Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Microsoft NT "un-removable user" Vulnerability.
From: Ben <bda20 () CAM AC UK>
Date: Thu, 7 Sep 2000 08:40:24 +0100

On Wed, 6 Sep 2000, Steve wrote:

Hash: SHA1

After your email, I retested this in NT4 SP6a and it is still true.

What build?  Any hotfixes?  I have re-tested this on three different
NT 4.0 SP6a+all hotfixes and cannot replicate the issue.  I will ask
again, what custom user manager are you using?

We have an NT4.0 Server with SP5+all current post SP5 hotfixes.  While I have
been unable to replicate this user-specific bahaviour, I have noticed something
concerning the ADDUSERS command included in the NT4.0 Resource Kit.

If you use ADDUSERS and add the users and groups from a file, you're supposed
to seperate the values for each user/group (name, home dir, profile path) with
commas.  My technician in her innocence used tabs.  On reading in this file in
we ended up with a group of the name

TEMP|temporary group|jb100|js200|tr543

On trying to delete this group via the User Manager for Domains various errors
cropped up claiming the syntax was invalid or the volume label was invalid.  It
took Hyena (http://www.adkins-resource.com/) to get rid of it.  I wouldn't be
suprised if the "custom user manager" he's talking about is Hyena.

If I'm using the command incorrectly, please let me know. I'm not
sure how to escape characters in NT (I also tried "net user
testuser\; /delete" and various other forms but none worked.

Try a "NET USER /?" to get the proper syntax.  I use "NET USER
testuser; /DELETE and it works fine on my test boxes.  I am going to
toss my SP4 image on to a box later today and see if there is a

With our setup we were also unable to remove this bad group with any of the
command line utilities, resource kit or otherwise.

Sysadmin, Faculty of History, Cambridge University, England
Tel: +44 (0)1223 (3)35315  |  Email: Ben () hist cam ac uk
Plugger of wire, typer of keyboard, imparter of Clue

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]