?
Solved

Comments Fields

Posted on 2011-02-24
6
Medium Priority
?
347 Views
Last Modified: 2012-05-11
I have noticed a potential security issue from ADUC console, associated in the comments field against a user is often what appears to be a plain text password as a "comment". I know in older domains such as 2003 general users can enumerate ad user info like name/type/decription with stuff like vbscripts.

I wondered if for local accounts on memeber servers if local accounts can have a description/comments field and if so can domain users (no elevated priveleges) see this anyhow? If so how? Is there any command they could run from cmd.exe or perhaps the computer management console that will show all local accounts on a memeber server and any comments/description fields associated with the account?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 12

Accepted Solution

by:
Navdeep earned 500 total points
ID: 34972121
They can use compmgmt.msc and check that info under local users and groups
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 500 total points
ID: 34972814
Hi,

you can try to use WMIC

type in command-line

wmic

and then

UserAccount

Regards,
Krzysztof
0
 
LVL 3

Author Comment

by:pma111
ID: 34972831
Does wmic require admin rights, whether local or domain?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34972905
only local administrative rights

Krzysztof
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34972918
Hi,
Only the administrator group members can use WMIC.EXE.
0
 
LVL 3

Author Comment

by:pma111
ID: 34972987
Will try computer management console then as I don't have local admin rights
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question