[unisog] removing LM hashes from a large Active Directory

Russell Fulton r.fulton at auckland.ac.nz
Tue Feb 26 22:20:05 GMT 2008


Hi Folks

Some time ago we turned off LM authentication on our AD and we would  
now like to get rid of the LM hashes from the directory.  Resetting  
passwords will do this but we really don't want to force everyone to  
change their passwords out of the normal schedule (there are tens of  
thousands of accounts).

I've found ThrashLM <http://www.toolcrypt.org/index.html?thrashlm>  
which claims to be able to do this but have not yet tried it.

Anyone else know of any other approaches?

Russell


More information about the unisog mailing list