DOCUMENT:Q101710  26-JUL-1993  [W_NT]
TITLE   :INF: Ability to View Any User Account
PRODUCT :Windows NT
PROD/VER:3.10
OPER/SYS:WINDOWS
KEYWORDS:

----------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Windows NT operating system, version 3.1
 - Microsoft Windows NT Advanced Server, version 3.1
----------------------------------------------------------------------
 
Much of what is in the user account database is necessarily viewable
by everyone. The list of user and group accounts, for example, are
necessary for the Windows NT permissions editor to work properly.
There is, however, quite a bit of information that could have been
hidden from users. Logon time restrictions, user full names, and logon
script paths are all examples of information that could be hidden from
users. In general, the information in these fields does not represent
a security risk.
 
Of the information associated with users, there was one contentious
field that is not protected. The User Comment field information has
been used by some previous products to store a call-back phone number
for people dialing into a system. Previously, this information was
protected so that only the user could see it. This is no longer the
case.
 
Finally, not all fields of the user are visible. The password
information cannot be read by anyone, even the user of the account.
This is necessary to protect the security of the system.
 
Additional reference words: 3.10
KBCategory:
KBSubCategory: SCRTY

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1993.