>>At least at my agency, that would violate security priciples...the NT password should be kept private from any other apps. This does mean multiple passwords, and the tendency for users to write them all down in a convenient location, unfortunately (you can see them on paper taped near the machine sometimes :)...though the easiest way for users is just to use the same one for every function, so at least they can remember it that way...
>
>Bruce,
>
>you're right. But the last sentence has one big flaw: if the do use the same password for other applications, than it's easy to hack because the encryption is not as good as the nt password encryption.

You're quite right. But what do you want, possibly breakable encryption, or users with passwords taped on the monitor? :) For our systems here, we don't have that problem much, anyway. Most internal systems do not require passwords, relying on the user NT logon only for access, and strict server directory access rights...