Re: name of built-in administrator

[dleblanc () MINDSPRING COM (David LeBlanc)]

At 10:34 AM 4/28/98 -0500, Dominique Brezinski wrote:
> This is a known issue that has been reported to MS already. The two well
> known commercial vulnerability scanners use this technique to determine the
> administrator account name. At least one of them also tries to list all the
> user names through this method.

Just a note about who gets credit for this one - Dominique and I worked on
this together at the first part of the year.  We'd both batted some theory
around, and I wrote the first code to accomplish this - he then took it and
improved on it significantly.  I certainly have to share the credit with
him as it was definately a joint effort.

To the best of my knowledge, no one else (outside MS) knew about this when
we worked it out.


David LeBlanc
dleblanc () mindspring com