Database source and working mode
|Top Previous Next|
Accounts database source allows to select between local and Active Directory accounts. Please note that to work with AD, you should use ESR on the server (domain controller) running Windows Server 2000/2003/2008/2012.
•Work with local computer accounts (SAM)
•Work with Active Directory accounts (ntds.dit)
•Change account password and properties
•Dump password hashes for further audit/recovery
•Dump Domain Cached Credentials
•Backup Registry or Active Directory to archive
•Restore Registry or AD from backup
•SAM database editor
If you already changed some account properties or password(s) and would like to rollback the changes, select the last option: Restore Registry or AD from backup (you will be prompted for locations of backup copy of SAM or AD database). Otherwise, select Change account password and properties (to change/reset passwords to user accounts, unlock disabled or locked accounts etc), or Dump password hashes ..., if you would like just to dump password hashes from AD or local SAM into the text file for further analysis/recovery in other software like Proactive Password Auditor or Elcomsoft Distributed Password Recovery. Finally, you can backup the Registry (SAM and SYSTEM) or Active Directory database (ntds.dit).
When you dump local password hashes (from SAM), password history hashes are also extracted (and saved into the dump file).
Password hashes can be saved (into the "standard" dump) file in ASCII or UNICODE character set. After dumping, the program asks would you like to open that file in the Notepad; please note that if the user names or comments use non-US alphabet, they will be shown correctly only in UNICODE (and in ASCII dump file, you may see just the asterisks).
Finally, SAM database editor allows to edit all the fields in SAM database, that contain the advanced properties of local user accounts.