By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
What are the security considerations when resetting passwords?
Let us say, for example, that you are at a Win2k Pro desktop doing the password reset via Active Directory (AD) for users and computers. The focus of the MMC console is on the domain controller where you authenticated at log on. When you reset the password, you do not transfer the new password in clear text. It is passed in encrypted format over a secure channel between your desktop and the server. The new password is not stored as clear text in AD. It is hashed in such a way that the original password cannot be recovered and the hash is stored. There are caveats for legacy LanMan passwords but this is the gist of the process. Therefore, the main security consideration is that you, as the administrator, know the user's password. You can avoid this problem by setting the account control so that the user must change that password immediately after logging on.