DOCUMENT:Q241219 09-MAY-2002 [winnt] TITLE :MS99-036: Unattended Installation File Not Deleted After Setup PRODUCT :Microsoft Windows NT PROD/VER::4.0,4.5 OPER/SYS: KEYWORDS:kbsetup kbSecurity KbSECBulletin ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Workstation version 4.0 - Microsoft Windows NT Server version 4.0 - Microsoft Windows NT Server, Enterprise Edition version 4.0 - Microsoft Windows NT Server version 4.0, Terminal Server Edition - Microsoft BackOffice Server 4.0 - Microsoft BackOffice Small Business Server version 4.5 ------------------------------------------------------------------------------- SYMPTOMS ======== When an unattended Windows NT 4.0 installation process finishes, a copy of the Unattend.txt file that contains installation parameters may remain on the hard disk. Depending on the method used to perform the installation, the file may contain sensitive information, potentially including the local Administrator user name and password. RESOLUTION ========== To resolve this issue, ensure that the Unattend.txt file is reviewed and any sensitive information (including account information and passwords) is erased from the file, or delete the file altogether, after you perform an unattended installation of Windows NT 4.0. To delete the file the first time a user logs on to the computer, use the Runonce feature in Windows NT 4.0 to run a batch file containing a command to delete the .inf file (depending on your type of Setup) containing the Setup information. For additional information about using the Runonce feature, please click the article number below to view the article in the Microsoft Knowledge Base: Q158447 How to Run a Program Only Once After Unattended Setup of Windows NT MORE INFORMATION ================ When you perform an unattended installation of Windows NT 4.0, the installation parameters are included in the Unattend.txt file. Depending on the specific installation, the parameter file may contain sensitive information such as account identifiers and passwords. A vulnerability exists because the installation process copies the parameter file to a file in the %SystemRoot%\System32 folder (the $winnt$.inf file for a typical unattended installation, or the $nt4pre$.inf file if you use the System Preparation [Sysprep] tool), but does not delete the file when the installation is finished. By default, this file can be read by any user who is logged on locally. For additional information about unattended installation, please click the article numbers below to view the articles in the Microsoft Knowledge Base: Q155197 Unattended Setup Parameters for Unattend.txt File Q158484 INFO: How to Set the Administrator Password During Unattended Setup More information about the Sysprep tool is available at the following Microsoft Web site: http://www.microsoft.com/ntworkstation/technicalresources/deployment/DeploymentDocs/deploy/DeployTools/SysPrep.asp Microsoft Windows 2000 ---------------------- This does not affect installations of Windows 2000. During an unattended installation of Windows 2000, the Setup process deletes all sensitive information from the parameter file (upon successful completion). This occurs regardless of whether a normal unattended installation is performed or if Sysprep is used. Additional query words: security_patch ====================================================================== Keywords : kbsetup kbSecurity KbSECBulletin Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT400search kbWinNTSsearch kbWinNTSEntSearch kbWinNTSEnt400 kbWinNTS400search kbWinNTS400 kbNTTermServ400 kbNTTermServSearch kbAudDeveloper kbBackOfficeSearch kbSBServSearch kbBackOfficeServ400 kbSBServ450 Version : :4.0,4.5 Hardware : ALPHA x86 Issue type : kbprb ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.