Dangers of...

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Email Security Email Security Solutions Secure your company's E-mail and be regulatory compliant. http://a.uuload.com/Email-Security.htm Outlook Spam Software - Only $29.95 Buy Qurb now for Microsoft Outlook & Outlook Express for just $29.95. Download it and instantly stop spam, phishing scams, and email fraud. Award winning email security software. Buy it now. http://a.uuload.com/Email-Security.htm Ensure E-mail Security Now a simple, easy-to-use desktop solution that enables you to encrypt, decrypt, and send private and secure, digitally signed e-mail and attachments to anyone. Zixcorp. http://a.uuload.com/Email-Security.htm Low-Cost E-Mail Security: Free Eval Barracuda Spam Firewall handles up to 25,000 active e-mail users and 25 million e-mail messages per day. A powerful, easy to use and affordable enterprise-class solution. Free evaluation. http://a.uuload.com/Email-Security.htm Business E-Mail Backup Solution Outsourced security for your business e-mail network. Recover e-mails lost to disaster or human error allowing for interruption-free business continuity. http://a.uuload.com/Email-Security.htm Email Security Software Pinion SecureMail gives you continuous and complete control over information that you have distributed via email through its entire lifecycle. Protect and share information with confidence. http://a.uuload.com/Email-Security.htm E-Mail Security Find out what to do if you???ve been a victim of identity theft. Visa provides access to assistance to the consumer support group, Call for Action. Learn more. http://a.uuload.com/Email-Security.htm Secure Your Network from Spam and Virus VeriSign?? Email Security Service blocks spam and viruses before they reach your network. All with no hardware or software to install. Limited time Competitive Upgrade with up to 40% off. http://a.uuload.com/Email-Security.htm Microsoft Small Business Server 2003 Security-enhanced messaging tools by Microsoft. Connect from anywhere. http://a.uuload.com/Email-Security.htm E-mail Security for Business Over 25 users? 10 minute quote. Free off-site e-mail security trial today. http://a.uuload.com/Email-Security.htm RSA BSAFE?? Encryption - E-Mail Security Secure business transactions. Download white papers and data sheets. http://a.uuload.com/Email-Security.htm Stop E-Mail Viruses MSN Hotmail scans and cleans email for free. Sign up and protect yourself. http://a.uuload.com/Email-Security.htm E-Mail Security for Mail Servers Protect your network users from e-mail viruses and attacks with GFI MailSecurity - an e-mail content checking, anti virus and e-mail exploit detection solution for exchange and SMTP servers. http://a.uuload.com/Email-Security.htm Email Security Get a business or personal email address at Dotster.com. http://a.uuload.com/Email-Security.htm Fix Outlook Express Only Mirosoft certified tool that repairs Outlook Express problems. Get your e-mail back. http://a.uuload.com/Email-Security.htm Looking for Email Security Software? Search and compare multiple products and vendors for email security software in our business directory, Business.com. http://a.uuload.com/Email-Security.htm Spam Shield - E-Mail Security Top rated anti-spam software for Outlook and Outlook Express. Instant download. http://a.uuload.com/Email-Security.htm Email Encryption Search our comprehensive B2B directory for Email Encryption Vendors and Suppliers. Find and Compare. http://a.uuload.com/Email-Security.htm Ensure Secure Email with SpotLock Industrial strength security to protect any type of Wi-Fi hotspot. http://a.uuload.com/Email-Security.htm Email Security - Yahoo! Shopping Search, compare, and save. Visit Yahoo! Shopping to compare products and prices from thousands of your favorite stores. Consumer reviews, store ratings and more. http://a.uuload.com/Email-Security.htm Tag: Dangers of... Tag: 97934
  - 2
    - jucheck.exe Avast detected "c:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe". This is also a legitimate file, but googling shows a worm also masquerades with that name. How can one tell whether it is the legitimate one or worm? Tag: Dangers of... Tag: 97932
  - 3
    - Open Access to Shares Hopefully a quick question, I have just moved to a new organisation, which is having a problem with staff bringing laptops and attaching then to the network. Accessing the file shares directly without joining the domain, the shared permissions are currently set to full control, with NTFS allowing only authenticated users access to the shares. So Jo Blogs comes along with his laptop, plug into the network, copies the network settings from a legitimate client and then logâ??s on with his username & password to the file share. How can I ensure that only domain clients can have access to network shared recources? Many thanks in advance. -- Paul Tag: Dangers of... Tag: 97922
  - 4
    - Spyware - blue screen of death problem Hello there , I have a a slight problem in that my Laptop is not even loading and going straight to the blue screen of death . Here's the details : Message from windows saying I'd been infected with spyware. Ran adaware - it found a trojan of some kind butwas unable to delete the file. Would not let me connect to the internet to update adaware files or windows Restarted and it blue screened with the following message. PAGE_FAULT_IN_NONPAGED_AREA ***STOP: 0X0000008E(0XC0000005,0X00000000,0XF818CC9C,0X00000000) Also tried starting in safe mode but same happened Also tried 'last known working configuration' it lasted a few seconds then crashed. Thanks in anticiaption for you time and help. Julia18 Thank you. ----------------------------------------------------------------------------------------------------------------------------------------------------- all about spyware site : http://syubrawi.com/spyware-blockers http://fantastic-galleries.net/spyware Tag: Dangers of... Tag: 97916
  - 5
    - Problem with Group policy settings. When I have used GPEDIT.msc to examine Group Policy settings I recieved the following warning :- ' The Group Policy secuity settings that apply to this machine could not be determined. The error returned was trying to retrieve these settings from the local security policy database. (%windir%\security\database\secedit.sdb) was: The parameter is incorrect. All local security dettings will be displayed, but no indication will be given to as to whether or not a given security setting is defined by Group policy. Any local security setting modified through this User Interface may be subsequently be overriden by domain-level policies. ' - Is this a problem that I should be concerned with or is it not a reqirement to have Group Policy settings defined? Tag: Dangers of... Tag: 97914
  - 6
    - Incorrect Login Attempts Software Does anyone know any software out there that will record all incorrect login attempts? My business doesn't have the resources available to properly manage the account lock out policy so I need to know if there are suspicious multiple incorrect login attempts? Thanks Tag: Dangers of... Tag: 97912
  - 7
    - JUNE 2008 ADVANCE NOTIFICATION WEBSITE DOWN The url http://go.microsoft.com/fwlink/?LinkId=83730 is being redirected to http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx then http://www.microsoft.com/err/technet/security/bulletin/2008/ms08-jun since at least ~ 17:30 2008-06-04 MST, it may have been down earlier than this. Please fix ASAP, I have tried multiple browsers and ISP's so I doubt it is a client problem! Tag: Dangers of... Tag: 97910
  - 8
    - Password-protected email attachments Hi everyone, Does anyone really know what the best practices are in dealing with password-protected attachments received via email? I'm referring to the email content filtering level, not the user level. We've always blocked them and manually reviewed/released. But I'm curious to know what other companies do and/or what the best practices are. Ive tried searching the net to no avail. Do most companies block them? Do they just let them through? Do they get manually reviewed/released? Thanks for any info you may have Tag: Dangers of... Tag: 97907
  - 9
    - AVG 8 I've just upgraded to AVG 8[from 7.5] and I'm absolutely amazed at the amount of viruses, threats, warnings that it found. 14 trojans and a truck load of adware. What has 7.5 been doing all this time? Are the threat databases completely reliable. On more than one occasion AVG has'found' a threat that's been on my comp for some time and suddenly decides it's a virus. Tag: Dangers of... Tag: 97899
  - 10
    - Windows Defender - unable to remove items from the 'allowed list' I wonder if anyone can assist. I wish to remove some items from the Windows Defender 'Allowed items' - but it will not allow me to do this under my sign in, or that of admins. Indeed the 'allowed items' list doesn't even show any items that have previously been permitted. I have also tried to effect 'sysem restore', but it would appear that there is no safe restore point. Your assistance would be greatly appreciated. Kind regards. -- Jeff Tag: Dangers of... Tag: 97896
  - 11
    - Securing Windows services Is there a way natively with Windows to secure a specific service such that a non-admin user can start/stop it but not any others (or have other admin access on the system)? I thought perhaps you could set an ACL on a service but the Control Panel UI doesn't seem to provide for that. If this is not doable by default, are there any open source or commercial products that provide something like this? Thanks in advance. Tag: Dangers of... Tag: 97895
  - 12
    - Server 2008 NPS with wireless 802.1x authentication errors I've setup Server 2008 NPS (which is also functioning as a DC) to authenticate wireless clients through a Cisco 2106 wireless lan controller. The computer certs are auto installed through Group Policy. However, when it attempts to authenticate I recieve the following error: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 6/2/2008 12:24:38 PM Event ID: 6273 Task Category: Network Policy Server Level: Information Keywords: Audit Failure User: N/A Computer: DC1.coaccess.com Description: Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information. User: Security ID: NULL SID Account Name: 99C4R41.coaccess.com Account Domain: COACCESS Fully Qualified Account Name: COACCESS\99C4R41.coaccess.com Client Machine: Security ID: NULL SID Account Name: - Fully Qualified Account Name: - OS-Version: - Called Station Identifier: 00-1F-CA-82-A1-80:coa Calling Station Identifier: 00-90-96-A3-E4-1F NAS: NAS IPv4 Address: 10.10.230.6 NAS IPv6 Address: - NAS Identifier: COAWLC-2106 NAS Port-Type: Wireless - IEEE 802.11 NAS Port: 1 RADIUS Client: Client Friendly Name: COAWLC Client IP Address: 10.10.230.6 Authentication Details: Proxy Policy Name: Secure Wireless Connections Request Network Policy Name: - Authentication Provider: Windows Authentication Server: DC1.coaccess.com Authentication Type: EAP EAP Type: - Account Session Identifier: - Reason Code: 8 Reason: The specified user account does not exist. I haven't been able to come up with any good reason for the error. I do recall having similar issues in a previous deployment and the solution was to modify the computer name, but that has not worked in this case. Any ideas what is causing this error? Thanks Tag: Dangers of... Tag: 97891
  - 13
    - IAS dropping off I am having a funny problem with IAS. Every once in a while the wireless wont work and comes up with the "The user attempted to use an authentication method that is not enabled on the matching remote access policy." User error 66 in the system log. When I go into the Remote Access Policy everything looks ok but everything will only come back if I remove and readd PEAP from EAP Methods under the Authentication tab. What is going on with this? Do I need to enable some other authentication methods(have MSCHAP and MSCHAP v2 enabled)? I appreciate any insight you might be able to give. Tag: Dangers of... Tag: 97890
  - 14
    - Need a way to remove a certificate from domain computers Hi, We've installed a local Entreprise Root Certificate Authority in our Windows 2000 Domain last year in preparation for the implementation of the 802.1x protocol. I had to reinstall the DC hosting the Certificate Authority last weekend and I had no backup of the CA, unfortunately. Now, 802.1x isn't working properly on our computers because they have a certificate from the old CA which needs to be deleted before 802.1x can work again. Is there any way I can script the certificate removal so I don't have to remove it manually from each computer? I've seen CAPICOM for vbs and while it's working very nicely, I would have to install the package on every computer in my organization before even thinking of removing the certificate. So is there any other solutions? Also, I know my situation is less than ideal, there should have been a recovery scenario for the CA. Could any one of you suggest me a good way of getting a backup of the CA and how to restore it? Thanks a lot in advance. Mario Lavigne Tag: Dangers of... Tag: 97889
  - 15
    - Access to local machine store Hi, I have payment system where my web server receives credit card numbers securely (via HTTPS) from customers. In order to settle the amount that the customer owes I have to make an SSL connection to a payment gateway. That second SSL connection needs to be two-way authenticated (the remote server needs to know my identity). I'm using the following C# code to do that: X509Store store = new X509Store(StoreLocation.LocalMachine); store.Open(OpenFlags.OpenExistingOnly); X509Certificate2Collection validCerts = store.Certificates.Find(X509FindType.FindBySubjectName, "mycertname", true); //ssl is my SslStream object ssl.AuthenticateAsClient("server-cert-name", validCerts, System.Security.Authentication.SslProtocols.Ssl3, true); This seems to work just fine when I test it under my (admin) account. However, it doesn't work when I run the code under IIS. The error I'm getting is "The credentials supplied to the package were not recognized". I guess the reason is that one needs admin rights to access the local machine store where my SSL certificate is stored. I don't want to run IIS under an admin account so the best solution would probably be to allow the "Network Service" account access to the certificate. I have found two ways of doing that: I can use the winhttpcertcfg tool OR I can find the certificate file in the file system and grant read access to "network service". I can't install winhttpcertcfg on the system for regulatory reasons and messing with the (undocumented?) file structure seems like a major hack. In short, what is the best way of allowing my code to authenticate itself as coming from my machine while running under the "network service" account ? Best regards, Niels Tag: Dangers of... Tag: 97888
  - 16
    - Limiting an application's directory access... Hello, I teach a C/C++ programming course and students submit their source code to me by email. I currently have an automated program that compiles their files into an executable, checks their files with PC-lint, then does a bunch of style checking on them. I would like to be able to also run the executables but I'm somewhat afraid to lest they inadvertently (or intentionally) do something like system("DEL /S C:\\*.*"). I'm not much of a Windows system type but I understand that there is a way to run an application with limited privileges or maybe to run it as another user with limited privileges. The executables do need to be able to create and delete files but I need to limit this to a specific set of directories rather than the entire computer. I know how to setup multiple users manually but I've always had to simply switch between them from the Start button. Obviously I don't know what I'm talking about here so any information would be appreciated, the more specific the better. Thanks, Ray Mitchell Tag: Dangers of... Tag: 97887
  - 17
    - corrupted profiles and much more I have huge issues and I cannot seem to get the right assistance from HP. Maybe this community can assist me. The below is what I posted on HP forums for assistance describing all the issues I am facing. If any one here can assist or advise, I would greatly appreciate. thanks -- regards Joris HP PT corrupted - <ISP> solution - programs blocked business support forums > Mobile products > notebook - HP Compaq, Armada, EVO, LTE, Tablet PC http://forums12.itrc.hp.com/service/forums/bizsupport/questionanswer.do?threadId=1236310 http://forums12.itrc.hp.com/service/forums/bizsupport/questionanswer.do?threadId=1087710 20080530 Dear forum, I'm having a very strange issue with my HP6910p 32-bit running VISTAsp1. It all started after an automatic download/install from WU/MU (1 Windows Defender update and 1 Vista update - KB 915597 and KB 947562). System was running in perfect conditions till before that time after I had completely rebuild the notebook 4 weeks ago (crashed because of employment of VISTAsp1 while running Norton360). Funny enough I had Norton360 only reinstalled 2 days earlier and thought the problem might be again with Norton, howeveer, I think this time Norton is not the one making the mess (but I would not be surprised if it is part of the root cause as Norton settings are so difficult to manipulate and may contradict with Vista's security settings and HP Protect Tools). Anyway, one thing I noticed again after trying to recover (actually break into my PC) and noticed on the event viewer first, was that all my restore points where deleted but one. so I could not go to a point of several days earlier for restoring my PC. I still don't know why this is happening. Again this might be an issue between the different security systems which conflict... Now, after the 2 updates where installed, my computer prompted to be shut down for restart to apply the updates. All ok, it did 2 of the 3 steps when shutting down. Then when restarting (automatic) it first did the final step of the update and then continued to the automated embedded sign-in (I am using single sign-on). While in that process the following message appeared in a window (thought it was a virus, but Norton could not trace anything on my PC). The message: HEADING: <ISP> solution BODY: The installation is corrupt. Repair by running setup. OK I hit OK as the only choice and windows continues to open as apparently normal. After a couple of start-up programs initiated, the message appears again, then the following message: HEADING: WINDOWS DEFENDER BODY: application failed to initialize error code: 0X80010005 Then I notice that all further start-up programs fail to start and computer becomes unaccessible: no program or process can be started, not even as simple as the Task Manager or Windows Explorer. I can't access anything, can't even shut down but the hard way. I try to restart but same issue. I did a restore to before the 2 updates (the only one available), but still the same issues. Then I tried in safe mode but also there seemed to be a lot corrupted or not working as one would expect, including the MMC tools. Then I manage to sign into my alternative administrator profile - actually breaking in (unbelievable with all these security tools that that is possible). Result: Vista lets me in but creates under the administrator profile a temporary profile (deletes all settings when exited). Though the same <ISP> error occures, the system starts further normal. I run Norton scan, I can access all programs, I access Windows Defender and notice that all is active and run also a scan from here. Nothing bad reported after the scans. I check the event viewer and notice that some errors occured but not critical - no mention about the ISP solution message. I notice in the eventviewer that shadow copy service did not function, but that still doesn't explain why it erases all my restore points!!! I also notice that for the time from installing the update to restart there is no event logging or I am at least sure things are missing here. Events where logged from the applications that did not start properly and then I noticed security auditing issues in the logging. So I tried to access HP Protect Tools and then I noticed that each of the different modules where all corrupted. It let me pass through telling me that each of the DLL files have not been approved by HP - VERY STRANGE indeed!!!! for each error message it says that installation is corrupt and repair can be done by running setup (almost simular as the <ISP> solution error message, but at least some more detail of what was going on. So is the <ISP>solution error message part of the HP Protect Tools (no clue, but very strange for HP to show an error message like that). After I run through all these error messages, the system opens an EVALUATION copy of HP PT. When surfing around I notice that all settings are there - nothing abnormal, but I can't change anything as it will say with the wizards that the installation is corrupt. I am now downloading SP37721 (I believe that is the most recent version) which I will reinstall. I'm not even sure whether this will install as a repair or whether I have to uninstall first. In the latter case will I loose all my settings and certifications? Again HP is letting me in the dark here. By the way in my temporary profile settings I cannot properly access the HP support tools, I even had a blue screen crash by enforcing it after it was running in circles but no diagnostics were run. This may have to do with the IE settings, the firewall settings and HP PT and all the conflicts this creates. Is there anyone or maybe HP technicians who can shoot in here and tell me what is going on. Was this caused by the Microsft Vista and Windows Defender updates, and why????? Thanks everyone to shed me some light in this darkness. regards Joris Claeys 20080531 HI, I need URGENT help on this. Whatever I try, nothing gets resolved. Re-installed the HP PT suite (2 programs of which the Credential Manager did not install properly, all the rest ok). Restarted the PC, but still the same problems. It seems that the profiles (administrator profiles) are all corrupt. HP PT still opens up only as an evaluation version with all the error messages as before. I went through all the possible administrative tools to see whether anything at my level of understanding goes wrong. The only thing I could notice is that in the Event Viewer a lot of security errors/warnings about - I think - the root registration files have been reported for the last several weeks (so not just since the 2 last updates from WU/MU: MS AUDIT FAILURE (example): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. And then there are the new errors/warnings, like: - DistributedCOM: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID - LSaSrv: The Security System has received an authentication request that could not be decoded. The request has failed. - SCM: The Windows Update service hung on starting. - And this error is already appearing for a month (when reinstalled the whole system) and also seem to have a relation with HP and HP PT (service: HP PT Device Locking/Auditing ). I could not resolve this problem or occurance (not on MS and not on HP - no resolutions): FlcdLock service: An error occurred getting the local computer access settings. Another one which I have not been able to trace: LMS: LMS Service cannot connect to HECI driver Last night I tried to get into my normally used profile (also administrator role) but same issues still exists there - NOTHING WORKS> I managed to see in very slow mode some activities on the Task Manager and noticed the following: - no user assigned to the processes (all says UNKNOWN user) so definitely the profile is corrupted (who, what and what to do????) - Checking the <ISP> solution error message on the task manager it is clearly related to HP PT as it relates to the process: PSDruntime Application (PSDrt.exe). funny enough all other HP PT processes and services seem to be running normal in the Task Manager. Then I did a search on "Ã?SP" and got: - 4 reg.isp files (related to MS windows licensing in \WINSXS) - ISPmres.dll (related to HP Update service in \swsetup) isPWDxxx.sys/dll/sig/grd/spn files - 1 reg.ISP being an ISP file (??) related also to Windows registration/licensing) - several ISProBExxx files being TLB-files (???) Anyway, I notice failures and errors/warnings everywhere and only gets worse. I cannot connect to the HP on-line diagnostic system and my system crashes when I try to go to on-line support.... I need help from the forum. THANKS so much Joris Tag: Dangers of... Tag: 97881
  - 18
    - Shared folders within same PC XP Home with SP2. I have 3 admin users on my PC. When I instal a new product using one windows user, the other users can't access it. Can you tell me how to configure my PC so any product installed is accessible by all local windows users. This happened when I installed a BT Voyager 105 ADSL modem - only the installing user could use the modem software! Tag: Dangers of... Tag: 97878
  - 19
    - WinAntivirusPro Hi I was wondering if there was any information on how to get rid of this Malware. It won't allow me to turn on the automatic updates so I can't load any programs for trying to get rid of this from the microsoft site. Is there anything I can do to get rid of this malware in my system. Tag: Dangers of... Tag: 97877
  - 20
    - File auditing for MOVED files. We have a Windows 2003 domain controller and have enabled auditing on our public shares to track when (and who) has deleted any files. It works great and logs it accordingly on the DC security events. The problem is that if someone were to just MOVE the files (because they have the applicable persmissions) it does not log anything. This seems like a giant loophole to me and I am assuming I am missing something. Is there any way I can use security/file auditing to track when someone has moved a file? I do not see that as one of the listed options from the security/advanced/auditing tab. Any help or suggestions welcome... thank you in advance. Tag: Dangers of... Tag: 97876
  - 21
    - HELP! What's going on here? A few days ago I started getting strange entries in the security log on my Primary Domain Controller. The entries are Event ID 674, which is Service Ticket Renewal. That in itself is not strange, what is strange is that they are recurring every 9hrs 50mins, for every machine and any User account in my Active Directory that has authenticated with this server. Another strange aspect is the fact that in the event description, while the user name is the particular Machine or User, the client address is 127.0.0.1 not the actual ip address of that machine or whatever machine the user would be logged into. I restarted the server and they went away, until machines and users logged on again the next morning, then they started showing up again 9hrs 50mins later. I understand the concept of the service ticket renewal, but why the proper username but 127.0.0.1 client address? Is this a sign of my server being compromised?! Addiditonal info: server is 2k3 sp2, fully patched workstaions are logged off and shut down at the close of business. Thanks in advance for any help you can give!! Tag: Dangers of... Tag: 97875
  - 22
    - Windows 2003 NIC Firewall Settings - How to add port ranges I have a question regarding the Windows 2003 firewall settings. When I click on the Exceptions tab, I see a list of some of the services. When I click on File and Print Sharing and select Edit, I get a list of tcp & udp ports for this service. How can I create a new service item and add multiple ports under that item (just like File & Print Sharing)? Right now I click Add Port, give it a name and specify the port number. When I have to allow a port range, or multiple ports that aren't in the same range, I create a new port entry. Thanks in advance for any help given. Tag: Dangers of... Tag: 97872
  - 23
    - Task manager is disabled When I try to access the task manager, a dialog box will pop up and tell me that the task manager has been disabled by the system administrator. Since I own my computer, I'm guessing that sys admin is me! The task manager has worked in the past, just recently (within the last two weeks) has it started occuring. I have tried the msconfig/startup route to attempt to rectify the problem, but no dice, problem persists. Help, Bob Shy Tag: Dangers of... Tag: 97865
  - 24
    - GPO blocks proxy settings off network Good Morning. Very strange thing is occurring with my laptop users. Some of them are stating that when they go off the network at night, their proxy settings are still greyed out from the GPO on the domain, yet some users are not having this issue. I need to fix it for all of them, and need to remove the ability for them to change it while on the network, but once off, they need the option to be able to change it. We are running .pac files to control internet access from a webserver in the domain. But this webserver is not accessible from the outside. Thoughts? TIA. Mike Tag: Dangers of... Tag: 97858
  - 25
    - MS CA 2003 ENT SubjectTemplate Hi all, I am looking for a way to use a field uid in certificate's subject name. Referring to http://technet2.microsoft.com/windowsserver/en/library/526b1a33-1088-4432-9a86-edcd732e38a11033.mspx?mfr=true it is possible to have some kind of filter in CA. If I am just doing a certutil -setreg ca\SubjectTemplate +UID the certsvc service will not start any more. Does anyone know if it is possible (maybe not support by MS) to allow UID? Regards, Lutz Tag: Dangers of... Tag: 97857
- Next
  - 1
    - Give a user rights to change other user's password I need to build a user that is enabled to change other users password for use of a custom applicazion we are writing. Obviously, i would like these user the have very little privileges besides the required one. We have a Windows Server 2003 Active Directory enviroment. Any suggestions? thx Tag: Dangers of... Tag: 97856
  - 2
    - WM5 and 802.1X Hello, I have a private CA used for WLAN authentication. My network has the following: a.. There is an existing Wireless infrastructure with several access points. a.. A Windows PKI infrastructure is already in place. a.. The certificate Authority does not use standard templates. a.. XP Notebooks are already running on WEP, EAP-TLS for authentication to the Wireless network. a.. They enroll the certificates through Windows group policy. a.. Microsoft's IAS is used for the Radius authentication, and is connected to the AD with the user accounts. Along with our Windows XP and 2000 systems we have several Windows Mobile 5 barcode scanners. I'd like to get these devices using the 802.1x WLAN security. I understand that I will have to manually install the certificate using a third party installer. What are some examples of good third party installers for this step? I would like AD to use a machine or computer certificate to authenticate a barcode scanner. Is this possible? If I must use personal certificates and authenticate to AD via the RADIUS server what is the best way to setup the user accounts? Several users will be using the barcode scanners and I do not want to assign scanners to users...they will just grab one from a pool that is available. I do want to be able to track connections and network changes back to a particular device/user. What is a good way to accomplish this? If anyone has any documentation or web links that could help with any of these questions it would be a huge help. Thanks in advance! Randy Tag: Dangers of... Tag: 97847
  - 3
    - Certificate Services - Web Enrollment Error Hi all, I have a problem configuring my lab with this scenario: - Domain A - Domain AA as child of Domain A - Domain AB as child of Domain A - The users are in the domain AB - The computer, service accout, CA are in the domain AA - The CA is an Enterprise CA - The Web Enrollment server is not installed on the same CA server (web enrollment server is in the domain AA) - The Web Enrollment server is configured to use "Windows Integrated Authentication" I followed all the steps described in this link http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx (configuring the web enrollment proxy for delegation). The users are the priviliges to read/enroll/autoenroll the certificate template. When I try to (auto)enroll a certificate using certsrv page from the Web Enrollment server I have this error: The RPC Server is unavailable. 0x800706ba Any kind of help will be greatly appreciated. Thanks. Sektor Tag: Dangers of... Tag: 97843
  - 4
    - Error with Microsoft ForeFront Client Security Hi, I have this error when I try to deploy policy on Microsoft ForeFront Client Security: Microsoft Forefront Client Security: ========================= The policy cannont be deployed. Futher details: Unable to create new group policy object. The specified domain either does not exist or could not be contacted. (Exeption from HRESULT: 0x8007054B) Could you help me? Tag: Dangers of... Tag: 97842
  - 5
    - Please help us with a fraud situation Please help us with a fraud situation We had some identity thefts situations with our credit cards and Bank accounts. People using our credit cards and writing checks against our account. How can I set up a really secure internet connection in my home ? I use a Windows XP - wireless laptop to access the internet I have in my home. We use Comcast cable. We have a WPA secure internet. We use a Netgear Rangemax MIMO and the Comcast modem. Somehow some people have managed to get both our credit card numbers and bank account numbers and even driving license number. I use this internet to access all our bank accounts etc. Because of the fraud that occurred, we want to make sure that we have a really secure internet connection. What additional hardware, software etc do I need, if any ? Since I am not a techie, pls help me with as much detail as possible. Thanks in advance for your help, Irfan Smith Tag: Dangers of... Tag: 97840
  - 6
    - h4150 ipaq wireless card to a netgear router I'm unable to connect using the ipaq wireless card to a netgear router running wpa-psk encrytion. If I take encrytion off the ipaq and the router and can connect wireless to the internet. Any Help would be appreciated. Tag: Dangers of... Tag: 97839
  - 7
    - trojan horse I hope you can help. My laptop has been operating slowly recently, freezing ofgten. Even though my virus protection is up to date, I ran an on-line scan from another virus protection company. Their scan showed I had a trojan horse is the file "vgraph.dll". Is this a necessary file? Can I just delete it? I don't know if this is responsible for the problems but when its acting up, and I open up task manager, the CPU usage is almost 100% with the highest amount in "iexplore.exe". Any help would be appreciated, thanks! Tag: Dangers of... Tag: 97835
  - 8
    - Moving newly issued Certificate Hello: I am testing certificates download from a standalone CA Win2k3 server. When the certificate is downloaded and installed on the local client machine (when the certificate was requested, did submit the request for storing the certificate under Computer Account/store), it installs the Trusted Root certificate by default at Certificates (Local Computer)-->Intermediate Certificate Authority-->Certificates since the certificates are issued by a subordinate CA. I will have to manually move the Trusted Root Certificate over to Certificates (Local Computer)-->Trusted Root Certification Authority-->Certificates bin to restore the certificate chain (Root-->Intermediate CA-->the local machine). I am wondering whether I can automate this using one of the command line utitilities? If so, please let me know. Thanks. Regards, Victor Tag: Dangers of... Tag: 97834
  - 9
    - "Microsoft Update" offers 898461 for XP SP3 Hi @ll, "Microsoft Update" just offered the update 898461 for my (german) XP SP3 system. According to MSKB 946480 this update has been included in SP3; but apparently this is wrong! Unfortunately this patch REALLY gets installed and writes OUTDATED files to my system: | C:\>dir %windir%\System32\Preinstall\WinSE\wxp_x86_0407_v1 | Datenträger in Laufwerk C: ist WINDOWS | Volumeseriennummer: 2C36-0AF4 | | Verzeichnis von C:\WINDOWS\System32\Preinstall\WinSE\wxp_x86_0407_v1 | | 27.05.2008 20:38 <DIR> . | 27.05.2008 20:38 <DIR> .. | 25.02.2005 05:34 15.584 spmsg.dll.ref | 25.02.2005 05:34 213.216 spuninst.exe.ref | 25.02.2005 05:34 22.752 spupdsvc.exe.ref | 25.02.2005 05:34 22.240 spcustom.dll.ref | 25.02.2005 05:34 727.776 update.exe.ref | 25.02.2005 05:34 378.080 updspapi.dll.ref | 6 Datei(en) 1.379.648 Bytes | 2 Verzeichnis(se), 10.514.202.624 Bytes frei | | C:\>filever %windir%\System32\Preinstall\WinSE\wxp_x86_0407_v1 | c:\windows\system32\preinstall\winse\wxp_x86_0407_v1\*.* | ----- W32i DLL DEU 6.1.22.4 shp 15,584 02-25-2005 spmsg.dll.ref | ----- W32i APP DEU 6.1.22.4 shp 213,216 02-25-2005 spuninst.exe.ref | ----- W32i APP ENU 6.1.22.4 shp 22,752 02-25-2005 spupdsvc.exe.ref | ----- W32i APP ENU 6.1.22.4 shp 22,240 02-25-2005 spcustom.dll.ref | ----- W32i APP DEU 6.1.22.4 shp 727,776 02-25-2005 update.exe.ref | ----- W32i DLL DEU 6.1.22.4 shp 378,080 02-25-2005 updspapi.dll.ref The current version of all these files, as delivered with XP SP3 for example, are but 6.3.13.0, their timestamps are 2007-08-10 20:4[45]! WHEN WILL MICROSOFT START TO LIVE TRUSTWORTHY COMPUTING? not amused Stefan Kanthak Tag: Dangers of... Tag: 97833
  - 10
    - need firewall for windows 98se Can you tell me which firewall still works with Windows 98se. Thank you. Ginny Tag: Dangers of... Tag: 97831
  - 11
    - Program Signing Programming questions. Is there a way to insert some information into an EXE file which was signed by SignTool without affecting the file signature? I want to add a track id to the EXE, and while running the EXE it will use this Track ID to notify me of the distribution of this EXE. Can anyone has an Idea how this can be achived? without creating new packages or other stuff, just insert info into some free unsigned structures in the EXE? Thanks in advance, Joe Tag: Dangers of... Tag: 97830
  - 12
    - Virus - Notepad exits by itself - C:\WINDOWS\system32\advpackf.exe My PC is infected with a virus. It is popping up with "Your system is probably infected with latest version of Spyware.cyberlog.X. When I checked with Process explorer; it showed that one process is running "C:\WINDOWS\system32\advpackf.exe" which has written many entries in Regedit. I have killed the process and deleted all the entries in registry editor, I could find. Strange thing is when I search on C:\WINDOWS\system32\ for the file advpackf.exe even after unhiding all the files. It fails to show up, however if I run the C:\WINDOWS\system32\advpackf.exe from the Run menu, it again starts all the popups and tries to change the start up page of browser. After this virus, I am unable to start Notepad.exe, after starting Notepad immediately exits by itself. Please advice. -- SS Tag: Dangers of... Tag: 97827
  - 13
    - Verify Method of the SignedData Object Hi, I have digitially signed a file. Now i would want to verify the digital signature of the file. I would like to know using which encoding should i convert the File stream to string? IS there any API which retrieves the digital signature from the file and content of the file (Saggregate)? -Debugger Tag: Dangers of... Tag: 97824
  - 14
    - IPSec Monitor's Main Mode window Hello: I have a WinXP client accessing a Win2k3 server. All latest updates and service pack applied. IPSec policy is assigned to both the client and the server. No problem is getting secured connection between the peers. Once the connection is established, I open up the IPSec Monitor, go to Main Mode-->Security Association and select the Propertes of the secured session. Under the field Policy Name, it shows "73 (Default)." I have seen this number changing. The IPSec Policy that I have assigned has a different name which uses "Request Security" setting under "Filter Action" tab inside the "Properties" of IPSec policy. Wondering from where this number information coming from? Is it possible to change that Policy Name changed to the real name of the Policy that is showing up under "IP Security Policies on Local Computer?" Your quick response on this will be greatly appreciated. Thanks. Regards, Victor Tag: Dangers of... Tag: 97820
  - 15
    - Last accessed date on file properties This is my first post so here goes. Under the properties of "local" files, the last access date is showing up with today's date and time when they are known not to have been open today. Is the event of checking the properties on files considered accessing the files? Microsoft's website indicates that the date and time is only changed with the act of opening the files. Could this bea sign of a security breach? I have been able to replicate this on many machines running xp sp2. Any help would be appreciated Tag: Dangers of... Tag: 97818
  - 16
    - Password Max Age Anyone know why the previous recommendation was 42 days and not a round number? And now we have "default" 42 days and "recommended" 90 days...why did that change from 42 to 90 days? Thanks Tag: Dangers of... Tag: 97815
  - 17
    - Website proofing Hello If I have a suspicious file, I usually send it to "virustotal". My question is there any website similar to virustotal that will check for website links? I received this address in my mail "www dot high98 dot com" and would lke to check if ok. Thx you! Mingo Tag: Dangers of... Tag: 97812
  - 18
    - Need help & support regarding MBSA 2.1 beta 2 I am trying to run a scan with MBSA 2.1, but it encounters an error as soon as it begins. Here is the log of the scan: Security assessment: Incomplete Scan Computer name: MSHOME\YOUR-9020FCA106 IP address: 192.168.0.101 Security report name: MSHOME - YOUR-9020FCA106 (5-22-2008 2-11 PM) Scan date: 5/22/2008 2:11 PM Scanned with MBSA version: 2.1.2030.0 Catalog synchronization date: Security update catalog: Windows Server Update Services Security Updates Scan Results Issue: Security Updates Score: Unable to scan Result: Cannot scan because target computer is not assigned to a Update Services server. Operating System Scan Results Administrative Vulnerabilities Issue: Local Account Password Test Score: Check passed Result: No user accounts have simple passwords. Detail: | User | Weak Password | Locked Out | Disabled | | HelpAssistant | - | - | Disabled | | SUPPORT_388945a0 | - | - | Disabled | | ASPNET | - | - | - | | Administrator | - | - | - | | Guest | - | - | - | | miguel mesa | - | - | - | Issue: File System Score: Check passed Result: All hard drives (1) are using the NTFS file system. Detail: | Drive Letter | File System | | C: | NTFS | Issue: Password Expiration Score: Check not performed Result: Check is skipped on Windows XP Home Edition computers. Issue: Guest Account Score: Check passed Result: The Guest account is not disabled on this computer. Issue: Autologon Score: Check not performed Result: Check is skipped on Windows XP Home Edition computers. Issue: Restrict Anonymous Score: Check passed Result: Computer is properly restricting anonymous access. Issue: Administrators Score: Check passed Result: No more than 2 Administrators were found on this computer. Detail: | User | | Administrator | | miguel mesa | Issue: Windows Firewall Score: Best practice Result: Windows Firewall is managed through Group Policy on this computer. Windows Firewall is disabled and has exceptions configured. Detail: | Connection Name | Firewall | Exceptions | | Incoming Connections | N/A | N/A | | Internet Connection | N/A | N/A | | All Connections | Off | Ports, Programs, Services | | Broadband Connection | Off* | Ports*, Programs*, Services* | | Local Area Connection | Off* | Ports*, Programs*, Services* | | MSN | Off* | Ports*, Programs*, Services* | | Wireless Network Connection 3 | Off* | Ports*, Programs*, Services* | Issue: Automatic Updates Score: Check passed Result: Updates are automatically downloaded and installed on this computer. Issue: Incomplete Updates Score: Best practice Result: No incomplete software update installations were found. Additional System Information Issue: Windows Version Score: Best practice Result: Computer is running Windows 2000 or greater. Issue: Auditing Score: Best practice Result: Check is skipped on Windows XP Home Edition computers. Issue: Shares Score: Best practice Result: 1 share(s) are present on your computer. Detail: | Share | Directory | Share ACL | Directory ACL | | print$ | C:\WINDOWS\system32\spool\drivers | Everyone - R, Administrators - F | Everyone - F | Issue: Services Score: Best practice Result: No potentially unnecessary services were found. Internet Information Services (IIS) Scan Results IIS is not running on this computer. SQL Server Scan Results Instance MSSMLBIZ Administrative Vulnerabilities Issue: SQL Server/MSDE Security Mode Score: Check passed Result: SQL Server and/or MSDE authentication mode is set to Windows Only. Issue: Exposed SQL Server/MSDE Password Score: Check passed Result: The 'sa' password and SQL service account password are not exposed in text files. Issue: CmdExec role Score: Check passed Result: CmdExec is restricted to sysadmin only. Issue: Registry Permissions Score: Check passed Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys. Issue: Folder Permissions Score: Check failed (critical) Result: Permissions on the SQL Server and/or MSDE installation folders are not set properly. Detail: | Instance | Folder | User | | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn | BUILTIN\Users | | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn | YOUR-9020FCA106\SQLServer2005MSSQLUser$YOUR-9020FCA106$MSSMLBIZ | | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn | \CREATOR OWNER | | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data | YOUR-9020FCA106\SQLServer2005MSSQLUser$YOUR-9020FCA106$MSSMLBIZ | | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data | YOUR-9020FCA106\SQLServer2005MSSQLUser$YOUR-9020FCA106$MSSMLBIZ | | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data | \CREATOR OWNER | Issue: Sysadmin role members Score: Check not performed Result: Could not perform this check because SQL Server and/or MSDE was not running. Issue: Guest Account Score: Check not performed Result: Could not perform this check because SQL Server and/or MSDE was not running. Issue: Sysadmins Score: Check not performed Result: Could not perform this check because SQL Server and/or MSDE was not running. Issue: SQL Server/MSDE Account Password Test Score: Check not performed Result: The check was skipped because SQL Server and/or MSDE is operating in Windows Only authentication mode. Issue: Service Accounts Score: Check failed (non-critical) Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem. Detail: | Instance | Service | Account | Issue | | MSSMLBIZ | MSSQL$MSSMLBIZ | miguel mesa | Local Administrator account. | Issue: Password Policy Score: Check not performed Result: Could not perform this check because SQL Server and/or MSDE was not running. Issue: Public Permissions Score: Check not performed Result: Could not perform this check because SQL Server and/or MSDE was not running. Issue: SSIS Roles Score: Check not performed Result: Could not perform this check because SQL Server and/or MSDE was not running. Issue: Sysdtslog Score: Check not performed Result: Could not perform this check because SQL Server and/or MSDE was not running. Instance SONY_MEDIAMGR Administrative Vulnerabilities Issue: SQL Server/MSDE Security Mode Score: Check passed Result: SQL Server and/or MSDE authentication mode is set to Windows Only. Issue: Exposed SQL Server/MSDE Password Score: Check passed Result: The 'sa' password and SQL service account password are not exposed in text files. Issue: CmdExec role Score: Check passed Result: CmdExec is restricted to sysadmin only. Issue: Registry Permissions Score: Check passed Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys. Issue: Folder Permissions Score: Check passed Result: Permissions on the SQL Server and/or MSDE installation folders are set properly. Issue: Sysadmin role members Score: Best practice Result: BUILTIN\Administrators group should not be part of sysadmin role. Issue: Guest Account Score: Check passed Result: The Guest account is not enabled in any of the databases. Issue: Sysadmins Score: Check failed (non-critical) Result: More than 2 members of sysadmin role are present. Issue: SQL Server/MSDE Account Password Test Score: Check not performed Result: The check was skipped because SQL Server and/or MSDE is operating in Windows Only authentication mode. Issue: Service Accounts Score: Best practice Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem. Detail: | Instance | Service | Account | Issue | | SONY_MEDIAMGR | MSSQL$SONY_MEDIAMGR | SYSTEM | LocalSystem account. | | SONY_MEDIAMGR | SQLAgent$SONY_MEDIAMGR | SYSTEM | LocalSystem account. | Desktop Application Scan Results Administrative Vulnerabilities Issue: IE Zones Score: Check passed Result: Internet Explorer zones have secure settings for all users. Issue: Macro Security Score: Check not performed Result: No Microsoft Office products are installed Any kind of help will be greatly appreciated. Thanks Tag: Dangers of... Tag: 97803
  - 19
    - NTFS Permissions It seems to me that NT & XP has a command at DOS / CMD that will reset all NTFS permissions. Do you remeber what that is? Tag: Dangers of... Tag: 97801
  - 20
    - Chassis intrusion detected I am using XP PRO Meadia Center Edition. I recently added a harddrive. Now i am getting this,Chassis intrusion detected. This typically does NOT indicate a hardware failure. 1. Contact your Help Desk if you did not personally open your chassis. 2. Enter System Setup & Set Chassis Intrusion to 'Clear' I have went to setup and it askes me for a (setup password) but my password dosn't work. Yes i am the administrator and in fact the only user of this computor how do i get in to reset the password or reset to clear or reset to no password required? -- timtim Tag: Dangers of... Tag: 97800
  - 21
    - Auditing / File Security Can anyone tell if it is possible (and if yes how?) to log or audit file access. This is a large domain running 2003 AD with a mix of NT / 2000 servers. The simple and basic scenario is as an example HR is a group all with access to Folder X. Within Folder X there are some basic spreadsheets that all these users can access. One of these users has either accidentally or intentionally deleted one of these files. Retreiving the file from tape took all of 3 minutes, but the powers that be would like to know which user it was that deleted it. I have looked through the event viewer security logs and cannot seem to find any reference to that file being accessed or deleted. Is there an auditing feature on the DC that will enable me to check for such things? If ther eis which is it, and what would it look like so I can recognize it in the event viewer. I mean would the event specifically name the file that was deleted? USER A deleted FILE X? Any pointers tips or methods others use would be great. It seems locking stuff down so that a small number of users are the only ones with access to it, isn't enough these days. HELP! :) Tag: Dangers of... Tag: 97799
  - 22
    - CA root certificate Hi to all. This is my first post and my first step to the PKI knowledge. Someone have asked me if there is a way to make the Root Certificate not exportable so only the one who have installed this certificate in the machine can access via PEAP to the wifi network and in the same time the user cannot pass this certificate to another PC. A kind of security enanchement. Ok...i think i have the answer and it's NO, but to be honest I'm too new to this topic and I wont to be sure. Thank for your intrest and sorry for my bad english Tag: Dangers of... Tag: 97798
  - 23
    - PKI - Manual Enroll - Auto Renewal - Possible? How do you configure a certificate template for Manual enrolment and Auto renewal? For example: I have a web server called â??WINSERVER1â??. It hosts a website called â??coolwebsite.localâ?? I request an SSL from the internal CA called coolwebsite.local. I want that certificate to automatically renew when it expires. Obviously this has to be a manual enrolment as the server would not know how to request some random website name in a certificate. This is what I have configured: I have an AD Integrated Enterprise issuing CA. A version 2 certificate template has been created for computer authentication. Template settings are as follows: Subject Name Tab -Supply in the request (followed by a description. The sentence of interest is â??Autoenrollment is not allowed if you choose this option) Issuance Requirements Tab -Require the following for enrolment: CA certificate manager approval -Require the following for reenrolment: Valid existing certificate Security Tab -AD group allowing Read Enroll and Autoenroll A server is added to the AD group that was configured on the Template permissions tab. A GPO has been created allowing the server to autoenroll and renew. A certificate was requested via the web interface http://caname/certsrv using this template and approved via the Certificate Authorities mmc. The server then had a certificate with a validity of 1 year. My expectation was that it would auto renew the certificate when it was due to expire â?? using the GPO, Template security, and â??Valid existing certificateâ?? issuance requirement. This has not happened. Have I configured something incorrectly? Or Is it not possible to have manually enrolled and automatically renewed? Tag: Dangers of... Tag: 97790
  - 24
    - Internet Access fails after VPN established Hi, I have a VPN connection set up using Internet Explorer-Tools-Internet Options-Connections. When at home, I first connect to the internet thro an ADSL Router. Am able to access internet. Now I connect to the VPN. I can access remote LAN without any probs. Can RDC/VNC/Explore any of the IP addresses in Remote LAN. However, I cannot access the Internet as long as the VPN is on. How can I access both the internet and the Remote LAN simultaneously? TIA Kar Tag: Dangers of... Tag: 97776
  - 25
    - how do I logon to local admin on server 2003 doman Hi all, Had a 2003 server crash. Got it backup but discovered I did not have local password to use to do a chkdsk. My question is now that the server is backup how do I logon as local administrator to test my password. When I log off as domain administrator the drop down box to logon does not have an option to logon as local admin. It only shows my domain. Do I need to restart the server and hit a function key or something? I just wanted to test the local admin password so that next time I need it I will know what it is. Thanks in advance for any help on this. Sher Tag: Dangers of... Tag: 97759

Installing Vista, Office 2007 and NIS on the same computer.
(Well, I reckon that's what it must have been)

http://www.theregister.co.uk/2008/06/06/office_rampage/

Top

Re: Dangers of... by S

S
Tue Jun 10 03:01:48 CDT 2008

Ha-ha. NIS+

"Anteaus" <Anteaus@discussions.microsoft.com> wrote in message
news:C928CF0C-37A2-4F13-86CC-D9978F9F6FB3@microsoft.com...
> Installing Vista, Office 2007 and NIS on the same computer.
> (Well, I reckon that's what it must have been)
>
> http://www.theregister.co.uk/2008/06/06/office_rampage/
>
>

Top