>I use a method documented in MSDN Q180548. Basically, it tries to logon the user with the given password and, if successful...
>
>BTW, as far as I remember, the code in that article has several bugs. Anyway, there's the basic idea.
>
Thanks for the info on this.
>Yes and no. Basically, in NT, it's impossible to check a password without a logon. Since the number of failed logons can be limited (using the User Manager program), the number of tries to guess a password can be limited. So, there's not much danger here.
>
Gotcha. Didn't think about the limited logon tries off the top of my head.
>It's worth noticing that any serious OS must allow user impersonation (is there such a word in English?), thus, it must expose a method to programatically logon a user. So, any good system admin should limit the number of failed logons in order to protect the system against password "guessing".
>
>Vlad
Yeah, we use the "user impersonation" term. :-) And I see your point here. Thanks.
Bill
William A. Caton III
Software Engineer
MAXIMUS
Atlanta, Ga.