COMMAND

    usrmgr.exe

SYSTEMS AFFECTED

    Win NT 3.1, 3.51, 4.0

PROBLEM

    This bug was found originally by Kouti Sakari.

    It appears  that a  non-privileged user  (Domain User)  can create
    local groups on the PDC.   This has the potential for a  denial of
    service attack. This can be demonstrated easily using USRMGR.EXE

    Guess is  that when  the original  NT was  designed, someone at MS
    thought the following: A normal  user can administer a folder,  if
    she  has  Full  Control.  So  with  this  "feature" she could also
    create  some  groups   on  the  server,   to  help  her   in  this
    administration.

SOLUTION

    Tell it to Microsoft.   They know about this  for years, still  no
    fix for it.