MS99-036: Unattended Installation File Is Not Deleted After Setup Finishes

This article was previously published under Q241219
This article has been archived. It is offered "as is" and will no longer be updated.
When an unattended Windows NT 4.0 installation process finishes, a copy of the Unattend.txt file that contains installation parameters may remain on the hard disk. Depending on the method used to perform the installation, the file may contain sensitive information, potentially including the local Administrator user name and password.
To resolve this issue, ensure that the Unattend.txt file is reviewed and any sensitive information (including account information and passwords) is erased from the file, or delete the file altogether, after you perform an unattended installation of Windows NT 4.0.

To delete the file the first time a user logs on to the computer, use the Runonce feature in Windows NT 4.0 to run a batch file containing a command to delete the .inf file (depending on your type of Setup) containing the Setup information. For additional information about using the Runonce feature, please click the article number below to view the article in the Microsoft Knowledge Base:
158447 How to Run a Program Only Once After Unattended Setup of Windows NT
When you perform an unattended installation of Windows NT 4.0, the installation parameters are included in the Unattend.txt file. Depending on the specific installation, the parameter file may contain sensitive information such as account identifiers and passwords. A vulnerability exists because the installation process copies the parameter file to a file in the %SystemRoot%\System32 folder (the $winnt$.inf file for a typical unattended installation, or the $nt4pre$.inf file if you use the System Preparation [Sysprep] tool), but does not delete the file when the installation is finished. By default, this file can be read by any user who is logged on locally.

For additional information about unattended installation, please click the article numbers below to view the articles in the Microsoft Knowledge Base:
155197 Unattended Setup Parameters for Unattend.txt File
158484 INFO: How to Set the Administrator Password During Unattended Setup
More information about the Sysprep tool is available at the following Microsoft Web site:

Microsoft Windows 2000

This does not affect installations of Windows 2000. During an unattended installation of Windows 2000, the Setup process deletes all sensitive information from the parameter file (upon successful completion). This occurs regardless of whether a normal unattended installation is performed or if Sysprep is used.

Article ID: 241219 - Last Review: 02/21/2014 00:38:06 - Revision: 2.2

Microsoft Windows NT Server 4.0, Terminal Server Edition, Microsoft Windows NT Workstation 4.0 Developer Edition, Microsoft Windows NT Server 4.0 Standard Edition, Microsoft Windows NT Server 4.0 Enterprise Edition, Microsoft BackOffice Server 4.0, Microsoft BackOffice Small Business Server 4.5

  • kbnosurvey kbarchive kbprb kbsecbulletin kbsecurity kbsetup KB241219