Comments Fields

I have noticed a potential security issue from ADUC console, associated in the comments field against a user is often what appears to be a plain text password as a "comment". I know in older domains such as 2003 general users can enumerate ad user info like name/type/decription with stuff like vbscripts.

I wondered if for local accounts on memeber servers if local accounts can have a description/comments field and if so can domain users (no elevated priveleges) see this anyhow? If so how? Is there any command they could run from cmd.exe or perhaps the computer management console that will show all local accounts on a memeber server and any comments/description fields associated with the account?
LVL 3
pma111Asked:
Who is Participating?
 
NavdeepConnect With a Mentor Commented:
They can use compmgmt.msc and check that info under local users and groups
0
 
Krzysztof PytkoConnect With a Mentor Senior Active Directory EngineerCommented:
Hi,

you can try to use WMIC

type in command-line

wmic

and then

UserAccount

Regards,
Krzysztof
0
 
pma111Author Commented:
Does wmic require admin rights, whether local or domain?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Krzysztof PytkoSenior Active Directory EngineerCommented:
only local administrative rights

Krzysztof
0
 
NavdeepCommented:
Hi,
Only the administrator group members can use WMIC.EXE.
0
 
pma111Author Commented:
Will try computer management console then as I don't have local admin rights
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.