>>If you want to tell me my password, I will believe you.
>
>Well obviously I'm not going to sit here and hack though a govt firewall to prove a point. Besides the way this thead started was someone wanting to get this info into his VFP app...I assume is was running on the local network..not outside it. My point is C2 or no C2, if you're sitting in front of a workstation and the domain is a NT4 server, then YES you can get the domain passwords. As for gaining access to a VPN or Firewall or whatever..that's a completely different animal.

Wise decision. As I said to Jim, we have sniffers & tracers and you could easily be looking at prison, or at least some unpleasant court appearances. And there's no way you could get into the building. You might be able to hack the outer website if you're really good, but that is independent and the best you could do is embarrass some people a little. No passwords that way.

But see Ed's reply about the way passwords work, when set up properly with good security, you simply cannot get in and retrieve passwords under NT4/6a with the full Defense Dept. C2 security level, even when at a workstation. Passwords are NOT kept there, they work like thin clients. You'd have to be at a server (which are off-limits), minimally. In addition, I use a local server domain inside another outer domain, and I guarantee you will not get into my domain without physical server access, even if you can reach the outer domain. The outer domain cannot reach my internal domain, a double firewall. We have security lockout, of course, too. No futzing around trying different password combinations <g>

So as to the security, yes, I will bet money you cannot beat it and get a password from my domain, even given workstation access. The problem really lies on the opposite end of the spectrum, from my perspective - when machines go bad, they are very difficult to repair even with the best tools around. We generally end up needing to re-image and reset everything.

And the second problem is conversion, after years of implementing this sort of security on one system (NT), a conversion is a nightmare - and there might be your best chance to get a PW, during or soon after conversion from the NT. Guess I won't be announcing any plans <g>