Lost password recovery in NA 4.0

Hi, all do you know whether there is any known issue (or new feature?) in NA 4.0, regarding lost passwords rescue? I just discovered that the usual ??? procedure doesn’t work. [xx(] Anna

What’s the usual procedure? Isn’t it an option to just fill in a new password for the users that have lost their password? Or have you lost the superuser-password?

Tino, Entering the Question marks IS the standard procedure, you are supposed to get a code which you can send to Navision. Or better; was up until 4.0 It used to be the last option when you lost all passwords.

No in 4.0 they removed this feature. I read it in one of the documents MS released.

OK, then what is the new procedure?

Mark, Ok. Just found a thread where it (using ???) is explained; http://www.mbsonline.org/forum/topic.asp?TOPIC_ID=882&SearchTerms=password,???. [:I]

The new procedure is: You are S.O.L.!!! [}:)] If you have totally lost connection to the database, the only thing I can think of is to restore a new backup and after it finishes you add a new user before you close Navision, that always works. Other than that you’ll have to log in with another SUPER user and create a new user.

I’ve looked in up the the documentation. It says Lost Password In earlier versions of Navision, if you had forgotten your password you could get Navision to generate a code that you could give to your Microsoft Certified Business Solutions Partner who would then supply you with a new password. This functionality no longer works with Navision 4.0. So it looks like Daniel is right. You are lost…[Oops!]

The password recovery mechanism was considered a potential security threat by MS and was subsequently removed as part of the overall security focus. So now you’re back to the same situation as if you loose the only administrator password to a domain controller, SQL server etc → your basically hosed. :slight_smile: Uno


The password recovery mechanism was considered a potential security threat by MS and was subsequently removed as part of the overall security focus.
Originally posted by unojung - 2005 Sep 28 : 12:15:53

I wonder if they know about the leak in the backup functionality [:D]

Thats more equivalent to a question about physical security. Like if I can access to your server room and remove a (unencrypted) harddisk, can I put it into another machine and read everything. Guard you backup tapes well :slight_smile:

The restore backup issue is NOT a security leak. In earlier versions of Navision you had to use a password to restore a backup. THIS was a serious security breach, since it gave users a false sense of security that the backup was a secure file, which of course we know it isn’t. Thus Navision removed the password requirement so that people would realise that backups needed to be PHYSCIALY secured, i.e. lock and key. The only way to make a backup secure would be to use a public private encryption key at creation time. But if you are going to do that, then just use ZIP, which is pretty good, and compresses at the same time (though rar compresses Navision backups much better, I am not sure how good its encryption is). Though no doubt Dynamics will include the ability to encrypt backups just due to user demand. In terms of encrypting the Database, that is a whole different issue, since it means creating public encryption keys, and private keys that still need to be kept secure, so why not just lock up the server. The “tool” to recover passwords with the ??? user id, was not secure at all, and with a simple Assembler debugger, you could crack the code in a few short hours, and thus crack any database. I think it is a great move by microsoft to remove this “feature”, and substantially adds to the robustness of Navision. Its enough reason for many clients to upgrade.