Solved

Comments Fields

Posted on 2011-02-24
6
345 Views
Last Modified: 2012-05-11
I have noticed a potential security issue from ADUC console, associated in the comments field against a user is often what appears to be a plain text password as a "comment". I know in older domains such as 2003 general users can enumerate ad user info like name/type/decription with stuff like vbscripts.

I wondered if for local accounts on memeber servers if local accounts can have a description/comments field and if so can domain users (no elevated priveleges) see this anyhow? If so how? Is there any command they could run from cmd.exe or perhaps the computer management console that will show all local accounts on a memeber server and any comments/description fields associated with the account?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 12

Accepted Solution

by:
Navdeep earned 125 total points
ID: 34972121
They can use compmgmt.msc and check that info under local users and groups
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 125 total points
ID: 34972814
Hi,

you can try to use WMIC

type in command-line

wmic

and then

UserAccount

Regards,
Krzysztof
0
 
LVL 3

Author Comment

by:pma111
ID: 34972831
Does wmic require admin rights, whether local or domain?
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34972905
only local administrative rights

Krzysztof
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34972918
Hi,
Only the administrator group members can use WMIC.EXE.
0
 
LVL 3

Author Comment

by:pma111
ID: 34972987
Will try computer management console then as I don't have local admin rights
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question