AutoComplete display <uniqueID> security issue

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We are experiencing an issue with the autocomplete nameing in Outlook
2003. The AutoComplete name displays with the name followed by a
UniqueID. The issue is the UniqueID is the user logon name which
presents a security issue. Afterall, we remove the "last logon name"
from the logon dialog box for the same security reason.


Is there a way to remove the <UniqueID> portion of the autoComplete
name?


Interestingly, This unique ID shows as the SID/GUID for some users.


Thanks for any help you can give.


PJH
 
Hello,

We are a software development company that has worked extensively with the
NK2 file. We believe that we know what is going on and may be able to
provide a solution.

Would it be possible to obtain a copy of an NK2 file reflecting this data?

I can be reached at support (at) ingressor dot com.
Randy
 
Diane,
In addition to x500 data, we have verified that x509 data is stored in the
NK2 file. We can program to display that field if necessary. The NK2 picks
up a great deal more data from AD than we display because most have told us
that it is superfluous and unwanted data. We are currently looking to
program our utility to be able to read (for the purposes of suppression or
deletion) the SID/GUID record too. Unfortunately, at this time, I cannot
provide a timeline.

Just thought I'd let you know what we've found.

Randy
Diane Poremsky said:
that is their logon id - their exchange / AD alias - so no.

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)
Author, Google and Other Search Engines (Visual QuickStart Guide)






PJVKH said:
We are experiencing an issue with the autocomplete nameing in Outlook
2003. The AutoComplete name displays with the name followed by a
UniqueID. The issue is the UniqueID is the user logon name which
presents a security issue. Afterall, we remove the "last logon name"
from the logon dialog box for the same security reason.


Is there a way to remove the <UniqueID> portion of the autoComplete
name?


Interestingly, This unique ID shows as the SID/GUID for some users.


Thanks for any help you can give.


PJH
Click to expand...
Click to expand...
 
Randy said:
In addition to x500 data, we have verified that x509 data is stored
in the NK2 file. We can program to display that field if necessary. The
NK2 picks up a great deal more data from AD than we display
because most have told us that it is superfluous and unwanted data. We are
currently looking to program our utility to be able to read
(for the purposes of suppression or deletion) the SID/GUID record
too. Unfortunately, at this time, I cannot provide a timeline.
Click to expand...

You might consider allowing customization in Ingressor that is similar to
Field Chooser in Outlook whereby the user can add or remove a particular
field.
 
So, what you are telling me is that while microsoft allows a way to NOT see a
user ID in the logon dialog box, it allows it in the autocomplete section
using an .NK2 file? This is a huge security issue so I guess my next
question would be is there a way to turn Autocomplete off?
 
not at my current client site for security reasons, but I am sure it can be
replicated in a lab so you should be able to create one yourself.
 
Tools, options, email options button, advanced, suggest names.


--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)

Need Help with Common Tasks? http://www.outlook-tips.net/beginner/
 
We are fairly certain that after looking for the SID in the NK2 file that it
doesNOT exist. Rather, it appears to be tagged to the user name by the way
that the mailbox is set up.

Since you were not the first person with this problem, we were able to
obtain some other problem NK2 files and found the SID actually in the name
field of the NK2, not elsewhere.
Randy
 
The exchange mailbox alias is displayed in autocomplete ("Bill Smith
<bsmith>") but I can't repro it when the windows logon is different from the
exchange mailbox (if Bill logs into the network as 123456) - it still shows
as "Bill Smith <bsmith>". If his exchange mailbox logon is
(e-mail address removed), then it would show in autocomplete as "Bill Smith
<123456>" - and be in the GAL if someone looks at the details.

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)

Need Help with Common Tasks? http://www.outlook-tips.net/beginner/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AutoComplete Display <UniqueID> Security Issue 5
Cannot delete entry from AutoComplete 1
Gridview not displaying data - please help! 8
Outlook 2003 selects wrong entry from AutoComplete list 6
How do I delete an email address from AutoComplete suggestions? 1
How do I intentionally add names to the AutoComplete (Nickname) li 2
Autocomplete feature sends emails twice 2
Show logon name in the From field rather than display name 3

Back
Top