Administrator account and lockout policy

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - File/Folder permissions Hello, Is it possible to give access to view/change permissions (on files and folders)without giving access to open and read documents but while being able to traverse the entire folder structure? any help is appreciated. Thanks Tag: Administrator account and lockout policy Tag: 98423
  - 2
    - Folder permissions and take ownership Hi, I have a need to put an Active Directory group into the Administrators group on a number of machines for various reasons which cannot be stopped. The problem is there is an application on these machines that I do no want them to be able to access and the aaplication has no ability to request crednetials etc. It's just a dumb application. I considered using FOlder permissions to lock out the local administrator group from the folder. This stopped them from running the application until I when in as one of the users and simple took ownership of the folder and gave myself access. Then I tried adding a deny take ownership of the folder to the local admin group. Again it just allowed me to take ownership assuming becuase local admins can do that regardless of the deny rule I just created. Can anyone suggest how to stop them taking ownsership and from being able to run the application? Tag: Administrator account and lockout policy Tag: 98414
  - 3
    - Change password complexity Hi... I need to disable the password complexity in a Windows 2008. The problem is that the password complexity in my server is enable and not give me the posibility to change. Thanks a lot. Javier Valverde Tag: Administrator account and lockout policy Tag: 98413
  - 4
    - EFS All, I am attempting to get EFS file sharing working in a 2K3 AD Environment with XP Machines. I have successfulyl installed a DRA and disabled self-signed certificates with the Windows hotfix and Group Policy option as specified in the Windows KB Article. However I still can't get EFS to work over the network. In fact since installing the above, another user can't create a new encrypted file wthin an encrypted folder. They get access denied. Another user had told me that I should enable credential roaming or roaming profiles. This was to solve multiple certificates from being issued in AD (via Enterprise CA). Would this also prevent me from sharing encrypted files? I am with an understanding that everytime a user logs on to a machine on teh network a new certificate is generated by the CA (thus roaming is needed). If this is hte case, which one do I want to use, credential roaming or roaming profiles? Thanks, -- Steve Tag: Administrator account and lockout policy Tag: 98410
  - 5
    - Antigen slow performance Hi I recently had to test Microsoft Antigen 9 with SP1 against McAfee groupshield. Although Antigen and Groupshield were more or less the same although Antigen had 2 engines and not 1 i have a major difference. For my customer to move to Antigen they need to see that Antigen performes better. the problem is that a Manual scan is 5 times slower than groupshields manual scan. Testing in a lab with identical hardware and identical tests the Antigen machine took an hour and a half comparted to Groupshield that took only 22 minutes. Can someone help me with tweaking or configuring Antigen so that it competes with Groupshield? Tag: Administrator account and lockout policy Tag: 98404
  - 6
    - Time Travel!! Just had my computer auto update and it has somehow time travelled into the future!? Anyone else seen the same thing? Windows Defender Definition Update for Windows Defender - KB915597 (Definition 1.31.9443.0) 05 August 2008 Other Source Windows Defender Definition Update for Windows Defender - KB915597 (Definition 1.31.9351.0) 01 August 2008 Automatic Updates Windows Defender Definition Update for Windows Defender - KB915597 (Definition 1.31.9205.0) 24 July 2008 Automatic Updates Windows XP Security Update for Windows XP (KB951748) 14 July 2008 Automatic Updates Windows Defender Definition Update for Windows Defender - KB915597 (Definition 1.37.579.0) 14 July 2008 Automatic Updates Tag: Administrator account and lockout policy Tag: 98396
  - 7
    - scans can not complete I use Windows Defender and spybot. Everytime I try to do a scan my computer shuts down before the scan is complete... often within a few minutes of starting scan. I need to be able to do a complete scan. I have noticed my curser jumping to some bizzare spot while I am typing, but nothing else unusual. Tag: Administrator account and lockout policy Tag: 98383
  - 8
    - My Space I support several volunteer library PC's running Win2000. Each are configured separately but run through a common router to the Internet - they do NOT run through a server. Security is set up so I have the typical Win Admin security and users have the typical "guest" security. This means guest cannot add or delete programs. But... I notice some of users will be able have the "My Space" interface on them. The only way I can remove the My Space interface is by going to Add/Delete programs in the control pannel - and I can do this logged in as guest! Why is guest allowed to add/delete myspace? Is there a flaw in the way I set up security? Thanks for a response. Tag: Administrator account and lockout policy Tag: 98382
  - 9
    - Router firewall settings Hi, i need to know something about router firewall rules. What should i type in the this fields? Source LAN start ip address end ip address Dest WAN start ip address end ip address protocol port range What is start ip and end ip address? I know something about tcp and udp protocols. Also i need to know what is port range? Tag: Administrator account and lockout policy Tag: 98374
  - 10
    - Patched Flaw Could Have Broken Internet Backbone A flaw in the Internet domain name system could have allowed hackers unprecedented ability to redirect traffic had it not been kept secret while vendors developed patches for it. Microsoft and others released the patches Thursday. Details in this article:- http://www.technewsworld.com/rsstory/63738.html Dave Tag: Administrator account and lockout policy Tag: 98339
  - 11
    - Biometrics How secure and safe is biometric technology? The reason I bring this up is because I was able to log in using my finger with a band-aid attached and this definitely makes me question the security and safety of biometric technology at least as far as laptops go. I imagine there probably is lots of articles on this already but I wanted the opinions of this newsgroup. Thanks in advance for the replies. Tag: Administrator account and lockout policy Tag: 98325
  - 12
    - cant access internet when my security cntre (zone alarm) is turned Hello, i cannot access internet nor go on msn when my security centre is turned on. when i shut down my security centre (which i think is not safe to do so) then internet and msn all works. i think it maybe an update i need to allow me to work the internet while my security centre is turned on. i even re installed my security centre (zone alarm) and did not change any settings on there afterwards. what ever it is i need to do, please can sombody help me. thank you Tag: Administrator account and lockout policy Tag: 98322
  - 13
    - Unwrapping security on a 2003 server Hi Everybody/Anybody I have inherited a small network (2 x 2K servers & 2 x 2003 servers). DC1 is a 2K machine and DC2 is a 2003 machine. My Microsoft experience stopped in the year 2000 so I was good up to NT 3.51. The previous IT did not leave any information on how anything is/was setup. DC2 has been locked down/hardened (what ever terminology you are happy with) or hacked (the previous IT was a Linux geek). Our main administrator (could have been renamed?) account cannot access DC2 (only DC2, I have full acces to any other machine on the network) and I have tried all active directory accounts but nothing lets me into DC2. For example, there is no service pack installed on DC2 but after I install the network cards are disabled and they cannot be accessed until the service pack is removed. If I try and push Backup Exec remote agents - it asks for an account with administrator rights and that is us stuck. I wonder is somebody could point me in the right direction - on the later versions of server is this a domain controller policy issue (although I have had a look at all the configured values and cannot see anything that would lock me out) or is it local to DC2. Another factor that may be in the equation is that I believe that DC2 was built using small business server version of Windows 2003 (although it states standard but may have been hacked) and I believe SBS has unique security features. Hopefully somebody will have a laugh at my predicament and point me to areas that I should be looking at? Tag: Administrator account and lockout policy Tag: 98315
  - 14
    - How to show Windows Credentials Prompt Simple question, already searched but really nothing found. When I try to access a network resource - of a server I not yet have authenticated against - I get a Windows Credentials Prompt. I'm developing an .net application that needs to access a network share. Is there a .net or WinAPI call I can make that shows this Windows Credentials Prompt and gives me back a token so that I can Impersonate that User to access the network resource? Without this i get security exceptions and can not access files. Impersonation by using a Token through calling LogonUser API (with user password given) works. But i would prefer showing the Windows Prompt instead of doing a own user/pass prompt. And, is there an API to check if a token exists to access a server? (checking if it is necessary to show the prompt.) thanks a lot! Tag: Administrator account and lockout policy Tag: 98313
  - 15
    - In the group 'microsoft.public.test' I said to Peter Foldes ......... "perhaps you can help me understand why there are hundreds of posts here entitled 'ClusterSentinelNNTPPostTest' with the 'poster' being user@domain" PF usually knows the answer to most things, but this obviously has him stumped (or he's been busy elsewhere). Can anyone here explain matters? If so, I'd appreciate your view. TIA. Dave Tag: Administrator account and lockout policy Tag: 98307
  - 16
    - Generic Host Process for Win32 Services is active in ZoneAlarm I found that two Generic Host Process for Win32 Services showed in the programs and one is active program, when I disabled it before, the updates for windows wouldn't work, is it essential to update the system? and it should be an active program when system runs? Tag: Administrator account and lockout policy Tag: 98303
  - 17
    - Windows Updates make internet inaccesible with Zonealarm When will Zone labs/microsoft fix this problem?? Tag: Administrator account and lockout policy Tag: 98302
  - 18
    - How to enumerate dictories where auditing is enabled? Hi! We are in the process of enabling auditing on some files servers, but it seem somebody already did it in the past, since as soon as we are enabling it in the local security policy, we got a lot of events about directory being acceded successfully/failed in the security log. Now the question is : how we could enumerate all directories where Auditing have been already enabled? Thanks. Claude Lachapelle Systems Administrator, MCSE Tag: Administrator account and lockout policy Tag: 98297
  - 19
    - Permissions -- Unique Issue Re: XP-Pro. Only one user Account -- Admin. I have an Application("exe") which contains a DLL that is registered in :\windows\system32". The DLL provides a link to an Enterprise server and was NOT written by me. My Application ("exe") is in "c::\myprograms\test". Is there anyway to set directory permissions to make sure any unknown functions within the DLL cannot get outside of the directory? If so, how, and which directories? In other words I want to make sure the Enterprise server CANNOT use any functions within the DLL to access anything on the client other than providing the read/write data link. Tag: Administrator account and lockout policy Tag: 98281
  - 20
    - Workgroup clients can access domain shares I have a sbs 2003 running DHCP. The Guest account has been disabled. I verified this by the net user guest command. All share permissions seem to be working fine within the Domain and the Everyone group is not listed. I have one NT machine that is on a Workgroup and gets its IP from the sbs server. It has access to all shares with no apparent restrictions. Any ideas or direction would be great. Tag: Administrator account and lockout policy Tag: 98280
  - 21
    - FIX for ZoneAlarm & KB951748 issue released [Crossposted to Windows Update, WinXP General, IE General, Security, Security Home Users newsgroups] Resolution [was Workaround] for Sudden Loss of Internet Access Problem http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html (revised multiple times since release on 08 July 2008) NB: Do NOT use Option #2 if at all possible! The vulnerability addressed by KB951748 *is* a big deal! See http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html Want to consider other, more highly-rated firewalls? http://www.matousec.com/projects/firewall-challenge/results.php -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ Tag: Administrator account and lockout policy Tag: 98276
  - 22
    - Cannot access internet after Windows update My pc (running Windows XP) was running fine when I shut down last night. This morning after powering up my PC, there is an Automatic Windows Update balloon in the icon tray that prompted me to install the latest Windows update, which I did. Afterward, i can no longer connect to the net unless I disable my Zonelabs with Anti-Virus firewall. It never given me any prob until the latest Windows updates. I'm posting this message with my Zonelabs firewall disabled. What is wrong? Thanx in advance. Francis Tag: Administrator account and lockout policy Tag: 98270
  - 23
    - Auto Updates from July 8, 2008 I have XP sp2 and yesterday Auto Updates did not give me a patch from the list of four that were released yesterday. I only received was only one other one, which I believe was released 7/7/08, and the usual malicious removal program. Shouldn't all XP sp2 users receive the patch below? http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx When I said the list of four patches, I mean: http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx Tag: Administrator account and lockout policy Tag: 98264
  - 24
    - Deleting Archived Certificates from Users' My store on Workstations Hi, We have a piece of software that only checks for the existence of a certificate not whether it has been revoked or not. For this reason we would like to remove all of the archived certificates from the user My Store on workstations in the environment. The certs all had encryption set as a purpose so they have been archived and not deleted. I know that I can use a "certutil -delstore -user MY 999999999999999" command to remove individual certificates but I'm looking for a way to manage this across 5000 workstations. Is there an easy way that I am missing? Thanks, Bill Tag: Administrator account and lockout policy Tag: 98253
  - 25
    - Live Communications Server 2005 - Web Access Having some problems with LCS 2005 web access whilst trialing it for production use. I'm getting an error 1 when logging on, and various websites have pointed towards a problem with the certificate. Now I'm not a big fan of certificates, and will admit to not knowing much about the implementation with Certificate Services in Svr 2003. I've requested a certificate from the CA with the name of the FQDN machine with web access installed on it. Could anyone give me some advice or a resource that has step-by-step guides on how to implement both Web Access and LCS 2005. Tag: Administrator account and lockout policy Tag: 98252
- Next
  - 1
    - Local disk security What is best practice for security permissions on a 2003 web server's C drive? Here are my current security permissions after setting up a new web server and joined to domain Local Admin group - FC Creator Owner - FC Everyone - Special (default permissions) System - FC Users group - default permissions I have a D drive were inetpub has been configured with websites and the permissions are the same for this drive. Shouldn't everyone and creator owner be removed for tighter security? Tag: Administrator account and lockout policy Tag: 98250
  - 2
    - Microsoft Active Directory Certificate Services - Error Messages Two issues: 1. Under Enterprise PKI, the server shows "DeltaCRL Location #2" and "CDP Location #2" as Expired. All other locations show OK. Is there any way I can manually force the PKI to update/renew these CRLs? 2. After installing ADCS Online Responder, I receive the following error message: "Bad signing certificate on Array controller" Operating System Windows Server 2008 SP1 (64-bit) Roles Active Directory Certificate Services Active Directory Domain Services DNS DHCP IIS This server is an Enterprise Root CA and also runs the Online Responder. --------Reply Note-------- Please reply either directly to this post or to it-tier3@visionnet.us Tag: Administrator account and lockout policy Tag: 98249
  - 3
    - EFS/DRA All, I could really use some help with this EFS/DRA stuff. One thing at a time I suppose. I have successfully published a DRA via Group Policy (Win2k3/AD). I created an encrypted file on an XP2 machine. When I click details of the encrypted file, I can see the DRA. Associated with the user is a Cert Thumbprint. I am logged onto a DC with the DRA user and when I open the Certificates snap-in for mmc, the under Personal --> Certificates, the cert is there (with the same Thumbprint). Likewise the same cert is listed under Active Directory User Object --> Certificates. However when I try to access the files on the XP machine from the DC (file share) it says access is denied. I am trying to test the data recovery agent before implementing EFS on my network. Did I miss a step? Possibly related or unrelated, I am also havinga problem with DC issued certs vs. self-signed certs. I was testing with QA and found that I needed to add his self-signed cert to the encrypted file so that he could view it. He has been autoenrolled for a efs cert (duplicate of Basic EFS) but it doesn't appear to be working. What did I miss here? Also, I have noticed that many users have been autoenrolled for the efs cert multiple times (viewing the Certification Authority --> Issued Certificates). Any and all help would be greatly appreciated. -- Steve Tag: Administrator account and lockout policy Tag: 98239
  - 4
    - Data File - lock issue I am an IT administrator for a company and we have issues with one of our Domain Controllers. It is a Dell Poweredge Serve - Windows Server 2003 Enterprise SP1- We have a Data Drive (5 hard drives - raid 1 and 5 array's) - with data for all our departments - with file permissions. There are certain file(s) within a folder structure that we are unable to delete. It happens from time-to-time - Every few weeks I come accross a file/folder that we are unable to Delete, Rename or Cut. Does not seem to be a file permission issue as I have removed permissions on the file we are currently having problems with and put in Domain admin and administrator to full permissions and went to advance and made sure the admin is the owner as well. The message we are getting is as follows: Cannot Delete (Filename): It is being used by another person or program - I have already went to Manage and clicked on Open Files and Sessions to make sure it was not in use and it is not. I also went to McAfee 8.0 Console and exluded the whole directory its in and that did not help. There is really nothing else that I know of that is locking this file down - its really just a data server also being used as a DC. Any information as of why we would be getting this problem would be great. Thanks, Steve Cummings MIS Coordinator. Tag: Administrator account and lockout policy Tag: 98237
  - 5
    - Ed Hardy shoes EDS080124 - www.luxury-gift.org Ed Hardy shoes EDS080124 - www.luxury-gift.org Luxury Gift : http://www.luxury-gift.org Ed Hardy shoes : http://www.luxury-gift.org/Shoes/Ed-Hardy-shoes.html Ed Hardy shoes EDS080124 Link : http://www.luxury-gift.org/Shoes/Ed_Hardy_Shoes_EDS080124.html Ed Hardy shoes EDS080124 Information : Brand : Ed Hardy shoes Code : EDS080124 Description : Luxury Ed Hardy shoes SAME AS PICTURE2008 hotsalenew arrival Ed Hardy brands shoes Legendary tattoo artist Don Ed Hardy and fashion whiz Christian Audigier have teamed up to bring vintage inspired tattoo artwork to a fantastic apparel line called Ed Hardy. Ed Hardy shoes Link : http://www.luxury-gift.org/Watches/Ed_Hardy_Shoes_EDS080124.html Tag: Administrator account and lockout policy Tag: 98234
  - 6
    - Corum Sugar Cube 10140.501810, Best Luxury Watch - Corum Sugar Cube 10140.501810, Best Luxury Watch - www.luxury-gift.org Luxury Gift : http://www.luxury-gift.org Corum Watches : http://www.luxury-gift.org//corum-watches.html Corum Sugar Cube 10140.501810 Link : http://www.luxury-gift.org/Watches/corum-watch-697.html Corum Sugar Cube 10140.501810 Information : Brand : Corum Watches Series : Sugar Cube Code : 10140.501810 Gender : Small Case Material : Stainless Steel Dial Color : Red Bracelet Strap : Leather - Red Movement : Quartz Clasp Type : Tang Buckle Bezel : Fixed Crystal : Scratch Resistant Sapphire Case Back : Solid Case Diameter : 16mm x16mm Case Thickness : Water Resistant : Stainless Steel Case, Red Lizard strap, Red dial, Diamond bezel (Total weight 0.33ct). Corum Sugar Cube 10140.501810 Link : http://www.luxury-gift.org/Watches/corum-watch-697.html Tag: Administrator account and lockout policy Tag: 98233
  - 7
    - Omega Co-Axial Automatic Chronometer 4581.31, Best Luxury Watch - Omega Co-Axial Automatic Chronometer 4581.31, Best Luxury Watch - www.luxury-gift.org Luxury Gift : http://www.luxury-gift.org Omgea Watches : http://www.luxury-gift.org//omgea-watches.html Omega Co-Axial Automatic Chronometer 4581.31 Link : http://www.luxury-gift.org/Watches/omega-watch-1842.html Omega Co-Axial Automatic Chronometer 4581.31 Information : Brand : Omgea Watches Series : Co-Axial Automatic Chronometer Code : 4581.31 Gender : Ladies Case Material : Dial Color : Silver Bracelet Strap : Stainless Steel Movement : Automatic Chronometer Clasp Type : Bezel : Crystal : Case Back : Case Diameter : Case Thickness : Water Resistant : Stainless steel Case & Bracelet , Silver dial, Date between 4 & 5, Sapphire Crystal with multiple Anti-Reflective coatings, COSC Certified Chronometer, Water Resistant to 100m/330ft. 32.5mm diameter. Omega Co-Axial Automatic Chronometer 4581.31 Link : http://www.luxury-gift.org/Watches/omega-watch-1842.html Tag: Administrator account and lockout policy Tag: 98232
  - 8
    - Verifying an account password without modyfying the last logon Is there a method of checking that a Windows Local or Domain account password matches a given password, without the account last logon date being modified? E.g: if I check the password based on a successfull $IPC share, then the Last Logon date of the user changes, i would like to avoid this date changing. thanks, B Tag: Administrator account and lockout policy Tag: 98227
  - 9
    - FYI - Windows Update agent (client) infrastructure update coming soon Crossposted to Windows Update, Security, and Security HomeUsers newsgroups. Follow-up set to Windows Update newsgroup. ================================= Microsoft Update Product Team Blog: Upcoming Update to Windows Update [I'd like to let you know that, beginning at the end of this month and continuing over the next few months, we?ll be rolling out an infrastructure update to the Windows Update agent (client). I wanted to take this opportunity to provide some background on the update and discuss the value these updates bring to you...] http://blogs.technet.com/mu/archive/2008/07/03/upcoming-update-to-windows-update.aspx -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience Tag: Administrator account and lockout policy Tag: 98216
  - 10
    - preventing information theft Hi, I want to make sure I don't miss something. Here is what I want to do; - Prevent any domain users to be able to copy any documents (or information) from the server (from mapped drive) to a removable disk, usb key, floppy, etc.... I know that even though it is doable they can still send by e-mail but I'm not there yet. For now we are in the process of disabling the burning feature of xp and software restrictions policies but to be able to prevent information theft the best way possible would be nice. I think there is a microsoft product that does that but can't remember which one. Any ideas would be appreciated. note ; sbs 2003 server with all workstations at XP sp2 or sp3. Thanks Tag: Administrator account and lockout policy Tag: 98213
  - 11
    - Hosting security At present we host our own web servers in a hosting centre. The web servers are on a workgroup with a Cisco firewall between them and the back-end database servers (SQL). Obivously only the database ports are open on this firewall. We are in the process of changing all our equipment and I was just wondering if anyone had any opinions on 'best practise' for this sort of environment? From an admin sort of view, it would be easier if all on same domain and SCOM would work better that way but this would open up our SQL servers to possible attack. Thanks Tag: Administrator account and lockout policy Tag: 98212
  - 12
    - Templates not showing in Web enrollment I have a problem where I seem to add a template into the Certificate Templates folder on my Root CA but it doesnt show up on the web enrollment server. I have a theory that this might be becuase the Root CA is an Enterprise CA and the issuing server running web enrollment is a standalone CA. Setup this way for "security" reasons and i was lucky to inherit. Is this the reason? if so how do i get those templates copied over to the web enrollment server? Tag: Administrator account and lockout policy Tag: 98210
  - 13
    - setting password for wireless base station Setting up wireless in my home. Instructions call for using admin as the the basic password, but the system rejects it. Any idea where to go from here? I am not a techie, so please be patient with me. Tag: Administrator account and lockout policy Tag: 98207
  - 14
    - Data Protection Is there a way to block users from copying data from shared network drives to external drives or CD's? Would even settle for monitoring to log files to track those users that attempt to take data off site. Or both would be great. Tag: Administrator account and lockout policy Tag: 98205
  - 15
    - Control time limit of cached credentials Hello, We have a few laptop users with logins to our AD domain. They are sometimes offsite for quite a while. Eventually, they can no longer log in with their domain credentials. Our help desk then has to walk them through setting up a local profile so they can work. Is there a way to set this so the credentials don't timeout? Or is there a way for them to be able to authenticate remotely to our domain? I already went down the route of using our VPN client but that is not supported. Any help would be appreciated. We'd prefer not to have to give these people local machine accounts. Thanks, Mike H Tag: Administrator account and lockout policy Tag: 98201
  - 16
    - Breitling Aeromarine Superocean Steelfish X-Plus Steel Blue Rubber Breitling Aeromarine Superocean Steelfish X-Plus Steel Blue Rubber Mens Watch A1739010-C6-586, Best Luxury Watch - www.luxury-gift.org Luxury Gift : http://www.luxury-gift.org Breitling Watches : http://www.luxury-gift.org//breitling-watches.html Breitling Aeromarine Superocean Steelfish X-Plus Steel Blue Rubber Mens Watch A1739010-C6-586 Link : http://www.luxury-gift.org/Watches/breitling-watch-270.html Breitling Aeromarine Superocean Steelfish X-Plus Steel Blue Rubber Mens Watch A1739010-C6-586 Information : Brand : Breitling Watches Series : Breitling Superocean Steelfish Code : breitling-aeromarine-A1739010-C6-586 Gender : Mens Case Material : Stainless Steel Dial Color : Blue Bracelet Strap : Blue Rubber Movement : Automatic Clasp Type : Tang Bezel : Unidirectional Rotating Crystal : Scratch Resistant Sapphire Case Back : Case Diameter : 44mm Case Thickness : Water Resistant : 1500m/5000ft Stainless steel case. Blue rubber strap. Blue dial. Date displays at 3 o'clock position. Unidirectional rotating ratcheted bezel. Cambered sapphire crystal, glareproofed both sides. Tang clasp. Case diameter 44mm. Case thickness 16.1mm. Automatic movement. Water resistant at 2000 meters (6600 feet) Breitling Aeromarine Superocean Steelfish X-Plus Steel Blue Rubber Mens Watch A1739010-C6-586 Link : http://www.luxury-gift.org/Watches/breitling-watch-270.html Tag: Administrator account and lockout policy Tag: 98197
  - 17
    - Client-Cert doesn't shown in selection when SSL-login Hi all! I have a client-certificate created with our CA on a windows2003 server standard edition with the "user-template". The problem is, that this certificate is not shown in the certificate-selection when i try to establish an SSL connection with client-auth. The certificate is installed in the local user-certificate-store. Other certificates, such as my private Thawte-Certificates are shown. This problem occurs also with Firefox. What do I have to configure, that I can use certificats of our CA with SSL-client-auth? Have anyone an idea or solution for this problem? Thanx Pat Following there is a dump of this certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 1e:d4:20:a4:00:00:00:00:01:c6 Signature Algorithm: sha1WithRSAEncryption Issuer: C=de, O=xxx, OU=test, CN=CA 0 Validity Not Before: Jun 30 12:13:20 2008 GMT Not After : Jun 30 12:13:20 2009 GMT Subject: DC=de, DC=xxx, DC=test, CN=Users, CN=Administ Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:a6:22:cd:73:47:94:a0:67:67:48:ea:2b:35:02 bd:a4:2e:aa:7c:e6:95:2d:fc:48:af:97:f7:e1:cf 46:9b:eb:7c:28:94:d0:aa:f9:7c:7c:4a:fd:05:3f e4:95:1d:9e:7a:be:db:00:58:70:55:5e:54:38:f5 1c:b1:7c:ce:2a:25:c8:14:b4:67:d1:4b:8a:24:63 26:e6:87:ca:0d:03:6c:72:24:9e:5f:d5:79:de:f6 97:20:cc:44:11:87:6f:5e:d0:ca:bb:d7:0f:b0:9e 64:9c:f2:fa:f0:65:e7:bf:8b:0a:6d:7c:c4:5b:97 20:ea:18:99:eb:b9:64:1b:1d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment S/MIME Capabilities: ......0...+....0050...*.H.. ..*.H.. X509v3 Subject Key Identifier: EE:F0:5F:EF:E0:2C:14:01:30:8C:17:83:22:AE:54:E4: 1.3.6.1.4.1.311.20.2: ...U.s.e.r X509v3 Authority Key Identifier: keyid:55:10:1A:80:D2:25:10:04:04:22:13:1B:5B:FE: 1 X509v3 CRL Distribution Points: URI:ldap:///CN=CA%200,CN=xxx-7zjm60,CN=CDP, 20Services,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?c tionList?base?objectClass=cRLDistributionPoint URI:http://xxx.test.xxx.de/CertEnr Authority Information Access: CA Issuers - URI:ldap:///CN=CA%200,CN=AIA,CN=Pub ices,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?cACerti ctClass=certificationAuthority CA Issuers - URI:http://xxx.test.xxx /xxx.test.xxx.de_CA%200.crt X509v3 Extended Key Usage: Microsoft Encrypted File System, E-mail Protecti nt Authentication X509v3 Subject Alternative Name: othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption 0d:f1:58:49:f3:33:8c:a5:9d:c6:5c:9d:7c:89:9f:f4:66:3e: 72:cf:3e:f5:18:74:1f:1b:b9:23:1f:a1:01:dc:83:82:74:4f: c5:fc:54:e4:ad:73:38:01:f7:ad:39:d2:9c:d3:53:75:0e:8f: c8:64:27:24:34:ee:6a:60:2e:8a:7c:8b:d6:e0:21:6a:92:13: 7f:0e:71:8c:e1:e6:76:36:ef:35:8e:24:a7:42:96:ad:51:8b: ef:24:e4:19:28:4b:a2:0c:69:ab:47:a8:eb:8e:e5:c9:a9:32: eb:68:d5:0b:72:19:e9:21:b5:aa:32:62:e0:c3:6e:41:ef:31: 54:8b:55:cd:10:da:27:ba:a0:a3:a0:73:35:d0:3c:93:58:82: ea:3d:52:18:c7:06:c5:40:ef:77:8d:33:54:78:b5:0c:6f:31: ea:4e:81:42:ba:40:e9:bb:4e:52:42:6e:d5:cd:35:6b:e5:1a: f4:1a:89:3a:ca:b0:8e:9e:56:a3:78:53:52:76:3d:45:5a:f6: d5:aa:38:d5:7e:12:df:02:93:0a:0f:3b:34:6c:34:7b:50:8b: b2:6d:74:f2:6f:63:82:6a:6f:7f:7d:d2:c3:56:7b:dc:11:e9: dd:5c:3a:1c:84:65:4c:2b:a8:22:a9:7c:ff:d7:02:87:cd:a8: 62:01:12:37 -----BEGIN CERTIFICATE----- MIIF/jCCBOagAwIBAgIKHtQgpAAAAAABxjANBgkqhkiG9w0BAQUFADA7MQswCQYD VQQGEwJkZTEOMAwGA1UEChMFa3RtYW4xDTALBgNVBAsTBHRlc3QxDTALBgNVBAMT BENBIDAwHhcNMDgwNjMwMTIxMzIwWhcNMDkwNjMwMTIxMzIwWjBuMRIwEAYKCZIm iZPyLGQBGRYCZGUxFTATBgoJkiaJk/IsZAEZFgVrdG1hbjEUMBIGCgmSJomT8ixk ARkWBHRlc3QxDjAMBgNVBAMTBVVzZXJzMRswGQYDVQQDExJBZG1pbmlzdHJhdG9y IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYizXNHlKBnZ0jqKzUC vaQuqnzmlS38SK+X9+HPRpvrfCiU0Kr5fHxK/QU/5JUdnnq+2wBYcFVeVDj1HLF8 ziolyBS0Z9FLiiRjJuaHyg0DbHIknl/Ved72lyDMRBGHb17QyrvXD7CeZJzy+vBl 57+LCm18xFuXIOoYmeu5ZBsdAgMBAAGjggNTMIIDTzALBgNVHQ8EBAMCBaAwRAYJ KoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcG BSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBTu8F/v4CwUATCMF4MirlTkCtJM RTAXBgkrBgEEAYI3FAIECh4IAFUAcwBlAHIwHwYDVR0jBBgwFoAUVRAagNIlEAQE IhMbW/7nx9yVyqEwggEPBgNVHR8EggEGMIIBAjCB/6CB/KCB+YaBumxkYXA6Ly8v Q049Q0ElMjAwLENOPXRva2VubWFuLTd6am02MCxDTj1DRFAsQ049UHVibGljJTIw S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz10 ZXN0LERDPWt0bWFuLERDPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFz ZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY6aHR0cDovL3Rva2Vu bWFuLTd6am02MC50ZXN0Lmt0bWFuLmRlL0NlcnRFbnJvbGwvQ0ElMjAwLmNybDCC ASUGCCsGAQUFBwEBBIIBFzCCARMwgaoGCCsGAQUFBzAChoGdbGRhcDovLy9DTj1D QSUyMDAsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZp Y2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dGVzdCxEQz1rdG1hbixEQz1kZT9jQUNl cnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0 eTBkBggrBgEFBQcwAoZYaHR0cDovL3Rva2VubWFuLTd6am02MC50ZXN0Lmt0bWFu LmRlL0NlcnRFbnJvbGwvdG9rZW5tYW4tN3pqbTYwLnRlc3Qua3RtYW4uZGVfQ0El MjAwLmNydDApBgNVHSUEIjAgBgorBgEEAYI3CgMEBggrBgEFBQcDBAYIKwYBBQUH AwIwOgYDVR0RBDMwMaAvBgorBgEEAYI3FAIDoCEMH0FkbWluaXN0cmF0b3JDZXJ0 QHRlc3Qua3RtYW4uZGUwDQYJKoZIhvcNAQEFBQADggEBAA3xWEnzM4ylncZcnXyJ n/RmPnLPPvUYdB8buSMfoQHcg4J0T8X8VOStczgB96050pzTU3UOj8hkJyQ07mpg Lop8i9bgIWqSE38OcYzh5nY27zWOJKdClq1Ri+8k5BkoS6IMaatHqOuO5cmpMuto 1QtyGekhtaoyYuDDbkHvMVSLVc0Q2ie6oKOgczXQPJNYguo9UhjHBsVA73eNM1R4 tQxvMepOgUK6QOm7TlJCbtXNNWvlGvQaiTrKsI6eVqN4U1J2PUVa9tWqONV+Et8C kwoPOzRsNHtQi7JtdPJvY4Jqb3990sNWe9wR6d1cOhyEZUwrqCKpfP/XAofNqGIB Ejc= -----END CERTIFICATE----- Tag: Administrator account and lockout policy Tag: 98190
  - 18
    - Breitling Windrider Cockpit 18kt Yellow Gold Steel Mother-of-pearl Breitling Windrider Cockpit 18kt Yellow Gold Steel Mother-of-pearl Mens Watch A4935053-A5-469, Best Luxury Watch - www.luxury-gift.org Luxury Gift : http://www.luxury-gift.org Breitling Watches : http://www.luxury-gift.org//breitling-watches.html Breitling Windrider Cockpit 18kt Yellow Gold Steel Mother-of-pearl Mens Watch A4935053-A5-469 Link : http://www.luxury-gift.org/Watches/breitling-watch-120.html Breitling Windrider Cockpit 18kt Yellow Gold Steel Mother-of-pearl Mens Watch A4935053-A5-469 Information : Brand : Breitling Watches Series : Breitling Cockpit Code : breitling-windrider-A4935053-A5-469 Gender : Mens Case Material : 18kt Yellow Gold And Stainless Steel Dial Color : White Mother-of-pearl Bracelet Strap : Black Leather Movement : Automatic Clasp Type : Deployment Bezel : Unidirectional Rotating Crystal : Scratch Resistant Sapphire Case Back : Case Diameter : 41mm Case Thickness : Water Resistant : 300m/1000ft Stainless steel case with 18kt yellow gold accents. Black leather strap. Mother-of-pearl dial. Double window date displays at 3 o'clock position. Undirectional rotating ratcheted bezel. Cambered sapphire crystal, glareproofed both sides. Case diameter 41mm. Case thickness 14mm. Automatic movement. Water resistant at 300 meters (1000 feet) Breitling Windrider Cockpit 18kt Yellow Gold Steel Mother-of-pearl Mens Watch A4935053-A5-469 Link : http://www.luxury-gift.org/Watches/breitling-watch-120.html Tag: Administrator account and lockout policy Tag: 98188
  - 19
    - Breitling Navitimer Montbrilliant Datora Mens Watch A2133012-G5-739P, Breitling Navitimer Montbrilliant Datora Mens Watch A2133012-G5-739P, Best Luxury Watch - www.luxury-gift.org Luxury Gift : http://www.luxury-gift.org Breitling Watches : http://www.luxury-gift.org//breitling-watches.html Breitling Navitimer Montbrilliant Datora Mens Watch A2133012-G5-739P Link : http://www.luxury-gift.org/Watches/breitling-watch-57.html Breitling Navitimer Montbrilliant Datora Mens Watch A2133012-G5-739P Information : Brand : Breitling Watches Series : Breitling Montbrilliant Datora Code : Breitling-A2133012-G5-739P Gender : Mens Case Material : Stainless Steel Dial Color : Silver Bracelet Strap : Brown Leather Movement : Automatic Clasp Type : Tang Bezel : Bidirectional Rotating Slide Rule Crystal : Scratch Resistant Sapphire Case Back : Case Diameter : 43mm Case Thickness : Water Resistant : 30m/100ft Stainless steel case. Brown leather strap. Silver dial. Chronograph measures 1/5th second, 30 minutes, 12 hours. Day and month display beneath 12 o'clock position. Arc-shaped date indicator. 42 hour power reserve. Bidirectional bezel with slide rule. Non screw-locked crown with two gaskets. Screwed-in caseback. Cambered sapphire crystal, glareproofed both sides. Tang clasp. Case diameter 43mm. Case thickness 14.1mm. Automatic movement. Water resistant at 30 meters (100 feet) Breitling Navitimer Montbrilliant Datora Mens Watch A2133012-G5-739P Link : http://www.luxury-gift.org/Watches/breitling-watch-57.html Tag: Administrator account and lockout policy Tag: 98187
  - 20
    - Dior Sunglasses SG_DI0704045 - www.luxury-gift.org Dior Sunglasses SG_DI0704045 - www.luxury-gift.org Luxury Gift : http://www.luxury-gift.org Christian Dior sunglasses : http://www.luxury-gift.org/Sun-Glasses/Christian-Dior-sunglasses.html Dior Sunglasses SG_DI0704045 Link : http://www.luxury-gift.org/Sun-Glasses/Dior_Sunglasses_SG_DI0704045.html Dior Sunglasses SG_DI0704045 Information : Brand : Christian Dior sunglasses Code : SG_DI0704045 Description : fashion Dior Sunglasses SAME AS PICTURE2008 new arrivel fashion Dior sunglasses and welcome to wholesale2 Pair 39.USD /1PC6 pair 32.USD /1PC12 pair 24.USD /1PC Dior Sunglasses Link : http://www.luxury-gift.org/Watches/Dior_Sunglasses_SG_DI0704045.html Tag: Administrator account and lockout policy Tag: 98186
  - 21
    - Omega Constellation Iris 95 1377.79, Best Luxury Watch - Omega Constellation Iris 95 1377.79, Best Luxury Watch - www.luxury-gift.org Luxury Gift : http://www.luxury-gift.org Omgea Watches : http://www.luxury-gift.org//omgea-watches.html Omega Constellation Iris 95 1377.79 Link : http://www.luxury-gift.org/Watches/omega-watch-1913.html Omega Constellation Iris 95 1377.79 Information : Brand : Omgea Watches Series : Constellation Iris 95 Code : 1377.79 Gender : Ladies - Small Case Material : Stainless Steel & Gold Dial Color : Mother of Pearl Bracelet Strap : Steel & Gold Movement : Quartz Clasp Type : Push Button Foldover Clasp Bezel : Fixed Crystal : Scratch Resistant Sapphire Case Back : Solid Case Diameter : 25.5mm Case Thickness : 7.5mm Water Resistant : 30m 18KT yellow gold and Stainless steel case and bracelet, Center gold bar, Diamond set bezel, Mother of Pearl dial set with 12 colored stones. Omega Constellation Iris 95 1377.79 Link : http://www.luxury-gift.org/Watches/omega-watch-1913.html Tag: Administrator account and lockout policy Tag: 98185
  - 22
    - Omega Co-Axial Chronograph 4841.50.31, Best Luxury Watch - Omega Co-Axial Chronograph 4841.50.31, Best Luxury Watch - www.luxury-gift.org Luxury Gift : http://www.luxury-gift.org Omgea Watches : http://www.luxury-gift.org//omgea-watches.html Omega Co-Axial Chronograph 4841.50.31 Link : http://www.luxury-gift.org/Watches/omega-watch-1608.html Omega Co-Axial Chronograph 4841.50.31 Information : Brand : Omgea Watches Series : Co-Axial Chronograph Code : 4841.50.31 Gender : Mens Case Material : Stainless Steel Dial Color : Black Bracelet Strap : Leather-Black Movement : Automatic Chronograph Chronometer Clasp Type : Deployant Clasp Bezel : Crystal : Anti-Reflective Scratch Resistant Sapphire Case Back : Transparent Case Diameter : 41mm Case Thickness : Water Resistant : 100m/330ft. Stainless steel Case, Black crocodile leather strap with deployment buckle, Black dial, Date at 6, Small seconds dial. Omega Co-Axial Chronograph 4841.50.31 Link : http://www.luxury-gift.org/Watches/omega-watch-1608.html Tag: Administrator account and lockout policy Tag: 98184
  - 23
    - Monogram Canvas Tivoli GM M40144 - www.luxury-gift.org Monogram Canvas Tivoli GM M40144 - www.luxury-gift.org Luxury Gift : http://www.luxury-gift.org Louis Vuitton handbags : http://www.luxury-gift.org/Handbags/Louis-Vuitton-handbags.html Monogram Canvas Tivoli GM M40144 Link : http://www.luxury-gift.org/Handbags/Handbags-7328.html Monogram Canvas Tivoli GM M40144 Information : Brand : Louis Vuitton handbags Code : Description : Its bowling bag shap, base studs and soft, pleated Monogram canvas makes the bag perfect for everyday use. Carried on the shoulder or hand-held, it takes its name from a famous town in Lazio, Italy.- Monogram canvas, textile lining, natural cowhide trimmings- Golden brass pieces- Zippered closure with an elegant chain- Inside patch pocket and cell phone compartment- Hand-held or carried on the shoulder with its adjustable straps- Protective base studSize: 18.1" x 11" x 7.9"This Monogram Canvas Tivoli GM Handbag comes with:Serial and model numbers, the LV dust bag, care booklet, LV cards, and copy of the genuine receipt from an official LV store. Monogram Canvas Tivoli GM M40144 Link : http://www.luxury-gift.org/Watches/Handbags-7328.html Tag: Administrator account and lockout policy Tag: 98180
  - 24
    - Delete MSBA reports/scans Hi, How can I get rid of old MBSA reports/Scans. I can not find a delete option. I am currently using MSBA 2.1 Thx Tag: Administrator account and lockout policy Tag: 98173
  - 25
    - Opening ports What is the command or procedure for opening specific ports in Windows Server 2003? Tag: Administrator account and lockout policy Tag: 98172

I have account lockout policy applied to the domain. I created an account
(not a default administrator account) which is member of domain admin, is
there a way to have this admin account exempt from this lockout policy?
Thanks!

Top

Re: Administrator account and lockout policy by Dobromir

Dobromir
Tue Jul 15 15:50:54 CDT 2008

Not before Windows 2008 - as there is a single domain password policy for
all users.

You can in Windows 2008 - see this link for more details:
http://technet.microsoft.com/en-us/magazine/cc137749(TechNet.10).aspx

--
---
HTH,
Dobromir

Learn more about Security and Identity Management:
Visit http://www.iamechanics.com

"RayRogers" <RayRogers@news.postalias> wrote in message
news:C4F80131-F580-4936-A781-BDA313B9748D@microsoft.com...
>I have account lockout policy applied to the domain. I created an account
> (not a default administrator account) which is member of domain admin, is
> there a way to have this admin account exempt from this lockout policy?
> Thanks!

Top

Re: Administrator account and lockout policy by RayRogers

RayRogers
Wed Jul 16 16:49:01 CDT 2008

Thank you very much for the info.

"Steve Riley [MSFT]" wrote:

> I'd encourage you not to use account lockout. I know that some of our
> published guidance recommends it, but that was written some time ago.
> Account lockout is expensive -- the average cost per call to a help desk is
> $70. Plus, it creates a situation in which an attacker can intentionally
> lock out some or all of your users -- a kind of denial of service attack. So
> long as you're using good (by that I mean long) passphrases, then you really
> don't need account lockout.
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> "RayRogers" <RayRogers@news.postalias> wrote in message
> news:C4F80131-F580-4936-A781-BDA313B9748D@microsoft.com...
> > I have account lockout policy applied to the domain. I created an account
> > (not a default administrator account) which is member of domain admin, is
> > there a way to have this admin account exempt from this lockout policy?
> > Thanks!
>

Top