Microsoft KB Archive/242575

= AUO.Init Method Can be Used to Get Information about a Recent User =

Article ID: 242575

Article Last Modified on 5/8/2002

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q242575



SYMPTOMS
When you run a program, script, or other process on the same computer as Internet Information Services (IIS), you cannot use the AUO.Init method to get information about a recent user who is still in the cache. This information may be confidential.



CAUSE
The Init method of AUO is available for any process that runs on an IIS computer. Therefore, processes that use the AUO.Init method can get information for a user from the cache.



RESOLUTION
To resolve this problem, obtain the latest service pack for Site Server 3.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

219292 How to Obtain the Latest Site Server 3.0 Service Pack



STATUS
This problem was first corrected in Site Server 3.0 Service Pack 3.



MORE INFORMATION
A registry key has been added to make the AUO.Init method private. When this key is enabled, the Init method can only be called internally. In other words, it becomes a private method.

Please note, however, that the default behavior does not change if the registry key is not enabled or does not exist.

To make the AUO.Init Method private, do the following:  Start the Registry Editor (Regedt32.exe). Locate the following key in the registry:

HKLM\Software\Microsoft\Site Server\3.0\P&M\AUO\

 On the Edit menu, click Add Value, and then add the following registry value:

Value Name: SecureAUO.Init

Data Type: REG_DWORD

Value: Enter 1 to make the AUO.Init method private.

 Quit Registry Editor.

Additional query words: security

Keywords: kbbug kbfix KB242575

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.