 1600 00:00:00

     

    Hope I could answer your question. 這篇文章有用嗎?

    2008年4月23日 7:49
  • Dear CKTang,

     

    Did my answer help you to solve your problem?

    2008年6月10日 2:49