Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
PC Tools Disk Suite
Spyware Doctor Enterprise
Help me choose
BackOffice Server 4.0 Does Not Delete Installation Setup File
A potential vulnerability exists in the installer for BackOffice Server 4.0. The installer asks the user to provide the account userid and password for selected services and writes these to a file in order to automate the installation process. However, the file is not deleted when the installation process completes.
Issue
When a user chooses to install SQL Server, Exchange Server or Microsoft Transaction Server as part of a BackOffice 4.0 installation, the BackOffice installer program requests the name and password for the accounts associated with these services. Specifically, it asks for the account name and password for the SQL Executive Logon account, the Exchange Services Account, and the MTS Remote Administration Account. These values are stored in
BackOffice Server does not erase this file when the installation process is completed. This is true regardless of whether the installation process completes successfully or unsuccessfully. By default, the Microsoft BackOffice folder is not shared, so network access to reboot.ini generally does not pose a risk. Users who can log onto the server locally would be able to access the file, but in most cases this ability is granted only to selected users such as administrators.
The fix for this problem is to delete the file Microsoft recommends that customers ensure that they delete the file Source: Microsoft Corporation Reference: Microsoft Corporation Updated: February 12, 1999 >> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<Affected Products
Solution
Further Details
