AUO.Init Method Can be Used to Get Information about a Recent User (242575)


The information in this article applies to:

  • Microsoft Site Server 3.0
This article was previously published under Q242575

SYMPTOMS

When you run a program, script, or other process on the same computer as Internet Information Services (IIS), you cannot use the AUO.Init method to get information about a recent user who is still in the cache. This information may be confidential.

CAUSE

The Init method of AUO is available for any process that runs on an IIS computer. Therefore, processes that use the AUO.Init method can get information for a user from the cache.

RESOLUTION

To resolve this problem, obtain the latest service pack for Site Server 3.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

219292 How to Obtain the Latest Site Server 3.0 Service Pack

STATUS

This problem was first corrected in Site Server 3.0 Service Pack 3.

MORE INFORMATION

A registry key has been added to make the AUO.Init method private. When this key is enabled, the Init method can only be called internally. In other words, it becomes a private method.

Please note, however, that the default behavior does not change if the registry key is not enabled or does not exist.

To make the AUO.Init Method private, do the following:
  1. Start the Registry Editor (Regedt32.exe).
  2. Locate the following key in the registry:

    HKLM\Software\Microsoft\Site Server\3.0\P&M\AUO\

  3. On the Edit menu, click Add Value, and then add the following registry value:

    Value Name: SecureAUO.Init
    Data Type: REG_DWORD
    Value: Enter 1 to make the AUO.Init method private.

  4. Quit Registry Editor.
Modification Type:MajorLast Reviewed:5/8/2002
Keywords:kbbug KB242575
©2002 Microsoft Corporation. All rights reserved.