Solved

Comments Fields

Posted on 2011-02-24
6
344 Views
Last Modified: 2012-05-11
I have noticed a potential security issue from ADUC console, associated in the comments field against a user is often what appears to be a plain text password as a "comment". I know in older domains such as 2003 general users can enumerate ad user info like name/type/decription with stuff like vbscripts.

I wondered if for local accounts on memeber servers if local accounts can have a description/comments field and if so can domain users (no elevated priveleges) see this anyhow? If so how? Is there any command they could run from cmd.exe or perhaps the computer management console that will show all local accounts on a memeber server and any comments/description fields associated with the account?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 12

Accepted Solution

by:
Navdeep earned 125 total points
ID: 34972121
They can use compmgmt.msc and check that info under local users and groups
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 125 total points
ID: 34972814
Hi,

you can try to use WMIC

type in command-line

wmic

and then

UserAccount

Regards,
Krzysztof
0
 
LVL 3

Author Comment

by:pma111
ID: 34972831
Does wmic require admin rights, whether local or domain?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34972905
only local administrative rights

Krzysztof
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34972918
Hi,
Only the administrator group members can use WMIC.EXE.
0
 
LVL 3

Author Comment

by:pma111
ID: 34972987
Will try computer management console then as I don't have local admin rights
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question