Solved

Comments Fields

Posted on 2011-02-24
6
343 Views
Last Modified: 2012-05-11
I have noticed a potential security issue from ADUC console, associated in the comments field against a user is often what appears to be a plain text password as a "comment". I know in older domains such as 2003 general users can enumerate ad user info like name/type/decription with stuff like vbscripts.

I wondered if for local accounts on memeber servers if local accounts can have a description/comments field and if so can domain users (no elevated priveleges) see this anyhow? If so how? Is there any command they could run from cmd.exe or perhaps the computer management console that will show all local accounts on a memeber server and any comments/description fields associated with the account?
0
Comment
Question by:pma111
  • 2
  • 2
  • 2
6 Comments
 
LVL 12

Accepted Solution

by:
Navdeep earned 125 total points
ID: 34972121
They can use compmgmt.msc and check that info under local users and groups
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 125 total points
ID: 34972814
Hi,

you can try to use WMIC

type in command-line

wmic

and then

UserAccount

Regards,
Krzysztof
0
 
LVL 3

Author Comment

by:pma111
ID: 34972831
Does wmic require admin rights, whether local or domain?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34972905
only local administrative rights

Krzysztof
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34972918
Hi,
Only the administrator group members can use WMIC.EXE.
0
 
LVL 3

Author Comment

by:pma111
ID: 34972987
Will try computer management console then as I don't have local admin rights
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question