I'm in a corporate domain. My computer has Windows 7 and Office 2007, so I guess that the server is running Windows Server 2008 or something similar. I am allowed to change the password of my computer and I did so. The questions are:
- Can the domain administrator see my password?
- (I guess this one's answer is the same as the previous one, but...) Can the admin see encrypted folders using the pre-bitlocker Encrypting File System feature in Windows Explorer?
2 Answers
First off - you are running windows 7 - but that doesn't necessarily mean a 2008 DC (Domain Controller). It could be anything from windows 2000 server right up to 2012R2! - they can all manage your domain to a certain extent! The suggestion that you are using EFS instead of bitlocker would actually imply slightly older domain controllers.
A domain admin cannot see or retrieve a password, but can set a new one by using a console called the "Active Directory Users and Computers Snap-in" or the AD Administrative Centre.. they could also use VBScript, Powershell or any other number of methods to set a password, but cannot reveal it once set!
Re: admins reading encrypted folders This Technet Article states that if a "recovery agent key" has been set - then yes, they can, otherwise - no they can't.
No, he can only impose password rules and reset password.