un-removable user custom user managment tool

[John Lange <lists () DARKCORE NET>]

Several people have asked me for the tool I used to add user names with
invalid characters so here it is. Unzip it and put both files in an IIS
directory with "execute" permissions and then open the html page in your
browser. While the tool shows several buttons, the only one that works is
the portion for adding users. It will give an error after it adds the user
but it does work. Just hit back on your browser and refresh the page.

Do NOT try this on a server that needs to be secure. Credit for this code
goes to Jeff Also.

I should also like to point out that the "un-removable user vulnerability"
as I originally posted it is really more of a bug with some possible
security implications. Some people seem to have gotten very upset with the
use of the word "vulnerability" so perhaps it wasn't the best choice of
words.

Just to clarify, this "bug" in WindowsNT allows users to be added which can
not be removed using the regular WindowsNT GUI User Management tool. Other
people have reported that the user can be removed using "net user <username>
/delete", but I have not been able to reproduce this in my testing. I want
to make it clear that I have a very limited ability to test these things
since we don't run WindowsNT servers. I only have a single machine that runs
WindowsNT workstation for testing.

In my original post I stated that unless you have special tools, you would
have to rebuild the machine to remove the user. I still believe this to be
true but others have said this is not true and I hope they are correct. As
far as I'm aware, the only 2 ways to add users (without custom tools) on NT
is via the GUI, or the "net user command". Neither of these will allow you
to remove users with special characters in their names.

Let me say again, "using the normal WindowsNT User Management Interface".
There is a multitude of other ways to do this so please don't email me
telling me about them because that is exactly the point of this post; You
have to resort to special methods to remove (or add) users. That can
potentially be a problem for NT administrators.

John Lange
johnl () clearoption com
Clear Option Technologies

Attachment: webadmin.zip
Description: