Microsoft KB Archive/101710

From BetaArchive Wiki
Knowledge Base


Ability to View Any User Account

Article ID: 101710

Article Last Modified on 11/1/2006



APPLIES TO

  • Microsoft Windows NT Advanced Server 3.1
  • Microsoft Windows NT Workstation 3.1
  • Microsoft Windows NT Advanced Server 3.1
  • Microsoft Windows NT Server 3.5
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Workstation 3.5
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0 Developer Edition



This article was previously published under Q101710



Much of what is in the user account database is necessarily viewable by everyone. The list of user and group accounts, for example, are necessary for the Windows NT permissions editor to work properly. There is, however, quite a bit of information that could have been hidden from users. Logon time restrictions, user full names, and logon script paths are all examples of information that could be hidden from users. In general, the information in these fields does not represent a security risk.

Of the information associated with users, there was one contentious field that is not protected. The User Comment field information has been used by some previous products to store a call-back phone number for people dialing into a system. Previously, this information was protected so that only the user could see it. This is no longer the case.

Finally, not all fields of the user are visible. The password information cannot be read by anyone, even the user of the account. This is necessary to protect the security of the system.


Keywords: KB101710