to validate passwords against a single password entered as a parameter?
In our efforts to secure out network, it has come to the attention of many that the same password has been used all over the place. This often happens with "temporary" accounts, password resets that are never subsequently changed, etc.
It is possible to check all accounts on the domain and all accounts on all windows computers for a password equal to a specific string? i.e. Find and flag all accounts with a password of %Pa$$w0rD% (Just so I'm not spreading news of the vulnerability, that is NOT the password I'm looking for). I saw somewhere, and maybe have, a Powershell script that looks for a blank password. I believe what it did was try to change the password to "", and if there was no error (or vice versa) the password was already blank. Initially, I just want to report the accounts using a specified password.
I'm sure this can be done with a 3rd party application but to verify en masse, the product probably wouldn't be free. Like Powershell :)