Test Domains and the Lanman Hash

I had an interesting thought this week. “Did we disable lanman hash storage on the test domains?” This is an important consideration. We use software to synchronize passwords from the production domain to the test domain for people in the I.T. department and HR. That would expose production passwords.
I looked at the primary test domain and found that we had indeed disabled the lanman hash.
On the other test domain, I found that we hadn’t disabled the lanman hash storage. I was able to use my rainbow tables and in a couple of hours I had 100 percent of the passwords. About 40 of those passwords were synched over from the production domain, so I was able to obtain the production password for the lead SA, my manager and the director.
So, the lesson learned here is to apply your hardening guide on your test domains.