COMMAND

    $winnt$.inf

SYSTEMS AFFECTED

    Win NT

PROBLEM

    During an unattended or automated installation of Windows NT  4.0,
    the Unattend.txt answer file  will contain the computer  name used
    during  the  installation.  The  answer  file  is  parsed  at  the
    beginning of setup and additional setup information is appended to
    a new file and  saved as $WinNT$.inf in  the %systemroot%\system32
    directory.

    Victor Fernandes found following.  This file is not deleted  after
    the installation.   If the  installation is  done with  unattended
    mode this file will contain in the [Network] section a line like:

        CreateComputerAccount = "user","password"

    Because the user account,  normally used, has special  privileges,
    like creating computer accounts on the domain and certainly others
    (e.g.: special share access) this account can be used by any  user
    that happens to open this file. Here is an real part of this file:

        [Network]
        DetectAdapters = ""
        InstallProtocols = "ProtocolsSection"
        InstallServices = "ServicesSection"
        JoinDomain = "RAPO"
        CreateComputerAccount = "Administrator","YardleY9"

SOLUTION

    Unless  we  change  the  password  after  each  installation  this
    represents for me a security problem.  Microsoft doesn't recommend
    to use CreateComputerAccount  entry in Unattend.txt  file, because
    anyone  who  has  Read  permission  can  find out the username and
    password of the user who has right to add workstations to  domain.
    It  recommends   to  create   workstation  accounts   before   the
    installation using Server Manager. Refer to KB Article ID: Q167364
    for more information.  Also, there is a another way to delete  it.
    This is done in  Microsoft's Zero Administration Kit  (ZAK), which
    includes a "standard" unattended  installation and a set  of .cmd,
    .reg, etc.  files to  increase NT  security so  one can  very easy
    insert  DEL  command  into  one  of  ZAK's  script  to  delete the
    $winnt$.inf file.  You can download ZAK from:

        http://www.microsoft.com/windows/zak/getzak.htm

    In the Microsoft's "Deployment Guide/Automating Windows NT  Setup"
    one can read NT  setup includes a feature  that will allow you  to
    execute a program during the graphical mode portion of setup.   So
    we can  do our  work without  ZAK.   These additional informations
    are Alexey Doumov credit.