Administrator Use

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Need advice about reinstallation of XP with Service Pack I. I have had to reinstall WindowsXP with a disk containing only service pack I. So I have lost all my previous downloaded Microsoft upgrades including the Service Pack II. Can someone help me with the method of redownloading all the past upgrades I had over the past 1.5 years? Please help, Frank Tag: Administrator Use Tag: 77603
  - 2
    - Defending ARP Spoofing Hi all, I want to build up a resource containing all possibilities to defend ARP spoofing. As I think ARP spoofing is one of the most powerful, easiest and underestimated attacks I want to know all your tricks, patches, anything that you know/apply to defend ARP spoofing. I know the standard things to do (like static ARP entries and so on), what I want to know from you is something like: -OS x has a patch y which helps preventing ARP spoofing (like antidote) or -OS x in version y has a small built in ARP prevention (like SunOS) or -Firewall/IDS x is able to prevent/detect ARP spoofing Also welcome are new thoughts about ARP spoofing prevention (like S-ARP or Secure Link Layer). Give me all your information, tricks and tips, so I can build up a complete resource. Thanks a lot, Chris Tag: Administrator Use Tag: 77599
  - 3
    - Security- is this from you? I checked by information and it is okay. I did not click on the link enclosed. Dear MSN customer, Update your billing information! We have been unable to charge your credit card for your MSN Microsoft Online Services. The following credit card is the current payment method on your billing account. If your services have not already been suspended, they will be suspended within 30 days unless we receive updated billing information.(If payment is due for other Microsoft services purchased with the above card, those services may also be suspended.) To avoid possible suspension of your services or to reactivate suspended services, please immediately provide a valid credit card and a current expiration date. To view or change your billing account, go to https://billing.microsoft.com To update your payment information or select a different payment method, click Billing Information. For payment history and online billing statement, click Monthly statement. If you have already resolved this issue, please disregard this notice and accept our thanks. Thank you for using Microsoft Online Services! Microsoft Customer Support -------------------------------------------------------------------------------- Note: Please do not respond to this message. To receive notifications at a different e-mail address, sign in to your account at https://billing.microsoft.com select 'Personal information', then click 'Update this information', change the 'E-mail address', and click 'Save'. Form: 4 Tag: Administrator Use Tag: 77597
  - 4
    - hidden searchverity folder hi. i have just found a hidden system folder called searchverity in 'my documents'. it doesn't show up with windows explorer even with the relevant hidden and system options selected. the files in it do not show up when using search with hidden/system files checked. i found this directory using a 3rd party file manager. my question is - is this likely to be spyware. i would like to be sure before deleting something important? i have antivirus and antispy and neither have detected anything unusual. many thanks Tag: Administrator Use Tag: 77596
  - 5
    - Windows Event Log consolidator public beta We have created a Windows Event log consolidator which is available from http://www.sacs.co.za with the following attributes... some of them only available in final version. SACS Event Consolidator is available for download and public beta test on the Windows Event Log consolidation to a central server with reporting. Single server which can handle 1000 concurrent connections with a no-configuration SQL database with end-user configurable reporting. Final version expected December 2005. SACS Event Consolidator Final Version: a.. Centrally log Windows Events, syslog and SNMP to a central server b.. Scalable SQL server c.. Report writer exporting to HTML, PDF, XLS, RTF and BMP d.. Professional version handles up to 1000 concurrent connections e.. Store-for-forward architecture f.. Centralised audit management and configuration based on classification of machine g.. Centralised domain wide agent installation and configuration h.. and more... http://www.sacs.co.za/index.php?option=com_remository&Itemid=27&func=selectcat&cat=6 Please do not hesitate to give comments and suggestions... Tag: Administrator Use Tag: 77592
  - 6
    - Win2003 firewall and mssql Hi, Yesterday i've activated the SP1 firewall on a win2003 server. On this server i've Mysql and MSSQL running. I've activated all the ports needed Right now everything works except MSSQL On the firewall i've opened port 1433 tcp and udp and the port 1434 udp. The error i get from some scripts when the firewall is on is: Microsoft OLE DB Provider for SQL Server error '80004005' [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied. Obviously on the server network utility I've checked that the actived tcp/ip port is the 1433. How can I resolve this issue? Thanks. Tag: Administrator Use Tag: 77590
  - 7
    - Hotmail Problem saying account closed access denied I was in my hotmail account and pulled up the msn messenger and clicked on the upgrade to the 7.5 and installed it after that i could not access my hotmail at all cant get my profile nothing of my mail saying account closed access denied.. running xp sp2 ie6, my nic is rose34l@hotmail.com everything is correct when i try to sign in i can get my messenger to sign on but cant get my email.... please help have had this account 8 years you can reach me at rlicausi34@comcast.net if you have a solution to this problem i've tried everything.. Tag: Administrator Use Tag: 77586
  - 8
    - Scanner problem Welly well well, I try to run the scan at http://safety.live.com/site/en-us/downloads/default.htm ; but it stops loading after two sec and tells me it's blocking active content, now I try to disable blocking but it doesnt work. I also tried to lower security and put the address in the safe places list but to no avail. I posted the above at some other newsgroup here and since then I have tried to fix it by deleting the Safety Scanner files on my drive; now IE just crashes with a message telling me something is wrong with the Safety Scanner component when I try to reinstall it. Can I somehow fix this new problem? Tag: Administrator Use Tag: 77579
  - 9
    - Hotmail problems - account closed I am logged into MSN messenger no problem, but when I try to check my emails, I get this message: Account Closed. Access Denied. What is wrong? Tag: Administrator Use Tag: 77575
  - 10
    - Windows Millienum ME Does anyone know how I can block others from opening my start menu and opening my desktop folders? Tag: Administrator Use Tag: 77568
  - 11
    - Looking for some (free) tool like sitekiosk... Hi, i am looking for some free or open-source tool like sitekiosk. Does anybody know some software like it? Thanks in advance... Best Regards Kerem Gümrükcü Tag: Administrator Use Tag: 77557
  - 12
    - Microsoft Anti-Spyware Beta has got a name. If you're into it... http://blogs.technet.com/antimalware/ -- Galen - MS MVP - Windows (Shell/User & IE) http://dts-l.org/ "A man should keep his little brain attic stocked with all the furniture that he is likely to use, and the rest he can put away in the lumber-room of his library where he can get it if he wants it." Sherlock Holmes Tag: Administrator Use Tag: 77555
  - 13
    - online threats Hi and thanks for the reply. I only get a few of these spam emails everday so it isnt a big problem deleting them manually. Over the last year I probably got about 100-150 in total. Whats really amazing though is the time/care that must be taken everday when online and the knowledge one must possess inorder to defend him/herself from so many threats. Viruses, spyware, adware, unsolicited spam email in addition to the normal system maintaince such as hardware repair and/or driver and software updates. All this takes MUCH time and knowledge, time they could probably spend playing more games, learning new software, or anything else one can imagine with his/her computer. From the money perspective i spend about 60 euros a year for antivirus and spyware/adware removal software(subscription fees). Its truely amazing i think! Personally, I am only busy in the summer and I consider myself lucky to have so much time to spend with this stuff. What about your average joe who works eight hours a day and comes home tired? I seriously doubt they got the energy or will to learn all this stuff and spend so much time trying to get a healthy system. In other words a lot of people are doomed and this will probably only get worse before it gets better. More intensive policing and tougher laws are necessary and by the way FUK the "freedom of speech" act! Every demented person and unscrupulous corporation is taking advantage of that pathetic law worldwide. Many of the most prosperous companies traded publicly are "knowingly" and "silently" installing their adware that is prepackeged with the freeware(kazaa-prime example). Of course many naive people, I used to be one, thought i could get free software, only to discover the damage to my computer a few minutes later. But you cant do much thanks to the freedom of speach act and that long ten page disclaimer which always removes liability from them. Who takes the time to read a ten page disclaimer and privacy policy? I for sure dont. Probably, the only solution to this bs is that one day most companies and consumers alike will mature enough to know that its in their best interest to play fair. If i bored or offended anyone i apologize but i feel too strong about these issues not to voice them. P.S. I use outlook express and my email is isp based. What options do i have? Tag: Administrator Use Tag: 77551
  - 14
    - African Advance fee fraud, euro lotteries, .... I get so much JUNK email everyday I truly wonder why governments dont do something? African Advance fee schemes are the most prevailant and enticing. Allegedly they give you millions of dollars just for transfering their funds into your account. They go into great depth to make it sound legitimate and usually they claim to be "government officials" who need to "quickly" and "confidentially" transfer their funds in return for a 5-10 percent commission. Get real why would they chose me for their partner instead of getting professional assistance and when was it ever that easy to make millions of dollars for doing virtualy nothing? Everybody should ask themselves those two questions! Then the euro lottery deal. I just won a euro email lottery without even knowing about it! And the best part is like the african scheme everyone copies the format(virtually all are identical), confedintiality and urgency are a must. Then the prescription pills that u save a bundle by purchasing online. Since when does such serious medication get exchanged online without any doctors perscriptions? I woulnt even purchase aspirin online let alone prescription pills! Lastly, the BIG software ripoff, where you can purchase top software like adobe, microsoft, norton and other top software at a huge discount. Do companies now about this? I dont think they would be overly joyed having their software pirated in such ways if indeed the deal is legitate and not a total scam! I dont know, i havent tried it. Tag: Administrator Use Tag: 77549
  - 15
    - Keep losing file associations On my computer at work, my file associations with several AutoCAD ADT 2006 files keep resetting to the file wrong icons. This is very annoying as I use the icons to easily identify drawings (.dwg) from backup files (.bak), plot files (.plt) and other files. Using: Tools / Folder Options / FileTypes / Advanced / Change Icons I select the file type, browse to the .dll or .exe file where the correct icon is stored and pick the icon. This ressets it correctly, for about half the day. Then the icons reset back to what they're NOT supposed to be. I have found several file icons for AutoCAD have been mis-associated. Is there another way, maybe using something in the registry, to permanantly correct this issue? Tag: Administrator Use Tag: 77546
  - 16
    - SONY Code already being abused... "World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software--deemed a "rootkit" by many security experts--is shipped with tens of thousands of the record company's music titles." Although, not a big deal yet, the code can clearly be used for more serious exploits... Thanks Sony, DRM and the entertainment industry... http://www.securityfocus.com/brief/34?ref=rss Imhotep Tag: Administrator Use Tag: 77543
  - 17
    - Notron Anti Virus I upgraded from Windows ME to Windows XP last night and now I cannot bring up Norton Anti-Virus software. I keep getting an error message when I click on the Icon on my desktop. It asks if I want to notify Micorsoft. What can I do? Tag: Administrator Use Tag: 77537
  - 18
    - Junk mail When I get junk mail, I click on "block sender" to delete it & block further mails. But the bastard "Buongiorno" gets through every time. Who or what is he/she? How does it by-pass the "block sender" request? Why does he think I want to buy his viagra or his mortgage offer? Tag: Administrator Use Tag: 77525
  - 19
    - Power Users group and Administrators group Hi all, Can someone tell me what is the difference between the Power Users group and the Administrators group? May be a book. Or web link. Or something else. thanks, Sudhakar Tag: Administrator Use Tag: 77523
  - 20
    - Network group I have a windows 2003 server, and there is a group called network that has full permissions to everything on all the disk partitions. What is this group, and why the full perms to everything? This is apparently the default behavour, or at least that's the way Dell sent me the server. My other 2003 server, which I installed, does not have this group listed in any of its perms. thank you, Tag: Administrator Use Tag: 77522
  - 21
    - IPSec I've been having a problem with my file server, which is using the server request security IPSec policy, being able to browse the domain with network neighborhood. Shortly after disabling the policy, I can browse, and vice versa. I've noticed in my event viewer, these informational messages are appearing. I've always assumed they were just successful IPSec connections, but taking a closer look, they don't appear to be actually creating an IPSec connection since all the parameters are empty. Does this make any sense? IKE security association established. Mode: Data Protection Mode (Quick Mode) Peer Identity: Filter: Source IP Address 10.4.0.29 Source IP Address Mask 255.255.255.255 Destination IP Address 10.4.0.16 Destination IP Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr 10.4.0.29 IKE Peer Addr 10.4.0.16 IKE Source Port 500 IKE Destination Port 500 Peer Private Addr Parameters: ESP Algorithm None HMAC Algorithm None AH Algorithm None Encapsulation None InboundSpi 354316028 (0x151e6efc) OutBoundSpi 0 (0x0) Lifetime (sec) 28800 Lifetime (kb) 0 QM delta time (sec) 3 Total delta time (sec) 3 Tag: Administrator Use Tag: 77521
  - 22
    - Windows Vista and Rootkits Hi all, I couldn't find a newsgroup specific to Vista listed, so I'm posting here... Can anyone tell me if Vista will include any security features designed to thwart rootkits, or are we still looking at third party software for such malware? The news I've read about the rootkit software on certain Sony music CDs and how it's already been used to get past some online game's cheat controls, etc) caught my eye. I'm aware of the reduced user privs feature...Just hope it works right! Thanks, Sir Tim Tag: Administrator Use Tag: 77520
  - 23
    - Can not uninstall Norton AntiVirus 2006 My computer was shut down while it was in the middle of uninstalling Norton AntiVirus 2006 Trial. Now it will not uninstall through Windows Add/Remove programs. I have been all over the Norton/Symantec website. My computer will not install the SymNRT removal tool. Norton customer service will not help me because they will not provide technical assistance to a trial product. This has now affected my email. Does anyone know what I can do? Thank you for your help. Tag: Administrator Use Tag: 77518
  - 24
    - How to perform FULL CA backup Hi , I have tried to backup using CA snap-in under all task--> Backup CA--> I select Private key, CArtificate and Certificate Database to be backup When I use this backup, to restore on another new server(I'm moving original Sub CA to another new server) It prompted me a error saying "I can restore using incremental backup"... How should I do a Full CA backup...? Please advise. Thanks Tag: Administrator Use Tag: 77510
  - 25
    - X.509 Cert Template - Biometric Extensions sI'd like to modify an X.509 cert template to carry a private extension for various biometric hashes, and to supply the hash values in the enrollment request. I know how to create a new Application Policy (Extended Key Usage) easily enough with the Templates MMC, and assign it an OID. But how do I create data fields and capture information from the enrollment request? Thanks in advance for any assistance, -- Lynn Tag: Administrator Use Tag: 77501
- Next
  - 1
    - FTP and PGP With the earlier topic on "FTP using PGP", I am a little confuse. My understanding is that you can use PGP to encrypt a file(s) and then you can use regular/non-secure ftp to send it outside. I mean, the ftp connection does not need to be secure because the file itself is already encrypted with PGP and there's no need for a ftp client that support PGP. You can use any ftp client to send any kind of files, PGP or not. Am I correct on this? thanks. Tag: Administrator Use Tag: 77500
  - 2
    - McAfee taskbar Warning Recently I've been getting a taskbar balloon saying my McAfee antivirus may be out of date. It's not. I update it daily & it's working well. The XP security center & McAfee confirm the error. My ISP is Verizon/MSN. MS told me it's an MSN problem. MSN says it's a Verizon problem. Verizon says it's a MSN security glitch. I get McAfee through my ISP. Suggestions? Tag: Administrator Use Tag: 77496
  - 3
    - Encryption Hi, I wish to encrypt all USB storage devices that are being used across our Windows 2003 domain with Windows XP clients, so that only users within our domain can access the data on them. I have been looking into EFS encryption and EFS will only encrypt files and folders and not the entire device, is this correct? Does anyone know of any good alternative solutions apart from EFS, that will encrypt USB devices? Thanks Tag: Administrator Use Tag: 77493
  - 4
    - ActiveX Control To Read Certificate (ASP.Net app) I need to be able to read a certificate from the currently logged on user's PC and then check its validity against our certificate server. At this point in time, I have no idea what or how to do this and any help would be appreciated. Thanks in advance, Pierre Tag: Administrator Use Tag: 77483
  - 5
    - Virus scan My problem is when I am using Windows Live and trying to do a virus scan, I know there is a short scan and a longer scan. Can someone tell me how to get to the page to decide that? Each time I think I'm at the right place it turns out to be the long virus scan. Thank you very much. Tag: Administrator Use Tag: 77474
  - 6
    - MPAA looks to bolster its dominance by plugging the analog hole "I've said it before and I'll say it again: DRM is not about piracy, it's about shutting down fair use. It makes a lot of sense when you start thinking about DRM being Sonny Bono's twin brother. It's one of the key pieces of that horrid affront to the progress of civilization: the perpetual copyright." http://arstechnica.com/articles/culture/analog-hole.ars http://www.eff.org/IP/Video/analog_hole_discussion_draft.pdf Do you guys finally understand my disgust with the DRM excuse??? Imhotep Tag: Administrator Use Tag: 77471
  - 7
    - booting password im trying to find some one that would be able to tell me the process of getting on my computer that ashs for key password,in a 3x5 sqaure. i try every thing ctrl wht booting , f1 for safe mode nothing i try will let me on the computer. some one said to remove the bios battery but i cant find it. is there any one out theere that can halp me with this problem. Tag: Administrator Use Tag: 77465
  - 8
    - ipc$ help what is the opc$ used for. I was told by a security consultant to disable it. How do i do that and is this recommended. Tag: Administrator Use Tag: 77464
  - 9
    - AntiSpyware Will Microsoft release a Production release of AS? Or it will always be Beta? Thanks! Tag: Administrator Use Tag: 77462
  - 10
    - Looking for freeware (on-access) antivirus scanner... Hi, i am working in a youth center (honorary) as a administrator and we are higly dependent on donations. Now we have seven pc's running with windows 2000 and open office, but the best is, that we have a internet connection. But as i said, we are dependent on donations and this is why we cant buy (expensive) antivirus software licenses. are there any (must be on-access for windows) scanners that are free for commercial use, because we are considered "commercial", but in fact we are not. Thanks in advance... Best Regards Kerem Gümrükcü Tag: Administrator Use Tag: 77458
  - 11
    - CAN-1999-0776 Is there a kb article for this IIS vulnerability? Tag: Administrator Use Tag: 77456
  - 12
    - MS DTC ? Hello, Run cleanup maintenance on my system at the of end of every month and then do a little searching in OS. Opened but did not change "Component Services" - "computer" - viewed all folders. Upon closing and then checking "Event Viewer" found two new listings: source "MSDTC" catagory "TM" event id "2444" "security configeration" and source "MSDTC" catagory "LOG" event id "4125" "log decompressed". Went to MS Help and Support no listing found for the two events. Is this odd behavior for "MSTDC"? This is a stand alone non-network K56 modem single user unit. WindowsXP Home Sp2 all security and critical updates. Thank You. Take Care. beamish. Tag: Administrator Use Tag: 77454
  - 13
    - DUMPEL - MESSAGE TEXT not displaying Greetings I use dumpel rather extensively for debugging account lockout problems. Since our support group upgraded us to SP2, I notice that the "message" portion of the event log information appears to be missing. NOTE: The issue is the SP level of the machine running DUMPEL, not the SP level of the machine who's event log you are dumping. I've tried this on two seperate SP2 systems and on a system that is still SP1, and the results are consistant. Does anyone have an idea of what is happening ??? e.g. prior to SP2 upgrade 8/8/2005 4:11:35 PM 8 2 538 Security xxxxx\yyyyy zzzzzzzz User Logoff: User Name: zzzzzzz Domain: zzzzzz Logon ID: (0x0,0xB6F20E) Logon Type: 3 post SP2 upgrade 11/1/2005 11:16:59 AM 8 2 538 Security xxxx\yyyy$ zzzzzz xxxxxx xxxxxx (0x0,0x4D66962) 3 Villy Madsen CISA ISP Information Security ATCO I-Tek Bus: (780) 420-5093 Cell: (780) 975-0110 Fax: (780) 420-3916 Mailto:Villy.Madsen@atcoitek.com 4MB Edmonton The information transmitted is intended only for the addressee and may contain confidential, proprietary and/or privileged material. Any unauthorized review, distribution or other use of or the taking of any action in reliance upon this information is prohibited. If you received this in error, please contact the sender and delete or destroy this message and any copies. Tag: Administrator Use Tag: 77452
  - 14
    - FTP using PGP My client wants us to FTP data to them using FTP and PGP encryption. What would be the best method of achieving this? Presumably we would need an FTP client that supports PGP. Does Microsoft FTP support this? I also assume that they would need a server at their end that supports PGP. Any information on possible products would be greatly appreciated. Tag: Administrator Use Tag: 77446
  - 15
    - Running program files on XP with non-executable extensions? I downloaded a file (let's call it BLUESKY.EXE) which my anti- virus guard says may be a virus. I wanted to get more info about this file, so I disabled it by adding a couple of random letters to the extension. I renamed BLUESKY.EXE to BLUESKY.EXEHJ. I figured this would stop XP from running it if I double clicked it in error. But my antivirus guard 'AntiVir PE' warned me about it again. Even with the dummy extension letters. Surely such a program file is now safe enough? -- I found that if I put the random letters *before* the EXE then 'AntiVir PE' did not detect it as a virus. So BLUESKY.HJEXE is ok according to 'AntiVir PE'. Is this just an oddity in 'AntiVir PE' or is this being done because of something in my XP Pro which might truncate the letters in a file's extension after the first three letters? -- MS security groups: microsoft.public.security microsoft.public.security.virus microsoft.public.windowsxp.security_admin Tag: Administrator Use Tag: 77442
  - 16
    - File Sharing and Broadband Recently I have made some major changes to my PC which make me think that I need to review my file sharing policy. I have moved from dial-up internet to broadband and installed a 3Com router firewall. The home network has 3 PCs which have file sharing enabled on all drives The Share Permissions tab allows 'Network' change/read permissions. The 'Security' tab allows 'Everyone' full control. (MS Office gives problems if I don't allow full access). This sounds a bit risky but as I understand it 'everyone' means anyone who logs on with the correct username and password. However, I must admit to being confused between the W2k 'Shares' properties 'Share Permissions' and 'Security'. Since the NAT on the router makes the PCs invisible to the outside world and the file shares are protected by password access then it seems safe. My installation is: W2000 Office 2000 Outpost PFW The PCs are not logged on with admin privileges except when doing Windows updates. The router provides IP addresses to the PCs Any thoughts? Davy Tag: Administrator Use Tag: 77439
  - 17
    - how to backup Certificate templates Hi, I have backup my sub CA Private Key, CA Cert, Caert Database and Cert DB log, using CA snap-in, does this backup also include Certificate templates? If not included, how do I backup? any link in Microsoft for this solution? Thanks for all replies. Tag: Administrator Use Tag: 77430
  - 18
    - Highjackthis log Please help me with this. What should I remove and what should I keep? Logfile of HijackThis v1.99.1 Scan saved at 7:00:30 PM, on 11/01/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\UAService.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\2Wire\Gateway\2portalmon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\WINDOWS\iisver.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE C:\Program Files\Microsoft Office\Office10\msoffice.exe c:\progra~1\window~2\wmplayer.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ARADRA~1\LOCALS~1\Temp\Rar$EX00.031\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/ R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll O2 - BHO: RichMediaCollector Class - {EFFD215B-773F-4F3A-8B4A-BF15CCA78A05} - C:\Program Files\Common Files\MediaMaster\WMMRMC20.dll O3 - Toolbar: MediaMaster Bar - {E7F10FF7-005E-45D7-86A1-59FA022860B0} - C:\Program Files\Common Files\MediaMaster\WMMRMC20.dll O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2portalmon.exe O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe O4 - HKLM\..\Run: [iisver] C:\WINDOWS\iisver.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s O4 - HKCU\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: http://ad.searchsquire.com O15 - Trusted Zone: http://search.searchsquire.com O15 - Trusted Zone: http://update.searchsquire.com O15 - Trusted Zone: http://www.searchsquire.com O15 - Trusted Zone: http://*.searchsquire.com O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {12345678-1234-1234-1234-123456789123} - http://www.allyoursearch.com/Allyoursearch.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {3C200107-2959-4C6E-91B8-F6D911B398A8} (Driver_Detective_v43_Members.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Members.CAB O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://tank.wizards.com/chat/data/html/user/msie/msichat.ocx O16 - DPF: {4C2D6C46-6602-11D4-A5E3-444553540000} (Alice Control) - http://www.skotos.net/MarrachGame/Alice44.cab O16 - DPF: {5DDF3BA5-7DCD-45A9-B4A1-601E67700271} (DDv4_Member.DDv4) - http://www.drivershq.com/cab/prod/DDv4_Member.CAB O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {B663A561-7424-4958-AF76-853E80B4E1C6} (UDConnect Class) - http://19.sharedsource.org/html/PagomaxUD_1.0.0.3ie.cab? O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup150.cab O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe Tag: Administrator Use Tag: 77429
  - 19
    - Sony, Rootkits And Digital Rights Management Gone Too Far "Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden (see my ?Unearthing Rootkits? article from thre June issue of Windows IT Pro Magazine for more information on rootkits). The RKR results window reported a hidden directory, several hidden device drivers, and a hidden application:" http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html Imhotep Tag: Administrator Use Tag: 77425
  - 20
    - network share help how can I stop people from mapping to workstations using \\pcname\c$ Also what does ipc$ do and should I disable it? Thanks Tag: Administrator Use Tag: 77423
  - 21
    - Internal and External Access to the same site. We have a b2b ordering site and would like to allow external customers to access the site with username and password and have internal CSRs access the same site without having to log in, using windows authentication. Our current solution we are not liking is to create a very restrictive Active Directory account for each of our customers and have them log in through our extranet appliance. Because of Sarbanes-Oxley (an our own policies to satisfy SOX) we now need to expire their passwords, get lots of paperwork before we can set them up, expire the accounts automatically every 12 months... What we would prefer is to have the site entirely hosted outside the firewall, (NOT dual homed), and somehow have the credentials passed to the external web server for users coming from inside the firewall, while users outside the firewall have to log in and be authenticated on the webserver against it's own authentication/authorization system. Tag: Administrator Use Tag: 77415
  - 22
    - ActiveX object fetching new dll's Hello, Our application can be run as an activex object which our company distributes as a signed cab file. All good so far. But we'd also like to be able to update the activex object with new dll's (not just update to the existing dll's, but actually new functionality). These new dll's could be created by us or by others. We could do that easily by just downloading new dll's, saving them in the same directory as our activex control, and loading them up. The problem with the above scenario is security. Is there a way to harness the Internet Explorer activex security implementation so that it takes care of verifying if a dll that our activex control downloads is signed our not, prompts the user to allow this or not, etc.? Thanks jdt Tag: Administrator Use Tag: 77409
  - 23
    - mail server redirect Hello! I have a Windows Xp SP2 machine and i whant to catch all smtp server activity and to redirect it on a specific e-mail addres. I mean, if someone using a smtp server on that machine send an email to xxx@hotmail.com the machine shoult delivery the mail to the addres abc@localhost and not to xxx@hotmail.com. The reason is that i suspect some suspect smtp activity on my machine and i whant to see the content of the emails. Can someone help me? Thanks in advice Tag: Administrator Use Tag: 77408
  - 24
    - protecting a folder I own a restaurant and keep all my financial information in one folder and have managers that have access to the computer. Is there a way I can password protect a folder? Tag: Administrator Use Tag: 77405
  - 25
    - Security precautions to take while installing windows 2000 I am planning to re-install Windows 2000 professional in an office network environment. Can somebody advise me precautions to take while installation that can better the security of the system. For example, I think I need to install, antivirus, spyware removal programs and also some firewall and then update the system as soon as the installation of the windows is complete. What order should I follow for the above tasks? Is there anything else that I should do? Thanks in advance for any help!!! Tag: Administrator Use Tag: 77394

Here is my issue. I want my Administrators to need to use smart card or some
type of secondary authenication when they log in as a domain/enterprise
admin. I was thinking of using a usb as the 2nd part authenication. Does
anyone know how to set this up? I would like to use something built into
Windows like pki etc. Thanks.

Re: Administrator Use by Miha

Miha
Mon Nov 07 02:08:38 CST 2005

Windows 2000 and later have built in support for Smart Cards.

To use smart cards you have to set up (or use someone's PKI infrasturcture).
If you want to build your own PKI here are some white papers you can look
at...

New features:
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
Operations guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
Managing PKI:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
Best Practices:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
Certificate templates -
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
Key archival -
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/kyacws03.mspx
Certificate Autoenrollment in Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
Advanced certificate enrollment:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
web enrollment:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
EFS:
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
CRLS: http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx

And think about which smart cards to use since this will influence your
deployment. Some CSPs (Crypto Service Providers) are already included in
Windows and some you have to buy and later deploy in your environment.

--
Mike
Microsoft MVP - Windows Security

"Eddie" <Eddie@discussions.microsoft.com> wrote in message
news:E985CE36-F7C6-4C38-960F-8B624553C570@microsoft.com...
> Here is my issue. I want my Administrators to need to use smart card or
> some
> type of secondary authenication when they log in as a domain/enterprise
> admin. I was thinking of using a usb as the 2nd part authenication. Does
> anyone know how to set this up? I would like to use something built into
> Windows like pki etc. Thanks.