Capicom Security Alert

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - OneCare Subscriptions There's probably a OneCare newsgroup, but I couldn't find it. I'm interested in knowing how to view my multiple PC subscriptions through OneCare. For each $50 subscription, I can protect up to three PCs. But I haven't been able to figure out where I can go to view which PCs are on what subscriptions (I have more than one) and how many more openings I have per subscription, etc. In other words, I'm looking for a breakdown of my PC distribution on a subscription by subscription basis. Any help, or a point in the right direction would be appreciated! -Anthony J. Tag: Capicom Security Alert Tag: 89777
  - 2
    - Norton 2006 security check reports hacker threat ports 80 443 I am not familiar with port operation, but when I run security checks I am told there is a "hacker threat" because these ports are open. They are the hppt and https ports and I don't know why this is a problem. I am fairly certain there are no virus ,spyware, malware, etc. on my system. What should I check? Symantec has not been very helpful. Windows XP SP2. -- Randu Tag: Capicom Security Alert Tag: 89770
  - 3
    - Antivirus Does Microsoft or anyone else have a recommended virus protection for Domain Controllers? Also as I understand it, the new Antigen is for Exchange and sharepoint servers? Is it designed to replace like symantec corporate on just those servers? Tag: Capicom Security Alert Tag: 89765
  - 4
    - Important...Interesting...Danger behind some file types ?? I have played with Windows XP professional for some time and I see that some Microsoft applications such as Outlook Express and MSN / Windows Live Messenger flags many file types as 'dangerous' because it could contain some kind of code that could somehow compromise the system such as .EXE .SCR .BAT .COM .SCR .PIF .HTA .VBS .JS .HLP .CHM .REG .INF and many others. at each one it is clear that it can compromise the system via executable code eg. EXE BAT COM PIF SCR or some kind of script code, eg. in HLP, HTA VBS and JS files. Now my question... why do they also flag .URL and .SCF files as dangerous ? I searched everywhere on those files structures and how they are 'scripted' but didnt find anything that could directly compromise the system. the URL file (internet shortcut can do the same, if not less then an HTML file but HTML files are not flaged as dangerous. in URL files you can assign any shortcut u want or execute local files using 'file:///' protocol, but with HTML it is also possible to display the content of an arbitrary external website via IFRAME tag and execute local files using the OBJECT tag. so I wonder why URL files are dangerous and blocked ?? also .SCF files why they are dangerous?...Microsoft provided very little documentation on these files but the most 'harm' it can do is minimize all opened windows hehe. so I would really appreciate if someone, perhaps some Microsoft security professional gave me some light here. By the way a specially crafted desktop.ini file can be much more dangerous but .INI files are not flagged or blocked. Also something tricky with INF files. If you download an INF file and open it, Internet Explorer warns asking if you really want to execute the 'software'. Why is that if the INF file has the default OPEN command set to notepad.exe. (double clicking the file opens it in notepad). To install it, it should be right-clicked and select install. So warnings should only go to the 'INSTALL' command, this way it would not confuse users or give a false alarm of 'danger'. thanks very much in advance and hope to hearing from someone soon :) Tag: Capicom Security Alert Tag: 89761
  - 5
    - firewalls Is is it bad to run two firewalls at the same time ???? I have trendmicro pc-cillin 2006 witch has a firewall in the internet sec system ... I installed sunbeltsoftware kiero personal firewall.. But I have to keep restarting the service from start, run, services.msc... Can i lower the firewall settings on trend to medium , its on med high... to run both.. Any info will help ... tyvm.... Tag: Capicom Security Alert Tag: 89760
  - 6
    - Setting up 2 domains with one way trust to dmz What I have now is a domain on the inside interface of a firewall and workgroups on the dmz. I am thinking for easier administration that making a second domain on the dmz with a one way trust would help cut down the administration of accounts and such. To me it looks fairly straight forward for the domain creation. I would create a new domain like dmz.xxxxx.com for the dmz with inside domain being xxxxx.com. Now the big question what ports need to be open for all this to work correctly on the firewall? I found ms artical 179442 which lists a ton of ports that need to be opened to make this work. I have no problem with the server ports its the client ports that I don't like. maybe I am reading it wrong or something. any help would be most welcome. list of server ports 135/tcp RPC 389/TCP/UDP LDAP 636/TCP LDAP SSL 3268/TCP LDAP GC 3269/TCP LDAP GC SSL 53/TCP/UDP DNS 88/TCP/UDP Kerberos 445/TCP SMB Client ports 1024-65535/TCP/UDP or is this the same as I have configured already on the firewall of any on the inside has access to dmz? Tag: Capicom Security Alert Tag: 89756
  - 7
    - EFS algorithm Hi, which common algorithm can be used in a windows 2000, XP and 2003 environment for efs, assuming that on all os' the latest service pack is applied and on the w2K the high encryption pack is installed? I've found some on the Internet saying desx and others 3des. Thanks and regards Ueli Tag: Capicom Security Alert Tag: 89754
  - 8
    - What is this? We have a form that was submitted with a lot of crazy stuff in it. Any ideas what this could be? ----------------------------------------------------------------------- <a href="http://11.gotope.com/pentola-fondue-bourguignonne/"> pentola-fondue-bourguignonne </a> http://18.bonn-coach.com/gioco-pugilato/ <a href="http://19.nmkjj.com/box-esterno-tv/"> box-esterno-tv </a> <a href="http://4.gotope.com/corsetteria/"> corsetteria </a> http://11.bonn-coach.com/ragazza-sesto/ <a href="http://4.nmkjj.com/tetta-piu-grande-mondo/"> tetta-piu-grande-mondo </a> <a href="http://9.nmkjj.com/inurl-guestbook-php-page-od/"> inurl-guestbook-php-page-od </a> http://13.mcfc-fans.com/hotel-campofelice-di-roccella/ <a href="http://6.mcfc-fans.com/acicastello-immagini/"> acicastello-immagini </a> <a href="http://3.diederichwedding.com/psicologia-it/"> psicologia-it </a> http://18.nmkjj.com/capodanno-lazio/ <a href="http://17.bonn-coach.com/borsa-pinko/"> borsa-pinko </a> <a href="http://19.gotope.com/dario-antiseri/"> dario-antiseri </a> http://18.mcfc-fans.com/auto-noleggio-carre/ <a href="http://15.mcfc-fans.com/giochi-gratis-nokia-7250/"> giochi-gratis-nokia-7250 </a> <a href="http://11.diederichwedding.com/pok-e8mon/"> pok-e8mon </a> http://19.diederichwedding.com/wireless-sicurezza-mac-address/ <a href="http://8.gotope.com/lavoro-bettola/"> lavoro-bettola </a> <a href="http://17.gotope.com/legge-elettorale-2006/"> legge-elettorale-2006 </a> http://5.mcfc-fans.com/versione-latino-and-nepote/ <a href="http://5.diederichwedding.com/itinerario-chianti-vacanza/"> itinerario-chianti-vacanza </a> <a href="http://3.gotope.com/fontana-feng-shui/"> fontana-feng-shui </a> http://7.diederichwedding.com/mp3-tinturia/ <a href="http://6.diederichwedding.com/viaggio-finlandia/"> viaggio-finlandia </a> --------------------------------------------------------------------- your help would be greatly appreciated. Rich Tag: Capicom Security Alert Tag: 89753
  - 9
    - Using Cipher for Default Encryption Settings We have a client who would like to encrypt data with EFS. The client would like to have it setup so that all data folders are encrypted by default. The client would also like to have it setup that new directories created by the user are also tagged for encryption by default. Basically the client doesn't want the user to "accidentally" have unencrypted data on the hard drive. I am looking for an alternative to Whole Disk Encryption products, and I would like to use EFS. I know EFS can not be used to protect system files or the root directory. That's ok. My question is, can I use the cipher.exe command to set all possible (non-system, non-root) directories to be tagged for encryption? I am thinking about the following command: cipher /e /i /s:c:\ I believe this will set the encryption flag for all directories starting the root directory, and ignoring the errors (for c:\, c:\windows, & any other system directories). My understanding is that this flag means any new files or directories created or copied into these "encrypted-flagged" directories will be encrypted on the write. Then, a second command of: cipher /e /a could be used to actually encrypt the file data in certain directories such as My Documents to encrypt current, existing data on the hard drive. Does anyone have any experience with this? Thanks -MB Tag: Capicom Security Alert Tag: 89752
  - 10
    - files on ur web directory Hi All, i found that : "In order to reduce a web application attack surface, only web application pages should be kept on the web directory and any other files should be removed to any other local folders." my questions are: 1- is that true?? and why?? 2- what are exactly the file extensions that are allowed to be left on the default web directory?? 3- what are the type of files that are considered to be vurneable???? finally, if anyone one has any reference for such a topic, i'll be happy receiving it :) thanx for ur help and reply :) Tag: Capicom Security Alert Tag: 89751
  - 11
    - Lingering corruption issues from MS06-049 - KB article 925308 This new article speaks to a fix to the problem created by 06-049. If the patch is broken why is this not a re-release of the patch? I see none of the usual "Microsoft only recommends applying this to systems experiencing the problem..." I take it then that every system on which 06-049 is installed is still potentially vulnerable to file corruption. If so then 925308 is in fact a vital patch not for security's sake but for data protection's sake. MS please respond. Should we apply this fix to all systems that have 06-049 installed. Tag: Capicom Security Alert Tag: 89743
  - 12
    - Important Information Check out: www.Brandon-Lands.com Tag: Capicom Security Alert Tag: 89741
  - 13
    - Kerberos UDP vs TCP Hi everybody I'm facing some problems with Kerberos authentication using UDP protocol. As suggested by Microsoft using TCP protocol the problem has been solved instead. Questions: Why Microsoft uses UDP by default if there are authentication problems? What would be the global impact on the network (WAN) using Kerberos authentication through TCP? Would it be a suitable solution? Any help really appreciated. Tag: Capicom Security Alert Tag: 89737
  - 14
    - Security settings change locks program I'm using Windows Server 2003 and I was trying to add a user to the user list under the security tab of a folder and it seems to just lock up when I hit apply or ok. I have let it sit for over 30 mins with no progress. I did a small subfolder and that worked. Is it just slow to apply the setting to all the sub folders? Is there a way to make this run smoother? Thanks. Tag: Capicom Security Alert Tag: 89728
  - 15
    - IBM THINK PAD CAN anybody help have being given a n ibm thinkpad and cant turn on wi-fi Tag: Capicom Security Alert Tag: 89726
  - 16
    - Audit Logging for the NIC Properties Is it possible to audit a network interface driver's properties? That is, an administrator goes into a local area connection, configures the NIC, and changes Flow Control (or some such driver property). Can this action be logged and audited? This is for Win2003 Server Standard Edition running in a Win2003-native Active Directory domain. Thank you in advance, J Wolfgang Goerlich Tag: Capicom Security Alert Tag: 89723
  - 17
    - pki - CRL questions Designing a basic w2k3 pki for internal purposes. Three tier (root & intermediate offline, enterprise isuing). Might be expanded to support external (outside AD forest, outside internal WAN) use in the near future. Do I need to publish CRL's and AIA to external accessible webservers from the start, or can I start with internal publishing only? Can the CRL publishing list be changed for all CAs (external HTTP address added) without much reconfiguration at a later stage? What is the preferred order, when using mostly AD integrated clients: ldap or http first? I want this design to be flexible, not directly needing an extra layer of intermediate and issuing CA's when external used certs are needed, but also want to prevent making irreversible decisions... Tag: Capicom Security Alert Tag: 89722
  - 18
    - ipsec ports I am going to setup IPSEC tunnels between windows servers that pass through different firewalls owned by other organizations. I need to submit requests to the other firewall admins requesting ports and protocols be opened up and I want to get it right the first time. What ports are required to be open for the handshake and communication of ipsec between two windows servers through a firewall? Thank You Erik Tag: Capicom Security Alert Tag: 89720
  - 19
    - Security Updates I am wondering why no security updates from Windows Update for November. Usually by now we have them for the month. I have tried using IE7 four times and uninstalled each time and back to IE6, because it just is too much trouble to try to fix bugs. But the update icon apears in system tay to update to IE7. Is it because we are going to be forced to update to IE7 in order to get critical updates? Tag: Capicom Security Alert Tag: 89718
  - 20
    - Windows Defender Does the windows defender get all spyware programs out. I have been using spyware programs for a long time and i have come across alot of spywre which cannot be removed by some programs for instance. cam it remove Vundo? or other programs which are difficult to get out? Snooza~Plz Reply asap as i think i might be watched. Tag: Capicom Security Alert Tag: 89716
  - 21
    - User cannot FTP file from local disk to website. The user can connect to the website (using an FTP client software) but cannot upload a file. The client software just hangs. I (as administrator) can perform the upload. It must be a Server 2003 security issue. The client ftp program is WSPTF_Pro. -- Regards Tom Tag: Capicom Security Alert Tag: 89713
  - 22
    - firewall configuratioin I do not know which of these to allow or block or make me ask I have no ideal what I am doing configuring the firewall do I block, allow theses or make them ask me? Internet Connection Sharing? Windows RPC service? DHCP protocol client? DNS protocol client? ICMP network diagnostics? Destination Unreachable? Ident Service? Protocol AH? Protocol ESP? Protocol GRE? L2TP VPN? PPTP VPN? Tag: Capicom Security Alert Tag: 89712
  - 23
    - question about IAS and PEAP MS-CHAP V2 (wireless authentication) Hey guys this is my first post. I have a question about IAS, PEAP MS-CHAP V2, and wireless. I am using MS-CHAP V2 to authenticate PDAs on our wireless network. Because we are using MS-CHAP V2, we are using AD credentials to authenticate the clients. Everywhere I have read it states that we have to install the server certificate onto the device. I have found a loop hole though. Both on the wireless PDA and laptops, we can choose not to validate the server certificate. I can still authenticate to the IAS server (wireless) but I have not installed the server cert onto the device (because I have unchecked the validate server checkbox both in zero config and the wireless application). This is my question, if we don't validate the server and if we don't have the server cert, won't the transmission of the user account and password be in clear text? Is there a way on the IAS server that we have to force the clients to have the server cert or they wont be authenticated? Thanks, Peter Kim Tag: Capicom Security Alert Tag: 89711
  - 24
    - Windows Firewall Exception: RunDLL32 Is it normal for RunDLL32 to show up in the Windows Firewall Exception list? How about Explorer.exe? -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com/articles/cleanboot.htm http://grystmill.com/articles/security.htm Tag: Capicom Security Alert Tag: 89700
  - 25
    - Someone hacked into my computer... I'm under the impression that my computer has been hacked into. It seems whoever it was took a special likeing to my school files (mainly papers I've written over time), as that folder is now empty. Fortunately windows recorded the last date and time the contents of that folder were "modified". My question is is there some way I can see who was in my computer at that time? This happened somewhat recently I'm guessing (about 2 days ago according to windows). Seeing as I was on the computer at the time specified, I know it wasn't anyone I live with. Thanks to anyone that can help. Tag: Capicom Security Alert Tag: 89698
- Next
  - 1
    - Mcafee removel 'I have tried uninstalling mcafee even to the point of going on mcafee's website and downloading thier uninstall exe. It says it is compeletly uninstalled and i reboot . But then it is still in add and remove. I want to install their new mcafee security , but it will not let me because the old one is still on my comp. I have tried and am ready to throw this comp in the trash if I cant get it to do what I need. HELP HELP ! Thank you Tag: Capicom Security Alert Tag: 89694
  - 2
    - security template unreadable On a windows 2000 system recently updated to sp4, I have been getting 2 regular security-rleated events in the event/application log 1) one a warning SecCli event 1202--Security policies are propagated with warning. 0xd : The data is invalid. Please look for more details in TroubleShooting section in Security Help. 2) an error: Usrenv event 1000 The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (13). None of the knowlege base articles on these errors seem to apply to my situation. Winnt\security\log\winlogon.log reports "Reading Configuration template info...Error 13: The data is invalid. secreateglobalprivilege is not a valid privilege." In the management console, windows is unable to read the basic security template. I'd appreciate it if someone could tell me if these errors are causing any practical problems--especially my inabilty to start rasman (unable to create buffers) or cannot connect with mysql (connection lost). And, if so, what's the fix? I'm not a newbie, but neither am I an expert in this area. Thanks Tag: Capicom Security Alert Tag: 89692
  - 3
    - Cant open CMD/taskmanager Hi, Can anyone help me, i cannot seem to open the Command Prompt or my Taskmanager. I think i may have a virus, but cannot find it with Mcaffee. Any suggestions? Tag: Capicom Security Alert Tag: 89689
  - 4
    - UserOverRide key on Win2003 I'm trying to OverRide the screeen saver seetings like a do for Win200. It's configured at: HKLM\SYSTEM\CCS\Control\Terminal Server\Winstation\ICA-TCP\USEROVERIDE\Control Panel\Desktop under this I created ScreenSaveActive = 0 ScreenSaverIsSecure = 0 ScreenSaveTimeOut = 4500 I'm using under ICA-TCP key, beucase it's for a Citrix server/connection. But it does not work for Win2003, just for Win2000 any idea? thanks in advanced.. Tag: Capicom Security Alert Tag: 89683
  - 5
    - W2K3 3-tier CA Implementation I have been trying to follow all of the best practices and recommendations for a W2K3 Enterprise CA solution. I have the Root installed, still online for right now, and have been trying to get the Intermediate CA that will be used for policies set up. I would like to follow Microsoftâ??s lead and use a 10 year, 2040 bit certificate. I have copied the Subordinate Certification Authority template and increased it to 10 years, copied the new OID and description from Intermediate Certification Authority and used both of them in the CAPolicy.inf file in C:\WINDOWS, but I keep getting 2 year certificates. After resolving, I will need to create Issuing CA certificates from the Policy CA that are 5 years and 2048 bits. Thanks for ALL of the input. Tag: Capicom Security Alert Tag: 89680
  - 6
    - If my computer is a single PC with ADSL connection, can I leave the password blank when I login the XP? I am not using LAN, and I am the single user of PC. Is it secure that I leave the password of user blank when I login the Windows XP? -- Thank you for your help! Tag: Capicom Security Alert Tag: 89679
  - 7
    - Computer Auto Enrollment for non-windows platforms I need to enroll non-windows computers for a computer certificate that I'm planning to use for VPN. How have people done this? The non-windows computers are joined to the domain (have a real computer account, and password). I would like to write some code to auto-enroll them when they are joined to the domain. Is there any published protocol for Microsoft's Certificate Authority that can be used for this? Can enrollment be performed using HTTP? Paul Nelson Thursby Software Systems, Inc. Tag: Capicom Security Alert Tag: 89674
  - 8
    - Keylogger? Recently, I noticed my Windows XP was automatically locking itself after it was idle for a certain time. This has only started in the last day or so. I recently had someone around my computer, unsupervised. I am worried that this person may have accidentally, or intentionally, installed some form of spyware on my computer. I ran Adware and Norton Anti-Virus and nothing returned, but I find it odd that this is now happening. Is this a new setting change that may have been updated in Windows Updates? Could this be a sign of spyware, keylogger, virus, etc.? Tag: Capicom Security Alert Tag: 89667
  - 9
    - Local Security Policy Background: Very Recent switch from Novell to Active Directory. After joining all workstations to the new domain, we have had a couple that will logon without certain services running. I have narrowed things down to a missing entry in the local security policy. For some reason our Group Policy for the domain will not push down to these few workstation and the changes I make loaclly disappear after a reboot. Although everything will work as it is supposed tofor that one boot. Another reboot will result in the original problem. The exact change that I am making is in the secpol.msc is Local Policies > User Rights Assignment > Impersonate a client after authentication ASPNET, Administrators, SERVICE Before adding the permissins this field was blank. After a reboot it goes back to blank even though our group policy is pushing out the same settings I added locally. I just can't get it to save. I also tried to import a template with the same end result. Any ideas? Tag: Capicom Security Alert Tag: 89665
  - 10
    - Assign permissions to create other users to Users account Hi, Is there a way to give an account in the Users group in XP permissions to add other User accounts? This would be similar to the capability that PowerUsers have to have create accounts in the User group. Any ideas? Thanks, Nick Tag: Capicom Security Alert Tag: 89659
  - 11
    - New Tool from Microsoft System Internals A new tool from Mark Russinovich (formally of System Internals) of Microsoft is available for trouble shooting malware problems. See about Process Monitor here: http://www.eweek.com/article2/0,1895,2054266,00.asp Download from here: http://www.microsoft.com/technet/sysinternals/processesandthreads/processmonitor.mspx -- Regards, Richard Urban Microsoft MVP Windows Shell/User (For email, remove the obvious from my address) Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! Tag: Capicom Security Alert Tag: 89656
  - 12
    - LSA not loading Self authincation filter What would keep LSA from loading a seft-authinication filter from loading on a 2003 Active Directory server? Tag: Capicom Security Alert Tag: 89651
  - 13
    - General Recommendation I am trying to weigh the pros and cons of allowing a set of users in my enviroment to use public wireless (hotel etc). These users are s specific group (politicians). They are travelling to hotels with their laptops. The laptops could contain sensitive data and do not currently have any form of encryption etc. Does anyone have any recommendations on where to start or what to implement before allowing wireless? Tag: Capicom Security Alert Tag: 89649
  - 14
    - HELP!! Please. I screwed up Group Policy Editor Hello, I'm panicked right now since I have messed up one of our training machines. We log into a NT4 Domain (Samba-Linux) basically a file server from Win XP Pro. To prevent students from running certain program I inadvertenly changed the 'Run only allowed programs' to IE and Word. I didn't realize it would affect the local Administrator account too, now I'm screwed because I cannot get back into GPEDIT to make the changes. I tried this at home on my laptop but since I am not on a domain I was able to log into Safe Mode and fix the problem but this is not the case on a machine that belongs to a Domain. Can anyone help please!!! Desperately seeking a solution. Thank you. Tag: Capicom Security Alert Tag: 89648
  - 15
    - Error Code 0x80070057 Hello, A error code 0x80070057 popped up on my screen this morning. This is the first time I have seen this one, XP Home SP2 has been running problem free for a long time. The error code said: Problem preventing Windows from checking license for this computer. I do have a XXXXX-XXX-XXXXXXX-XXXXX serial number. Any help on this will be appreciated. TIA Tag: Capicom Security Alert Tag: 89644
  - 16
    - Hardware considerations for PKI In your experience, any practical hardware capacity planning I should be aware when selecting hardware for a PKI infrastructure ? I am planning to use total of two physical servers for redundancy. I would put the Off-line root CA in a Virtual machine and keep it shut down. I am plannig to use a 3.0GB Pentium, 4GB RAM server. From what I have been reading there is no major prcessing power to worry about. I have total of 4 DC's, total of 15,000 user accounts, but only 6,000 clients. Tag: Capicom Security Alert Tag: 89643
  - 17
    - Interoperability between Window 2000 and 2003 Enterprise CAs I have a win2k enterprise root and subordinate CA I would like to introduce another subordinate CA on our DR site. Can I introduce an enterprise win2k3 CA into the existing heirarchy (In a nutshell are they compatible)? Tag: Capicom Security Alert Tag: 89642
  - 18
    - ? ccApp With Windows XP Home Edition on shut down on some occasions the window ccApp appears. What is this? Tag: Capicom Security Alert Tag: 89631
  - 19
    - requesting cert from local CA: "no trusted certificate authorities I'm playing around with AD, certificates, and smart cards on a test server separated from the rest of our network. I'm currently going by http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/howto/mapcerts.mspx, trying to get a certificate that I can place on my smart card to log in with. I have a certificate authority installed on this domain controller (as a stand-alone root CA), and I can see its cert in "Trusted Root Certificate Authorities". If I try to launch the "Request New Certificate" wizard for any account, I get an error message saying the wizard could not be started because "there are no trusted certificate authorities available", or permission is denied. Is there something special I have to do to get the local machine to "trust" this CA, or some other way I should go about this? Thanks Bean Tag: Capicom Security Alert Tag: 89628
  - 20
    - Services - Windows Server 2003 R2 hi, i have a code line that want to open an exsiting html file //Init ShellExecuteInfo : shlExInfo.cbSize = sizeof (SHELLEXECUTEINFO); shlExInfo.lpFile = strFileName.GetBuffer(); shlExInfo.lpParameters = NULL; //Set flags and verb shlExInfo.fMask = SEE_MASK_NOCLOSEPROCESS; shlExInfo.lpVerb = _T("open"); shlExInfo.lpDirectory = strDirName.GetBuffer(); shlExInfo.nShow = SW_SHOWNORMAL; int iRet= (int)ShellExecuteEx (&shlExInfo); it work fine on XP, and open IE with the file, but on Windows Server 2003 R2 it doesn't open the IE but return a success return value. This is a service code, yes i check that the service allow to interact with desktop. another thing is that this server not display message box. do you know any configuration seting to allow service to do so in Windows Server 2003 R2 Tag: Capicom Security Alert Tag: 89625
  - 21
    - Good book for PKI implementation Hi, I was told that there is very good book on PKI implementation (related on how to avoid mistakes during the PKI implementation based on the Microsoft deployment experience). If you know the title for such book, please let me know which one it is. Thanks. Tag: Capicom Security Alert Tag: 89624
  - 22
    - Role-based security from Windows Server 2003 Security Guide gives problems Hello I have an Ad-environment with 2 Windows 2003 SP1 eng server and some Windows 2003 SP1 eng member server. I have applied some EC-server policy from Microsoft document from april 2006. On Domain root I have applied EC-Domain.inf On Domain Controller OU I have applied EC-Domain Controller.inf On Member Server OU I have applied EC-Member Server Baseline.inf On sub OU Web OU I have applied EC-IIS server.inf I joined 2 new web-servers to the domain and put them in the default Computer OU. Lets call them lt104 and lt135 as servername. Now my problems starts If I from DC run My Computer > Manage > Connect to another computer, select server104 see errors in word file. If I from a member server that lies in Web OU run MBSA against all server in the domain I get errors from scanning lt104 se word file If I move the server lt104 to Web OU, none of the above errors occur. But the server lt104 needs to connect to a standalone server to get picture and I cant connect to that standalone server if lt104 is in the Web OU but it works if it lies in Computer OU. Any ideers whats causing this problem Regards Mikael Tag: Capicom Security Alert Tag: 89615
  - 23
    - Scaperl: send handcrafted packets and sniff Hi, Scaperl is a portable, customizable packet creation and sending/sniffing tool written in Perl. It is based on PCAP and libdnet (and their respective Perl wrappers). It was tested on Windows XP, Linux and NetBSD. The goal is to have a minimal, portable, efficient implementation of Scapy concepts (written in Python, see Philippe Biondi's page at http://www.secdev.org/projects/scapy/), with readable, well commented code and good documentation. This is the first public release, only a few fields and dissectors have been implemented. People interested can have a look at my web page at http://sylvainsarmejeanne.free.fr/projects/scaperl for more information and for the documentation. Sylvain SARMEJEANNE Tag: Capicom Security Alert Tag: 89607
  - 24
    - Is it secure to Automatic Login to users accounts in XP? Hi, I know a solution that can make users to automatic logon to their accounts in XP. Please refer to: http://kgiii.info/windows/XP/general/auto_login.html I am wondering whether the automatic login is secure or not. Does it make the OS more vulnerable for being hacked? -- Thank you for your help! Tag: Capicom Security Alert Tag: 89605
  - 25
    - Generic Host process for win32 services listening to port: tcp: 135 Hi, all. My Zonealarm Firewall suggests that Generic Host process for win32 services listening to port: tcp: 135. Does it secure for my system? -- Thank you for your help! Tag: Capicom Security Alert Tag: 89604

We've developed a web application on our internal Intranet, which includes
the creation of a digital signature. This functionality is developed using
the capicom dll.

When capicom is initiated from IE a number of security alerts are displayed
about accessing the local certificate stores. We are receiving complaints
from our end users about how many prompts they are receiving.

One of the capicom prompts allows the user to tick a check box to stop it
appearing again when the user accesses the same website. This works fine for
the browser session but as soon as the browser is closed down this flag is
lost and the prompt appears next time the user tries to produce a signature.

Is this how it is meant to work? And is there any way of maintaining this
across browser sessions so that the user does not have to click on this
prompt everytime they create a signature on our internal website?

Any suggestions would be greatly appreciated. Many thanks.

Top