You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed when using the lsadump::changentlm and lsadump::setntlm, that the SETPASSWORD privilege is still being requested. I see the following information in my Active Directory event logs after performing a password change:
*Event 4661 with privilege request for SetPassword (without knowledge of old password) (screenshot attached)
*Event 4723 for an attempt made to change an account's password
*Event 4738 for a user account being changed for the Password Last Set value
Domain Controller is Windows Server 2016:
Major: 10
Minor: 0
Build: 14393
Revision: 0
The text was updated successfully, but these errors were encountered:
I may have misunderstood the intent of this command. I thought it would update the NTLM for a user without triggering the SETPASSWORD flag and avoid detection in event logs.
I noticed when using the lsadump::changentlm and lsadump::setntlm, that the SETPASSWORD privilege is still being requested. I see the following information in my Active Directory event logs after performing a password change:
*Event 4661 with privilege request for SetPassword (without knowledge of old password) (screenshot attached)
*Event 4723 for an attempt made to change an account's password
*Event 4738 for a user account being changed for the Password Last Set value
Domain Controller is Windows Server 2016:
Major: 10
Minor: 0
Build: 14393
Revision: 0
The text was updated successfully, but these errors were encountered: