No announcement yet.

'copypwd set' always sets a blank password

  • Filter
  • Time
  • Show
Clear All
new posts

  • 'copypwd set' always sets a blank password

    Am trying to use copypwd to save and restore password hashes on Win2003 Server SP1, but whenever i set a password it gets set as blank.

    Running locally, tried "change at next login"/"password never expires" set/unset, tried NoLMHash policy set/unset.

    Steps to reproduce:

    - Set users password to "password"
    - copypwd dump > copypwd.txt
    - remove all but the users hash:
    username:8846f7eaee8fb117ad06bdd830b7586ce52cac674 19a9a224a3b108f3fa6cb6d
    - copypwd set
    - copypwd dump > copypwd2.txt
    - hash is now:
    username:31d6cfe0d16ae931b73c59d7e0c089c0aad3b435b 51404eeaad3b435b51404ee
    which corrosponds to a blank password (note the last 2x16 bytes).

    Has anyone else come across this or know how to fix it?

  • #2
    Re: 'copypwd set' always sets a blank password

    I'm having the same problem here. Attempts to set any password results in a blank password.


    • #3
      Re: 'copypwd set' always sets a blank password

      Since CopyPwd has been around a while, I would assume that this is a problem unique to Windows 2003, possibly with a specific service pack or update. There isn't anything that we can do with the current release of CopyPwd to work around this.

      Another user found a problem with CopyPwd and Vista, which implements new security protocols. Due to this change, a fairly significant change was required to CopyPwd to work under Vista and this change might also allow it to run under Windows 2003.

      If you want to run this new version of CopyPwd, let me know and I'll email you a revision. Since CopyPwd is open source the customer in this case modified the application (we didn't perform the changes), but we will have to build/compile the application on our end.

      Also, you need to verify that you are not running CopyPwd under a remote or terminal service session, since this is known to not work.
      Kevin Stanush
      SystemTools Software Inc.


      • #4
        Re: 'copypwd set' always sets a blank password

        Yes, I'd very much appreciate it if you could email me an update.

        I was running from the console, not a terminal session, so no issues from that. I looked at the source code and was thinking about fiddling with it but I don't have the ntsecapi.h file it references so I couldn't try anything. One thing I noticed is that the USER_INFO_18 structure appears to be 3 bytes longer than what the program sends so I wonder if 2003 is getting upset over that, although it doesn't return an error code.


        • #5
          Re: 'copypwd set' always sets a blank password

          OK, working with Kevin at SystemTools we found the solution. When you're using copypwd on a Windows Server 2003 domain controller, the box you're running it on needs to have the PDC emulator role.