I was wondering what tools you guys use to retrieve and crack any cached credentials for domain users on workstations. I was in a meeting about password policy and I mentioned that our computer lab computers are still set to cache credentials and store NTLM passwords for users. Later I went to one of our lab computers and used fgdump to get a list of hashes for local accounts on the machine. However, no matter what I try I can't seem to get a list of cached credentials for domain accounts that have logged in. I know that there has been plenty of activity on these machines, but I can't get at it. I tried using Cain, but I keep getting an error about LSASS. And yes, I am logging in with a local administrator account on the machine.