How can one detect that users have cracked a password?
To detect this, you would either have to review the security logs regularly or
use a network sniffer to monitor users accessing shares in real time. A
combination of the two would be the most prudent. Security logging can be
switched on from the event viewer.
A network sniffer can be used to log IP's & Users accessing particular
servers or shares. In real time an administrator would be able to see which
users are accessing which shares.
Windows Privacy Tools - http//www.privacywindows.com