Built-in SID accounts???

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - GPO for restricting Internet sites? Is there a way to set up a Group Policy that will allow me to block all internet sites, but give me the flexibility to add certain sites for access as deemed necessary? While I would prefer this to be done on a user basis, I am willing to apply to computers instead. Tag: Built-in SID accounts??? Tag: 89560
  - 2
    - Looking for a IDS/Sniffer Hi All, I'm not sure if this is the forumn for this question or not but I'll throw it out there. I'm working at a client where the manager wants to implement a IDS and network sniffer solution. Basically we want to 1) monitor and block intrusions into our nework from outside 2) track and block internet abuses 3) track and manage network performance (packets, http, etc..) All of this is to enhance the Cisco firewally we already have in place. Our network is Windows 2003 AD and what we're really starting to do is build an enterprise network that will provide the stability and protection we're looking for in the long run. We have 2 other branch offices that will need to be protected by this solution as well and I'm sure in the future we will be adding other branches to the scheme of things. Can anyone recommend any good security products that they've worked with that provides these functionalities? Thanks, Cooley Tag: Built-in SID accounts??? Tag: 89559
  - 3
    - help in locking down Start button, Task bar, desktop and clock I am not sure where to post this but for now I will put it here. I have two computer running XP PRO Ser pack 2, the end users that will run the computers only need to see the desk top Icons ( this part I got ), and on the start button to see only the logoff and shutdown buttons ( this part I got ) I now need help in locking down the Clock, the start button, Desktop and the task bar how do I turn off the right click on these items I know it can be done I have seen a computer with this setup before please help or let me know witch area to post this. -- Al Dzina Tag: Built-in SID accounts??? Tag: 89557
  - 4
    - Pop-Ups Whenever I go onto the internet I am bombarded with pop-ups, especially ones where you cannot get rid of them no matter how many times you click the 'X', gambling ones seem to be the worst. Can anyone give me advice on how to solve this problem? Tag: Built-in SID accounts??? Tag: 89551
  - 5
    - PKI - Intermediate CA Hello, We can read on several papers that intermediate CA introduces a flexibility and policy layer into PKI design but I don t understand how we can achieve this. What customization is better at intermediate CA (standalone CA) level than at issuer CA level (Enterprise CA)? May be something like application policy and issuance policy restrictions? At issuer level we can restrict what certificates can be issued and to who they are issued. Tag: Built-in SID accounts??? Tag: 89550
  - 6
    - help!! hi... i'm wondering if anyone can help me? i have serveral annoying virus', which are stopping me do day to day tasks, interfere with my internet connection and drivers. i cant seem to get rid of them via the delete button or via norton antivirus, i'm wondering if there is anyway i can clear my c: drive in dos/command prompt and re-install windows xp in dos/command prompt if i need to but...... i dont know any commands.. can someone please help... i've been trying to learn but cant find any simple websites... i would like to know how to wipe the c: drive clean(my primary hard-drive) and re-install xp without an operating system?? can anybody help this lost soul??? pleaseeeee x x Tag: Built-in SID accounts??? Tag: 89546
  - 7
    - Defender AV/Spyware scan OK no problems But computer acting like v I have run Microsoft Defender, Trend Micro IS 2007 (Def's up to date) No problems found. But my computer continues to act like it has a virus or other infection. Spam has increased, cursor jumps about, Firefox locks up inexplicably, can't scan with AV yesterday ~ but OK today. Yesterday AV software keeps asking for password (no passworkd set). Just acting like something is wrong. Tag: Built-in SID accounts??? Tag: 89545
  - 8
    - Kerberos key table file Hi All, We are using SSPI/GSSAPI for coding an application consisting of server and client. We know that the service keytab is stored in a key table file on the system where the server program is running and this keytab is extracted using the ktpass utility. We don't want to use key table file for storing service keytab as this is not that secure enough. I want to know the following : 1. Is there any other way (not key table file) of storing the service keytab on the system where the server program is running. for eg: the host service keytab (host/<host-fqdn>@REALM) is stored somewhere maybe a keystore on that host and not in a key table file. 2. Can we use the same store where the host keytab is stored. If so, can you please point me to the sample code or functions which does this. Thanks in Advance, Srini Tag: Built-in SID accounts??? Tag: 89542
  - 9
    - EFS Recovery Agent Creation Question. All, I am in the final steps of implementing EFS into Active directory. I have created my CA server, configured my EFS recover template, but that leaves me with one question. When I request an EFS recovery certificate, the computer name is displayed in the summary page during the certificate request wizard. Does it matter which computer I create the recovery agentâ??s certificate upon as long as the computer is a member of the domain? Or does it need to be a certain computer in the domain such as a DC? Thanks for your help in this. Mark Tag: Built-in SID accounts??? Tag: 89536
  - 10
    - CA Autoenrollment I have an Ent. Root CA that has a Cert. Template that I want autoenrolled for specific users in AD. The CA works fine with manually requesting the certificate but I cannot seem to get the users autoenrolled. The certificate was created and the group added in the security tab of the certificate and read, write, enroll and autoenroll are checked. But the users still do not get the cert unless they pull it down through the web. I have run out of ideas. Any help would be appreciated. Thanks bob - new york Tag: Built-in SID accounts??? Tag: 89534
  - 11
    - NTService & ShellExecute Hello all, I'm trying opening a GUI application from an NT Service using the ShellExecute or CreateProcess API's. The execution succeeded, but the problem is that the GUI runs in the SYSTEM environment, so no GUI displayed. Can anybody help me in this? NOTE: I'm using VC++ with MFC 7 and the target OS's are 2K and later. Tag: Built-in SID accounts??? Tag: 89530
  - 12
    - Electronic Signatures in MS Word Hello, Does anyone know where I can get information on how to set up electronic signaturesin word?? What I am trying to do is set up users to email there approvel off insted of have to print off the sign them. Please let me know if anyone can help Tag: Built-in SID accounts??? Tag: 89529
  - 13
    - 802.1x, roaming profile, VLAN change Hi all, I have problem with roaming profile when the 802.1x authentication is configured and where there are 2 or more VLANs. If the machine authentication succesful, IAS will instruct the switch to configure the port to VLAN x. Then when a user logs on, IAS will instruct the switch to move the port to VLAN y. For other group of users, we set to VLAN z. The problem: the user won't be able to download (after logging in) and upload (after logging off). I notice that this is due to changing of VLAN on the switch: once the user logs on, the switch will quickly move the port to VLAN y, while the IP address of the PC still belongs to subnet of VLAN x. It means the PC cannot contact the server until it gets a new valid IP address (in the VLAN x). My setting: AuthMode --> 1 SupplicantMode --> 3 (based on http://technet2.microsoft.com/WindowsServer/en/Library/8e74974f-c951-48ce-8235-02f4ed8e74921033.mspx?mfr=true) I tried to create: GpNetworkStartPolicyTimeoutValue --> 60 (seconds) (under HKLM\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon, based on http://support.microsoft.com/default.aspx?scid=kb;en-us;840669) but no success. Is there any way to delay the downloading/uploading the profile? So that the PC will have time to change the valid IP address before downloading/uploading the user profile. Thank you in advance. Tag: Built-in SID accounts??? Tag: 89525
  - 14
    - My email address appears through search engine Although this may not be an appropriate forum for my question/concern, I am pleading for someone's suggestion or help to resolve my dilemma. Back in 2002 when I was a novice to on-line newsgroups, I posted several questions on the MS Newsgroup forum showing my actual email address. Several weeks ago I googled my email address and to my surprise it appeared several times on the following site. http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ms/ I am not familiar with that site but it appears to contain both active and archived newsgroups. Since about 2003 it appears that the email addresses are being encrypted (if thats the correct term?) to possibly prevent mining of addresses. However, prior to that time the posters' actual email address appeared, including mine. There could possibly be thousands of actual email addresses appearing on the site which are being mined and used to spam unsuspecting victims, of which I may be one. I have sent the web site several emails in recent weeks requesting that my postings and email address be removed from the site, however, it has only been removed in one instance and still appears in two other instances. Recent emails to the site requesting further deletions have gone unanswered and my postings and address still appear for the world to see. Can anyone advise how I can get this matter attended to. Sorry for the long post. Thanks. Tag: Built-in SID accounts??? Tag: 89524
  - 15
    - very strane problem with a mandatory profile i create mandatory profile with this steps: 1- create the profile I'll use as a mandatory profile 2-Save the mandatory profile in folder in local partation 3-change the Ntuser.dat to Ntuser.man 4-i configure the user accounts i want to use the mandatory profile 5-and when i log on with one of this users this error message appear : "Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator" i don't know what wrong i make .... plz plz plz plz help me thanx ta2ta2 Tag: Built-in SID accounts??? Tag: 89523
  - 16
    - Dialui Hello all, After scanning my system with Windows Defender a dialer called Dialui was found but when Defender tried to remove it error OX80501001 was encountered and the removal could not be completed, how can I remove this software and why Windows Defender could not complete the removal? Thank you in advance for your help. Tag: Built-in SID accounts??? Tag: 89519
  - 17
    - Eventlog Warning !!! WinXP SP2 Pro. Event Log Warning for both limited user, and priviliged user too. Windows saved user's xxxxx registry while an application or service was still using the registry. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as user account, try configuring the services to run in either LocalService or NetworkService account. Now I know where Services are, and how to go to properties-general tab-log on tab, but I do not know which service to click on in the first place in order to configure services. I also do not see a Select User dialog box to specify a user account under the Log on tab. I hope someone can give me a detailed lead in this one. Thank you so much.. >>worried<< Tag: Built-in SID accounts??? Tag: 89509
  - 18
    - Event log Systems we have 100+ servers, and would like to implement a syslog type of server. does anyone love/hate theirs that they would please share. We would like to get a eventlog system that will tell us when certian critera are met, like multiple failed log in attmepts, and critical system errors. a one stop shop per say for monitoring event logs. Something that will make reading the event logs easier, and easier to spot the important stuff. Tag: Built-in SID accounts??? Tag: 89500
  - 19
    - Kerberos with "Selective Authentication" over forest Trust Hello When we use "selective authentication" on the one-way forest trust, kerberos is not working, only NTLM. When we deselect "selective authentication" on the forest trust, kerberos works fine to access ressources in the ressouce domain. For security reasons we need "selective authentication" on the trust and we want kerberos as the authentication protocol. (The Domains are in W2K3 mode, serviceprincipalnames for the accounts are created) With "selective authentication" enabled we receive the following error from a DC in the resource Domain: No. Time Source Destination Protocol Info 53 3.896470 159.29.17.56 159.29.193.212 KRB5 KRB Error: KRB5KDC_ERR_POLICY Frame 53 (196 bytes on wire, 196 bytes captured) Ethernet II, Src: Cisco_f2:6c:f0 (00:d0:bc:f2:6c:f0), Dst: CompaqCo_dc:b2:4b (00:08:02:dc:b2:4b) Internet Protocol, Src: XXX.29.17.56 (159.29.17.56), Dst: XXX.29.193.212 (XXX.29.193.212) Transmission Control Protocol, Src Port: kerberos (88), Dst Port: 1853 (1853), Seq: 1, Ack: 1740, Len: 142 Kerberos KRB-ERROR Record Mark: 138 bytes Pvno: 5 MSG Type: KRB-ERROR (30) stime: 2006-10-27 09:54:51 (Z) susec: 940079 error_code: KRB5KDC_ERR_POLICY (12) Realm: SERVICES.XXX.YY Server Name (Service and Instance): HTTP/personal.services.XXX.YY Name-type: Service and Instance (2) Name: HTTP Name: personal.services.XXX.YY e-data PA-PW-SALT Type: PA-PW-SALT (3) Value: 130400C00000000003000000 NT Status: Unknown (0xc0000413) Unknown: 0x00000000 Unknown: 0x00000003 Does anyone have an idea? Greetings Roger Tag: Built-in SID accounts??? Tag: 89494
  - 20
    - Disable CD ROM for Certain User Account Hello, I am on Windows XP SP2. Is there a way to completely disable CD ROM (stop user from being able to use CD ROM, thus prevent use of bad, or virus infected CDs) for certain user account? I heard it is possible to do it via Group Policy or Local Security Settings, but I might be wrong. Thank you everyone. Tag: Built-in SID accounts??? Tag: 89489
  - 21
    - Beautiful women, aged clones, and Ultimate Fighting Championship Friend, I'm always looking for good and intelligent individuals like you to visit my website, www.ChezBrandon.com , and it has pictures of beautiful women, information about aged clones, and a link to Ultimate Fighting Championship, a very good show. My name is Brandon, and I'm in my 20s, am a college student, and as lie detectors, both conventional and unconventional would show, I've never been sexually penetrated. Moreover, I could be shown pictures of X, Y, and Z, and it would show that I'm only sexually attracted to women. The Murders of Our Leaders in Government were Stopped. I, Brandon, can take lie detector and psychological tests, and I can go before a panel of truth detecting experts. I tell the truth. A mini-psychological test: 8 times 2 = 16, the world is round, not flat, and the year is 2006. Feel free to call me, my cellphone number is 503.740.0272 (United States based) and feel free to utilize a GK-1 voice truth detecting device too: >From Congressmen Bill Frist to John Kerry to Dennis Hastert to Hillary Clinton to John Warner to Ron Wyden to Gordon Smith to John McCain to Joseph Lieberman to Nancy Pelosi to Diane Feinstein to Ted Kennedy to anyone else who happened to be in the Congressional chambers during either a joint session of Congress or a State of the Union address from Masons to Skull and Bones members to Secret Service agents to pages to visitors to other good individuals, they all would have been murdered, all of their accomplishments stripped away, their earned wealth stripped away, their homes stripped away, their family and friends stripped away. Moreover, someone else would have been sleeping with their spouses. Elements of the Mossad, who wanted to bathe in the blood of our Congressmen as well as bathe in the blood of leaders around the world, and when they seized power they would, as confirmed by psychic vision and confirmed auditorially, "he's right; he's psychic," would outlaw most if not all organizations, including the Masons, and these elements as Victor Ostrovsky writes about in his #1 New York Times bestseller By Way of Deception are out of control, notoriously lie, and have a disregard for life -- I was able, thank God, to thwart the conquest of the USA and the world, and was able to thwart the murder of United States and world leaders, via a psychic vision of Senator John Warner and other Congressmen being choked to death by gas, which was confirmed auditorially from both ears, such as "He saved Congress," who they were going to kill "all of them,""how did he know that?" and "he's psychic" -- murdered my biological Aunt Gloria Atkinson, whom I loved very much, as she did of me, and there is a tribute to her on my website. Please, friend, be sure to barricade your bedroom door at night. I'm not afraid of aged clones or the attempted chopping off of my appendages (elements of the Mossad talked about chopping off my right middle finger and right ear, and 10 out of 10 of my toes, like my right middle finger have unique steeple designs). I'm not afraid of anything. I'll defend myself to the best of my ability, and I commit my life to saving the lives of men, women, and children and strengthening good organizations. I will always remember my biological Aunt Gloria Atkinson. Sincerely, Brandon Tag: Built-in SID accounts??? Tag: 89488
  - 22
    - Event ID: 537 Hi, sorry if it post it before ( can't find a good solution ) On my DC win2003 i have manny security events Can anyone tell me what to do. Regards, Addy Tag: Built-in SID accounts??? Tag: 89487
  - 23
    - If I have created recovery image in a hidden partition, should I creat bootable rescue media in addition? Hi, all. I am using Acronis True Image to backup the partitions. I have created Acronis recovery manager in a hidden partition. If there is serious problem in the system, I can restore the chosen partitions just by pressing only one key a few seconds after system starts. Then should I creat bootable rescue media using CD-R in addition? Can't the recovery image function when the system can not be booted? Thanks. Tag: Built-in SID accounts??? Tag: 89485
  - 24
    - in defender: why is ther no 'always allow' status i have an old program that is not recognized by Defender. every time i start my computer Defender reports that it doens't recognize the program, then i can only choose between 'allow' and block. There should be a 'Always allow' but I can't find that option. Joepie. Tag: Built-in SID accounts??? Tag: 89482
  - 25
    - Trojan? Computer security issues Recently I was browsing the internet, and (I have Mcafee security programs) a window popped up saying a trojan was found, and blocked. I tried to close Internet Explorer when I saw this, but it wouldn't close for the next minute or so. I ran a virus and adware scan afterwards, but found nothing but the usual adware here and there, which I deleted. The computer has been running rather slowly since then, and so I opened up Windows Task manager recently. It showed the Processes menu, and didn't show the rest of the menu. All I could look at were the changing graphs of the computer's usage of space. When I examined these graphs, they showed the CPU usage going from 65-100% usage. I've tried many things to look at the rest of the menu of it, but to no avail. So, any suggestions as to what to do to find out what is causing this much space to be used on the computer? Tag: Built-in SID accounts??? Tag: 89479
- Next
  - 1
    - Google Powered Search Engine for Security/eSecurity Community I am building a Search Engine exclusively for the Security and eSecurity Community using Google's Coop program. I would like to NOT include any vendor sites, but just index sites that are vendor neutral. Would this is be a good strategy or not? The URL for the search engine is http://www.xml-dev.com Here are my current guidelines for site inclusion 1) I will NOT include any vendor site (e.g. Cisco, Microsoft, Bluecoat etc) 2) I will check the Netcraft ranking for each suggested URL that I receive. The site has to rank in <50K to be included in the index. (e.g. http://toolbar.netcraft.com/site_report?url=http://www.securityfocus.com) 3) I will also make sure that the site doesn't excessive amount of Ads. For e.g. I will not include http://www.securitynewsportal.com/index.shtml As far the inclusion of vendor sites in concerned, I think if one is searching for some specific information (e.g. install guide) for a particular product they should probably go to the vendor website or google it. However if you researching about a technology, lets says IDS, you really don't need to see the vendor sites. They will, off course, say that their product is the best in the world. For e.g. search for "Full Disk Encryption" on Google, and you will see that DriveCrypt and WinMagic show up in the first 3 results. And they both claim to be "best in the world" :) And I have tried both, and they are not the best (to say the least)! ;-) Instead I would like to see what other sites are saying about these products or "full disk encryption" in general Note: I am looking for few other people to help me filtering out the website, and updating the index. Please let me know if anyone is interested. As always please keep sending your favorite URLs. I have tons of URLs in my email box, and I will catch up with them (and reply to the sender) over the weekend :) Tag: Built-in SID accounts??? Tag: 89475
  - 2
    - EMAIL Scanning Error/Turned Off in Norton Internet Security (NIS) The following problem seemed to start about 3 weeks ago. The Anti Virus status window in NIS shows the status of email scanning as ERROR. It is turned off with no way to turn it back on. Uninstalling and reinstalling have not helped. A lengthy discussion with Norton tech support, not surprisingly, was useless as well. I just cleaned my Registry (WIN 2000), but that too made no difference either. The only other security product I am running is SPYWARE DOCTOR, but uninstalling that did not help either. I am now suspecting a conflict someplace, or perhaps even some as yet unidentified malware. Any ideas of a possible cause, or an approach I can take? Tag: Built-in SID accounts??? Tag: 89462
  - 3
    - Found an unknown keylogger/ spyware named "MrvGINA.dll" Anyone heard of this? Found it while trying to correct my computer starting in "Administator" user mode, as opposed to my normal user profile. A log in window appears, which I believe is created by the spyware to try and phish passwords. When I tried to change the settings a warning stating "Windows Security and Fast User turned off. Uninstall program to correct. Finding MrvGINA.dll may help determine the responible program". MrvGINA.dll is in the sytem32 folder. Neither Spybot Search & Destroy nor Norton Internet Security have identified the file leading me to believe it is a new spyware/malware. Tag: Built-in SID accounts??? Tag: 89453
  - 4
    - Parental Internet-access Control Software Title says it - any advice on which products are good? A free one would be ideal if it works reasonably well. Basic requirements are to lock-down which websites three children can visit. or at least to reduce the chances of them accidentally landing on disturbing porn material. Must work with Firefox. (or Opera/NS/Mozilla would be OK, but not IE for security reasons) Tag: Built-in SID accounts??? Tag: 89447
  - 5
    - IE7 final and SpySweeper Ver 5.2.3 build 2120 There are numerous incompatibilities with the latest version of SpySweeper and Internet Explorer 7.0 final. These incompatibilities have finally forced me to uninstall the latest version and go back to SpySweeper Ver 5.0.7 build 1608. Here is a list of the most troublesome interactions: 1. Opening a second tab in IE7 takes about 5-7 seconds just for the tab to appear. I had previously said 3-5 seconds but it got worse. 2. After the 2nd tab opens it takes about another 5 seconds for "anything" to even begin to appear in the new tab. 3. When holding the ctrl key and clicking on a link, in most cases, the desired link would appear in the original tab. 4. If I had multiple tabs open, and I wanted to close the active tab, I would press CTRL & W, which should close the active tab only. Many times when I did this Internet Explorer would close down. 5. Outlook Express would take ages to open and make a connection to my ISP's mail server. 6. Many other programs just seemed to be taking a lot longer to initialize. All of these problems have gone away after going back to SpySweeper Ver 5.0.7 build 1608. The 2nd (and additional) tabs open instantaneously. The web information begins to immediately paint the page. CTRL & click on web links open a new tab every single time. CTRL & W closes the active tab "every single time". Internet Explorer 7.0 final has stopped crashing. I think I will wait until the next SpySweeper program update until I try again. The present version just has too many problems! BTW, Firefox has not been affected with the SpySweeper update. -- Regards, Richard Urban Microsoft MVP Windows Shell/User (For email, remove the obvious from my address) Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! Tag: Built-in SID accounts??? Tag: 89444
  - 6
    - e-mail problems When I try to sign in to my hotmail account a window opens that informs me that I am about to view pages over a secure connection as I click on sign in to open my account another window opens informing me this time that I am about to leave a secure internet connection it will be possible for others to view information you send, if I do not wish to continue I can not access my messages. I am extremely concerned about this problem, I have been reading and looking for reasons and solutions on windows newsgroups but found nothing, I am almost computer illiterate and I am afraid that by having tried to solve the problem without the right knowledge I have check and uncheked, enable and disable and made a right mess out of my PC . I had enabled automatic updates but I feel that this problem started after I installed SP2, I have now uninstalled SP2 but the problem has not gone away, my homepage has also been changed to MSM Homepage and when I try to change it again it always reverts back to MSMHomepage, is it possible that my PC has been hijacked? Please, please help, thanks a million. Tag: Built-in SID accounts??? Tag: 89442
  - 7
    - Should I enable TLS 1.0? Should I enable TLS 1.0? If I do, will the encryption be stronger. So far, all I get when I am on a secure site is 128 mb encryption or less. If I do enable TLS 1.0, will anything happen? Tag: Built-in SID accounts??? Tag: 89439
  - 8
    - outside source changing passwords? Recently started having problems with MSN and Yahoo., where someone has been able to gain access from an outside source and reset my passwords. Not only are they resetting the passwords, but have managed to hijack,, 3 accounts,, and erased allmy contacts and personal e-mails. I have changed my passwords at different computers, and different areas not affiliated with home and work. is there any info that someone can help me with. please send any e-mail to lenmoscovitch@bond-tech-industries.com my msn is not secured,, Tag: Built-in SID accounts??? Tag: 89436
  - 9
    - Registry Access I want to remove domain users from having any rights to the registry on windows 2003. how do i do that? Tag: Built-in SID accounts??? Tag: 89433
  - 10
    - Is corruption of Hyperlinks possible? 1. Can something be embedded *in the hyperlink itself* which might cause immediate 'infection' of ones PC if it is 'clicked'? 2. Is there some way that a *third party* could interfere with a link - innocently posted in a messages - so that if a reader subsequently 'clicks' on the link (or even copies and pastes it into a Browser) - instead of being directed to a bona fide site, one might end up on, say, an 'infected' web site - a Spoof site in other words? Should the answer(s) be yes - exactly *how* might it done - clever use of Scripting? Is there a guide available from Microsoft to advise of how to avoid the pitfalls if either scenario *is* possible? Any guidance will be much appreciated. TIA David (XP Home SP2 and all Updates) Tag: Built-in SID accounts??? Tag: 89420
  - 11
    - Mysterious Files? I have just noticed a series of files that have started to appear on my c drive each day. Today they are s1vo.i, s1vo.j s1vo.j and so on. The file sizes and times created vary. Previously there were some named s2ss and so on that I deleted. I also have a couple of TXT files with similar file names that when I open with notepad are copies of emails I have received. Could someone provide some insight to what these are? I ran a full system scan with NIS 2006 with a "0" infection result. Thanks, Bob1170 Tag: Built-in SID accounts??? Tag: 89419
  - 12
    - stealth; good idea or bad; I have 2 different sources; who's right Well, I've heard some people say that having a "stealth" firewall is good, and some say it's bad. Two different views: Position A: Supposedly, according to the text beneath this, if a computer is not "stealthed", connecting to that computer, for example with a PING (I assume ICMP), a simple ICMP ping would send a "host unreachable" message back to the attacker. If the computer is "stealthed", it will simply drop the echo request, and no reply is sent back to the attackers' computer. That way, a "stealthed" computer will confirm it's existance. Thus being counterproductive. Position B: the "attacker" would receive a "host unreachable" message from a "stealthed" computer. Or would it not receive a "host unreachable" message, but something else, that will look like the same to the attacker ? For as far as I know, Steve Gibson from www.grc.com stands behind position B. So, which view is correct ? Maybe it's even more complicated, I'd like to gain some insight. Maybe firewalls can have different kinds of stealth. I don't know. That stealth is "out of spec" is not an argument for me. WHAT I SUSPECT, and I'd like to hear your views about that, is THAT THE INTERNET ITSELF is configured in such a way that if a "stealthed" computer does not respond to a ping or other attempt to establish a connection, the "attacker" would receive a "host unreachable" message. Thus making stealth sensible. Essentially position B. Below this the original article, that prompted me to do some investigation of my own (not very succesfull), and asking this question here. Insight/help appreciated. Quoting article" Stealth, when it comes to computer security, is when the computer (or other network equipment) does not issue any sort of reply to connection attempts, including ICMP echo requests (ping). I guess the idea was that if there's no response, they can't see that anything is there, and therefore you're "stealthed" from the outside world. For some reason, this was assumed to be a security enhancement because you cannot attack what you cannot see... Oh boy, is that ever wrong. "Stealth" doesn't mean you are invisible at all. Instead, it makes you stick out like a sore thumb. Here's a picture showing a would-be attacker and your computer behind a firewall. A simple "ping" from the attacker travels through the cloud, and to the router in front of your firewall. Next, the echo request gets to your firewall. A stealth firewall will simply drop the echo request, and no reply is sent back to the attackers' computer. So, you're invisible, right? Since there's no reply, there's no computer there, right? Wrong and wrong! If there really was no computer (or firewall) there, the router sitting in front would reply for you with a simple ICMP "host unreachable" message back to the attacker. The attacker would then know that there really is nothing there. The lack of this "host unreachable" message is a clear indication that something is there and it's dropping the packets rather than replying to them. A simple telnet connection will yield the same result. If the attacker attempts to telnet to your computer, and your firewall simply drops the packets with no reply (stealth), then the connection attempt simply times out. Again, this is not an indication that there's nothing there, because the router did not send the "host unreachable" message. With a non-stealth setup, a reply packet is sent, and assuming no telnet server is running, the reply will be a loud "no service here." If you shut your computer off, the connection attempt will also time out, but then the router will send the "host unreachable" message back to the attacker, so they really know that you're not there at the moment. So, being "stealth" doesn't really add any security at all, nor does it really hide you from anyone else. Anyone who wants to really know if there's anyone at a give IP address will have no difficulty seeing that you're really there because you are trying too hard to appear not to be. Since stealth is violating the normal rules of network connectivity, it makes you more visible, not less. " Tag: Built-in SID accounts??? Tag: 89403
  - 13
    - changing local administrator password *securely* I've been asked to change the local administrator password on a number of remote Windows 2000 and Windows XP systems. I know that this can be easily accomplished in a number of ways: scripted with VBScript and run from my PC or from SMS, third-party tools like pspasswd, via the cusrmgr.exe resource kit tool, and so on. However, I'm concerned that these distribution methods send the password in the clear across the network. Does the cusrmgr.exe tool use any sort of encryption when changing the password of a remote computer? Is there some way of doing this change that doesn't involve something drastic like setting up IPSec on the entire network? Tag: Built-in SID accounts??? Tag: 89402
  - 14
    - Schedule Task freezes explorer I'm running windows 2003 SP1 (is a domain controller and a exchange 2003 SP2 server) and every time I open the schedule task my server freezes. I manually kill the explorer process and everything just go back to normal. This happens all the time and I need to run the schedules tasks in order to make my automatic backups. I have all the updates installed on my server, can you help me? Tag: Built-in SID accounts??? Tag: 89401
  - 15
    - modem, router, firewall ? advice requested Well, for some time some "data" has been "leaking" through my router (supposed to have a firewall, which is confirmed by SOME tests), to my computer, where my software firewall catches it. I have been considering geting a 100 % stealth firewall/router. Including port 0, that my Sitecom router won't let me make stealth anyway. It doesn't have an official stealth option, you need to use a trick, but that doesn't work for port 0. (Which can be detected). Data passes through my modem to my router, and then to my pc. Today, it just occurred to me: would having a stealth router make any sense at all ? I really don't know how this works, but wouldn't scanners/computers just detect my modem (brand Arris, got it from cable company), regardless of what my router claims to be stealth ? My modem is directly connected to the internet, and for as far as I know it doesn't have a firewall. So it's really a technical question: can the mere presence of an active modem with an active router be detected by others on the internet ? Imagine I got a 100 % stealth router, wouldn't others on the internet detect me (IP address, basically static computer name and IP), by detecting the modem ? And does it matter in that case, whether my computer was ON or OFF ? Insight appreciated. Tag: Built-in SID accounts??? Tag: 89400
  - 16
    - Service Pack 2 problem Ever since I accidentally reinstalled Windows XP(I had forgotten that I left the disk in the drive, and when another user started the computer, he 'boot[ed] from CD'), an alert has been telling me that I do not have service pack 2 installed, yet I installed it months ago, and the site where I could retrive Service Pack 2 told me I had it. The remnants of SP2 that I have, like the icons for Security Center and Windows Firewall, are inoperable, with SC turned off completely, and the WF link not working, due to an 'unidentified problem.' I don't know what to do, and every second I am online is another second I am exposed to innumerable security risks... Help! Tag: Built-in SID accounts??? Tag: 89399
  - 17
    - How to communicate with a named pipe on another PC without security Hello, assume I create a named pipe on one pc where can set up any security descriptor for it I want to (you name please how to do this and what descriptor to set), how can I connect from a second PC on the LAN (assume both cases: peer to peer and domain based networking) to that pipe without my connection being rejected due to security reasons? OS is either W2000 SP4 or XP SP2. Greetings Markus Tag: Built-in SID accounts??? Tag: 89390
  - 18
    - releasing confidential docs have a question. I have a potential client asking for Security documents from my company. They include, IT Org chart, Information Security Policy, Data Classification Policy, Data Retention Policy, Data Destruction Policy, Risk Assessment Standard, System Backup Policy, Business Continuity Plan Summary, Disaster Recovery Plan Summary. In your opinion, does releasing this info make for a security violation? Would signing of Non-Disclosure be enuf to protect my company? thx Tag: Built-in SID accounts??? Tag: 89382
  - 19
    - published: Microsoft Security Intelligence Report Microsoft posted, dated 10/23, a pdf titled the Microsoft Security Intelligence Report http://www.microsoft.com/downloads/details.aspx?familyid=1c443104-5b3f-4c3a-868e-36a553fe2a02&displaylang=en This details the "as experienced" trends in the malicious software arena for the first half of '06, is a quite interesting read (if you are into such things that indicate the hostility of the environment) and virtually certainly is based on the largest real-world sample ever used in such an analysis. -- Roger Abell Microsoft MVP (Windows Server : Security) MCDBA, MCSE W2k3+W2k+Nt4 Tag: Built-in SID accounts??? Tag: 89381
  - 20
    - SNMP Service Security Key I'm trying to find out the purpose behind the following registry key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Security] If anyone can help shine some light on the uses of this key by SNMP or point me to a resource explaining it I would deeply appreciate it. I haven't been able to find anything in my reference material so far. Thank you, -- Cody Billings Tag: Built-in SID accounts??? Tag: 89379
  - 21
    - Root CA CRLs I'm setting up a two-tier PKI hierarchy. The root will be offline and will sign the issuing CA certificate. What is the best-practice for the root Certificate Revocation List and revoking the root certificate? Should I immediately revoke the root certificate after creating the issuing CA and store it in a secure location in case the passphrase is lost? Should I create a certificate revocation list from the root or only on the issuing CA? I certainly don't want to have to retrieve the root authority to update the list, but will the clients handle this OK if the root public key is in the browser but the issuing CA revokes certificates and publishes the list? I would think so, since the chain should be intact. Thanks in advance. Tag: Built-in SID accounts??? Tag: 89378
  - 22
    - Defender 1.0 error I am receiving the following error when attempting to update the definitions from the original install of Defender 1.0. Please advise, Thanks, Jeff > Event Type: Error > Event Source: MPSampleSubmission > Event Category: None > Event ID: 5000 > Date: 10/25/2006 > Time: 11:03:47 AM > User: N/A > Computer: CCIS1773 > Description: > EventType mptelemetry, P1 8024001d, P2 unspecified, P3 unspecified, P4 1.1.1592.0, P5 mpsigdwn.dll, P6 1.1.1592.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. > > For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. > Data: > 0000: 6d 00 70 00 74 00 65 00 m.p.t.e. > 0008: 6c 00 65 00 6d 00 65 00 l.e.m.e. > 0010: 74 00 72 00 79 00 2c 00 t.r.y.,. > 0018: 20 00 38 00 30 00 32 00 .8.0.2. > 0020: 34 00 30 00 30 00 31 00 4.0.0.1. > 0028: 64 00 2c 00 20 00 75 00 d.,. .u. > 0030: 6e 00 73 00 70 00 65 00 n.s.p.e. > 0038: 63 00 69 00 66 00 69 00 c.i.f.i. > 0040: 65 00 64 00 2c 00 20 00 e.d.,. . > 0048: 75 00 6e 00 73 00 70 00 u.n.s.p. > 0050: 65 00 63 00 69 00 66 00 e.c.i.f. > 0058: 69 00 65 00 64 00 2c 00 i.e.d.,. > 0060: 20 00 31 00 2e 00 31 00 .1...1. > 0068: 2e 00 31 00 35 00 39 00 ..1.5.9. > 0070: 32 00 2e 00 30 00 2c 00 2...0.,. > 0078: 20 00 6d 00 70 00 73 00 .m.p.s. > 0080: 69 00 67 00 64 00 77 00 i.g.d.w. > 0088: 6e 00 2e 00 64 00 6c 00 n...d.l. > 0090: 6c 00 2c 00 20 00 31 00 l.,. .1. > 0098: 2e 00 31 00 2e 00 31 00 ..1...1. > 00a0: 35 00 39 00 32 00 2e 00 5.9.2... > 00a8: 30 00 2c 00 20 00 77 00 0.,. .w. > 00b0: 69 00 6e 00 64 00 6f 00 i.n.d.o. > 00b8: 77 00 73 00 20 00 64 00 w.s. .d. > 00c0: 65 00 66 00 65 00 6e 00 e.f.e.n. > 00c8: 64 00 65 00 72 00 2c 00 d.e.r.,. > 00d0: 20 00 4e 00 49 00 4c 00 .N.I.L. > 00d8: 2c 00 20 00 4e 00 49 00 ,. .N.I. > 00e0: 4c 00 20 00 4e 00 49 00 L. .N.I. > 00e8: 4c 00 0d 00 0a 00 L..... Tag: Built-in SID accounts??? Tag: 89375
  - 23
    - Security Logs Monitoring and Alerting Tool Hello! Could you, please, recommend to me if you know a software which can monitor security logs on domain controllers and send allerts? I did look at the software which tracks changes to AD - admin, configuration compliance and that is 'too big' also big IPS IDS systems are not needed - really something which reads the logs and send alerts? Does Microsoft has an plug-in or is there a good third party software? Thanks! -- Nikki It Admin Tag: Built-in SID accounts??? Tag: 89359
  - 24
    - OWA Does the dedicated OWA server need any special antivirus software for Exchange in addition to common antivirus server software? Why? The actual OWA server contains no mailbox store, nor is any SMTP traffic transmitted across it. Thus there is no e-mail to scan on the OWA server, assuming that this is the server's only function. Tag: Built-in SID accounts??? Tag: 89356
  - 25
    - CCapp error? I get a CCapp error while I am shutting down the pc,& when I click on end now,or even when I don't end now,& when the pc starts to shut down,I then get a CCsvchst error that the reference could not be read. I have run a full virus scan& spyware check& the system is clean,uninstalled& reinstalled Norton internet security 2007 at least 3 times,uninstalled & reinstalled Windows Xp, & I am still getting the same error message. I think this is something having to do with Norton 2007- I have contacted Norton support with no luck whatsoever. Any recs on what to do? Thanks! Tag: Built-in SID accounts??? Tag: 89346

There are built in security identifiers for windows server 2003. You can
specfiy different ones to launch the services.
What I don't know is if there are diffierent permissions based on the one
you use.

SID: S-1-5-18
Name; Local System

SID: S-1-5-19
Name: NT Authority\Local Service

SID: S-1-5-20
Name: NT Authority\Network Service

Applied a high security template that impacted the SQL2005Express service
starting up as a service. It was using the Logon as Network Service.
If I change the logon to use Local System, then it starts with no errors.
But concerned that there may be something else broke that I haven't
discovered.

Top

Re: Built-in SID accounts??? by S

S
Mon Nov 06 06:23:42 CST 2006

Nope, running as the Local System should be allright - it's a usual SQL
Server acount since forever (into OS/2 and Sybase/UNIX times).

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"dgood" <dgood@discussions.microsoft.com> wrote in message
news:73B587B2-DEFE-4583-AE38-EC6F4B3DCAF3@microsoft.com...
> There are built in security identifiers for windows server 2003. You can
> specfiy different ones to launch the services.
> What I don't know is if there are diffierent permissions based on the one
> you use.
>
> SID: S-1-5-18
> Name; Local System
>
> SID: S-1-5-19
> Name: NT Authority\Local Service
>
> SID: S-1-5-20
> Name: NT Authority\Network Service
>
> Applied a high security template that impacted the SQL2005Express service
> starting up as a service. It was using the Logon as Network Service.
> If I change the logon to use Local System, then it starts with no errors.
> But concerned that there may be something else broke that I haven't
> discovered.
>

Top