Can an administrator of a Windows domain see a user's password?

4

I'm in a corporate domain. My computer has Windows 7 and Office 2007, so I guess that the server is running Windows Server 2008 or something similar. I am allowed to change the password of my computer and I did so. The questions are:

  1. Can the domain administrator see my password?
  2. (I guess this one's answer is the same as the previous one, but...) Can the admin see encrypted folders using the pre-bitlocker Encrypting File System feature in Windows Explorer?

s_a

Posted 2014-04-03T12:32:46.500

Reputation: 1 710

Answers

4

First off - you are running windows 7 - but that doesn't necessarily mean a 2008 DC (Domain Controller). It could be anything from windows 2000 server right up to 2012R2! - they can all manage your domain to a certain extent! The suggestion that you are using EFS instead of bitlocker would actually imply slightly older domain controllers.

A domain admin cannot see or retrieve a password, but can set a new one by using a console called the "Active Directory Users and Computers Snap-in" or the AD Administrative Centre.. they could also use VBScript, Powershell or any other number of methods to set a password, but cannot reveal it once set!

Re: admins reading encrypted folders This Technet Article states that if a "recovery agent key" has been set - then yes, they can, otherwise - no they can't.

Fazer87

Posted 2014-04-03T12:32:46.500

Reputation: 11 177

3

No, he can only impose password rules and reset password.

Ivan Ičin

Posted 2014-04-03T12:32:46.500

Reputation: 131

Asked: 2014-04-03T12:32:46.500

Viewed: 24 222 times

Active: 2015-09-12T07:44:27.687