Desktop.ini auditing filling event logs

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Hijackthis Can this program detect presence of viruses on computer. Tag: Desktop.ini auditing filling event logs Tag: 74287
  - 2
    - Viruses and hijackthis Hi. If computer is infected will i see this in hijackthis program or not? Tag: Desktop.ini auditing filling event logs Tag: 74286
  - 3
    - safe mode antivirus hi, I use AVG free version in regular mode. I can NOT use it in safe mode. I also have the sysclean from trend micro that I have used in the past because one can use it in safe mode. But, the scan usually takes more than an hour, though if it does the job, I wouldn't mind. Still, I would like to see if anyone out there has another (free perferably) AV program that they recommend to use in safe mode. that way, if I am short on time and can't use Sysclean, I can use that one. Note: I have stinger too. but, would like to get another one that I can enable only in safe mode. WIll use AVG all the other times. thanx Tag: Desktop.ini auditing filling event logs Tag: 74285
  - 4
    - HELP can't logon to my computer I need help fast...i can't logon to my computer, im using windows XP professional... i was trying to create a workgroup and it said i belonged to a domain already and it had to be changed before i could create the workgroup...so i change my domain to workgroup and then restarted like it said...however now i can't logon to my computer...no user name or password that i can think of will work..i need to know of a way i can get around the logon so i can access my files..please help! -- Jill Tag: Desktop.ini auditing filling event logs Tag: 74274
  - 5
    - Security token design question There is a smartcard chip embedded in a PnP device of completely irrelevant class. It is not exposed as independent hardware function. The chip can be accessed only thru the driver of this device. How I can make this chip visible to CryptoAPI from user mode? Can this be done with a user mode module that sends custom ioctls to the driver? Or I need a root enumerated driver that emulates a Smartcard reader? Can such "virtual" smartcard readers pass HCT? Regards, --PA Tag: Desktop.ini auditing filling event logs Tag: 74269
  - 6
    - dsclient - ntlm v2 I need to know how make win 9x work with ntlm v2. IÂ´ve installed dsclient, changed the registry like described in some websites, but isnÂ´t work. It donÂ´t autenticate. The only way to this work is changing the registry to level 0, but with this the ntlm v2 donÂ´t work. > Locate and click the following key in the registry: > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control > > Create an LSA registry key in the registry key listed above > > On the Edit menu, click Add Value, and then add the following registry > value: > Value Name: LMCompatibilityLevel > Data Type: REG_DWORD > Value: 3 > Valid Range: 0,3 > Description: This parameter specifies the mode of authentication and > session > security to be used for network logons. It does not affect interactive > logons. > . Level 0 - Send LM and NTLM response; never use NTLM 2 session security. > Clients will use LM and NTLM authentication, and never use NTLM 2 session > security; domain controllers accept LM, NTLM, and NTLM 2 authentication. > . Level 3 - Send NTLM 2 response only. Clients will use NTLM 2 > authentication and use NTLM 2 session security if the server supports it; > domain controllers accept LM, NTLM, and NTLM 2 authentication. > Thanks, Leonardo Tag: Desktop.ini auditing filling event logs Tag: 74267
  - 7
    - 086eb794e.html -Desktop Background Can anoyone help. I have found this file on my computer under all users. It is linked to a 'Free Track Remover' program and is locaeted in C:\Documentsand settings then under the user's local settings in a folder called Temp. The file is causing a red background on desktop with the advert for this free track remover-trying to get you to buy it. This background comes up no matter what I do. I have tried deleting this file which is removed until you next log on. The file is then back in the same place. I have also tried delting the folder but an error message appears explaining that some of the folders are used by other programs and can not be deleted. I originally found the file under Control Panel\Display\Desktop\CustomiseDesktop then on the web tab. The file is there under the web pages. I can delte it from there but the same thing occurs where it returns. I have tried using Norton to remove it but it still returns. Please can someone help me with this-email me on Saxonh@Hotmail.com and enter 086eb794e in the subject box. All help appreciated Tag: Desktop.ini auditing filling event logs Tag: 74266
  - 8
    - BMP Processor overflow I'm getting the following alert from my firewall's IPS: WEB-CLIENT Internet Explorer BMP Processing Overflow. I spoke to the user and told them to stop going to what ever site they are, but I keep getting the alert. should I be worried about this person's workstation? My IPS is blocking the threat, but the 100 alerts I'm getting a day are starting to bother me. Thanks. Tag: Desktop.ini auditing filling event logs Tag: 74265
  - 9
    - Kerberos User Ticket Lifetime Hi, In Windows 2000 Server and Windows Server 2003, is it possible to set Maximum User Ticket Lifetime at a userid level, or only at the domain level with the Maximum User Ticket Lifetime parm? I would like to have a domain setting that would cover most of the users, and set a shorter ticket lifetime on the users who are in the Administrators groups, but didn't see a way that a shorter lifetime could be set on those individual userids to achieve that. Anyone know if that's possible, and if so, how you'd do that? Thanks in advance! - Kit Tag: Desktop.ini auditing filling event logs Tag: 74263
  - 10
    - Permissions on created folder If I create a folder called public on a windows 2003 server, is it ok to remove creator owner and system and leave only administrator and authenticated users. Tag: Desktop.ini auditing filling event logs Tag: 74260
  - 11
    - remote access logons in Event Viewer I need to find out if someone is logging on to our sever via remote access desktop. Is there an Event Log entry to indicate access via RAD? Tag: Desktop.ini auditing filling event logs Tag: 74258
  - 12
    - Firewall If I enable the Windows firewall on my new 2003 Server Std x64 SP1 network server (Domain Controller, DNS, File and Print Server, WINS) the loads and saves of files across the network are very slow. I opened a port exception for my network but still very slow loads and saves. When I turn the firewall off I get normal loads and saves again. Do I even need a firewall on this server if I don't have the IP address for my ISP gateway configured in my network settings? Tag: Desktop.ini auditing filling event logs Tag: 74256
  - 13
    - MAJOR Hacking Hi - have a big problem and unsure how to correct despite best efforts with router, personal firewalls, etc. Brand new computer worked well for 2 weeks until one day norton reported many programs (AIM, internet expplorer, svchost.exe etc) accessing the internet through unknown Modules. Since that point, it doesnt matter if i completely wipe out the system or not (which I have done x number of times now) it reverts back to accessing the internet through unknown modules. I am fairly confident that whatever is happening, it is forcing my internet information to be filtered through some other server whose IP seems to be masked to my firewall logs. My logs are filled with entries of only my internal ip address. Anyone have ANY ideas?: Tag: Desktop.ini auditing filling event logs Tag: 74249
  - 14
    - Searching tool for FULL disc encryption (not only volume files) I am searching a tool which allows to encrypt a whole harddisc and not only a volume file as the most of the offered tools. Yes, I know TrueCrypt. But this tool has problems with large external USB drives. I got permanent errors from the TrueCrypt driver in big operations like copying 20000 files onto a TC encrypted harddisc (Doing the same with the same USB hatrddisc unencrypted show no error). Yes, I know also PGPdisk. But this tool can only exist with a running PGP installation. I need a tool which can be launched easily on demand (when I plugged in the external USB drive) BestCrypt, DriveCrypt offer only encryption of volume files. Which tools exist otherwise? Thomas Tag: Desktop.ini auditing filling event logs Tag: 74248
  - 15
    - Bug in Kerberos SSP within SSPI?? We have been trying to gain a detailed understanding of what SSPI does when authentication fails. Unfortunately while much documentation exists for how ti works when it all works, the documentation on what happens when things go wrong is almost non-existent! For example, take the scenario where the client initializes a context for a service with the SPN of "userA@domain.com". However the service is actually running as "userB@domain.com". On the first call to AcceptSecurityContext, when the client's first blob is passed in, SSPI returns SEC_I_CONTINUE_NEEDED. Shouldn't it return a failure code since the ticket embedded in the security blob (token) is not encrypted with a key it can understand? We've also noticed the behaviour differs between an initial logon and once the workstation has been locked and unlocked. On an initial login: AcquireCredentialsHandle (client side) - SEC_E_OK AcquireCredentialsHandle (server side) - SEC_E_OK InitializeSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to server AcceptSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to client InitializeSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to server AcceptSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to client InitializeSecurityContext - SEC_E_WRONG_PRINCIPAL After locking/unlocking the workstation: AcquireCredentialsHandle (client side) - SEC_E_OK AcquireCredentialsHandle (server side) - SEC_E_OK InitializeSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to server AcceptSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to client InitializeSecurityContext - SEC_E_LOGON_DENIED Where is the behaviour different after the lock/unlock and why the extra roundtrip in the initial logon case? Any enlightment would be greatly appreciated given the black-box nature of SSPI :) We are running a W2K3 with SP1 running in W2K+ mode for the Domain controller and WinXP with SP2 for the workstations. Tag: Desktop.ini auditing filling event logs Tag: 74247
  - 16
    - Eractic Behaviour from Win2k Server Hi I hope someone can help me. I have three domains in my network environment - Network A, Network B and Network C. Two domains are running Windows 2000 Server and the last is Windows 2003 Server. Each domain has its own Domain Controller. Domain C has two domain controllers. DNS is running within each domain and the Dns server for each network is itself. Each domain communicates with the other via a trust relationship. There is one DHCP server in the network allocating IP addresses to the client machines running Windows XP. My problem is as follows- I have a 256/512Kbps wireless internet connection and I noticed that our internet bandwidth has reduced significantly over the last couple of days. I used Ethereal to pinpoint which machine was hogging the bandwith. Ethereal results showed that the computer is querying www.cheaptickets.com for DNS information along with some other wierd sites. It is one of the Domain Controllers in Network C. I installed Microsft Antispyware to scan the machine for spyware but nothing was found. The Norton Virus defintions are up to date and it found no viruses when a scan was done. When I take this machine off the network the internet bandwidth returns to its normail behaviour. This machine is currently running Norton, Exchange 5.5 and Print services. What should be my next course of action to rectify this problem. The task manager does not show any unregular behavour within the Processes nor Performance tab. What could be causing my problem and what should I do to rectify the issue. PLEASE HELP. Regards Tag: Desktop.ini auditing filling event logs Tag: 74241
  - 17
    - Windows XP/2000: Working without administrator rights Hoping some people can offer some advice. We have recently taken all users out of the Local Administrators group on their PCs (not our choice but the powers that be). All users are now either Users or Power Users. This has become a nightmare in that we now need to log users of and on in order to make any changes. I am after some tips to help make this easier. Here is what I am utilizing so far: - Remote Assistance (XP Only) - "Run As" from installing some programs Is there any way to do the following without having to log on as an administrator on their PC? - Modify the registry - Run System Tools (eg Disk Defragmenter) - Install programs - Modify the hosts file We have limited access to a single group policy for our OU but at this stage no rights to create additional ones. Happy to hear any scripting solutions as well. Tag: Desktop.ini auditing filling event logs Tag: 74239
  - 18
    - Guest account access Hello everyone, Please help Im getting the following application error message when logged on as a guest; could not create entry(""+speedtouch connection+"" ) I want my friends to access my PC using the guest account. With this error i can't connect to the internet. I think its something to do with guest access control permissions. How can i solve this? Many thanx Tag: Desktop.ini auditing filling event logs Tag: 74232
  - 19
    - Alternative for Norton Antivirus? I'm experiencing quite a lot of problems with Norton Antivirus and I was just wondering what virus scanner the members of this group were using (if any)? I used to be pretty happy with Norton but not anymore. Tag: Desktop.ini auditing filling event logs Tag: 74231
  - 20
    - Display users rights for auditors Hi, for our IT auditors we need to show them what user permissions everyone has got within AD 2003. Especially the Admins. We just showed them (auditors) the built in Admin groups, but they are not happy with this and asked for a report on all users and what control they have. It and admin accidently adds a user to a admin group how would we know? I just hope you guys know of a solution we can put in place from now on. Thanks S Tag: Desktop.ini auditing filling event logs Tag: 74228
  - 21
    - Patching Alpha NT Server Systems Hello, I have an old Alpha NT 4 Server box that is currently requiring patching. Will there be an issue installing the same patches for the Intel platform on this server? Do the exploits affect Alpha systems the same way as Intel systems? Finally, were there prior released updates for these Alpha NT systems before MS declared NT no longer supported? Thanks much, Paul Tag: Desktop.ini auditing filling event logs Tag: 74225
  - 22
    - LsaSrv Event 6033 I started getting the following error error message on my Windows 2003 Domain server: An anonymous session connected from LOCALMACHINENAME has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller. The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1. Can somebody suggest a way of figuring out what application/service is trying to access the LSA policy anonymously? Thanks, Irina Tag: Desktop.ini auditing filling event logs Tag: 74224
  - 23
    - Nessus vs MBSA My environment has 200 servers, in which 95% are MS Win2000/2003 OS's. We have few Unix boxes and clients are primarily WinXP. Do you think it makes more sense using Nessus or MBSA to scan our network for vulnerability detection ? I have experience no experience with Nessus, but if the goal is getting the Windows servers scanned, it seems to me that MBSA is a better approach. Please advise. Tag: Desktop.ini auditing filling event logs Tag: 74217
  - 24
    - Is Browser using Localhost OK ? Hello, I see Netscape Browser trying to use Localhost in my Firewall Log that I usually Block, so I made Rule to Block it that I can change to Allow later if it is not a problem: Everything seems to work fine with it Blocked. Rule "Localhost NETSCP.EXE TCP-UDP" blocked (localhost,http). Details: Outbound TCP connection Local address,service is (0.0.0.0,1053) Remote address,service is (localhost,http) Process name is "E:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE" Everything else using Localhost is Blocked (I don't like being used as a server, Zombie or otherwise) but should I allow this one? Thank you for your help Kevin Tag: Desktop.ini auditing filling event logs Tag: 74216
  - 25
    - TsInternetUser issues I am having events logged in Event Viewer and I am trying to figure this one out. Event Viewer shows - Event Type: Error Event Source: SAM Event Category: None Event ID: 12294 Date: 7/25/2005 Time: 5:31:41 PM Computer: MAIL1 Description: The SAM database was unable to lockout the account of ã? due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above. Data: 0000: a5 02 00 c0 Â¥..Ã? C:\WINNT\Debug\PASSWD.LOG shows - 07/27 01:49:52 Attempting password change server/domain HERITAGE for user TsInternetUser 07/27 01:49:55 SamChangePasswordUser2 on machine \\GFFS1 for user TsInternetUser returned 0xc000006a And these errors and events happen every 24 hours. I know Windows changes this password automatically every day to prevent hacking, but it appears to have forgotten the password. BTW - Users are able to use Citrix and I am able to use termianl services. I just want to keep my event viewer clean. -- Do NOT email replies as they do not benefit the community as a whole. Tag: Desktop.ini auditing filling event logs Tag: 74214
- Next
  - 1
    - Disabling Shutdown and Restart Is there a way to disable shutdown but keep restart for the general user population through GP. Administrators will need the ability to shutdown while they are logged on to users computers. The computers will also have to have shutdown disabled at the login prompt but not restart. We have several tasks running throughout the night and some people just don't listen when told to leave their computers on. Tag: Desktop.ini auditing filling event logs Tag: 74213
  - 2
    - Firewalls I'm sure this has been asked before... I have Windows xpsp2 (has a firewall), MS broadband router for a home network(has a hardware firewall), Norton IS2005 (has a firewall) and, finally, my service provider has given us free security package which also has a firewall. The obvious question is should they all be on? Should they all be off but one? Do I benefit from having them all on or does it affect performance? Which one should be on? The router firewall seems to be the logical one to keep on but then I keep getting alerts from xp that I don't have a firewall on. Norton keeps telling me that I have another firewall on and do I want to turn it off? Help! Tag: Desktop.ini auditing filling event logs Tag: 74211
  - 3
    - Setting up WPA in Windows 2000 Hi, This is my first Wi-Fi network. I am using a Belkin Pre-N router and Pre-N notebook (PCMCIA) card. I am trying to setup WPA encryption under Windows 2000 Pro. All documentation I have seen shows Windows XP. Can WPA work under Windows 2000? Also, are there drawbacks to WPA over WEP? Someone here posted that netcams don't work with WPA. Thanks for the help. Tag: Desktop.ini auditing filling event logs Tag: 74210
  - 4
    - What is the earliest version with full harddisk encryption (not only files) ? When I looked into v6.0.2 I had to recognize that PGPdisk encryptes only files as volumes. Afaik there are newer versions which encrypt complete harddisc devices as well. What is the earliest version which is capable of doing this? Thomas Tag: Desktop.ini auditing filling event logs Tag: 74205
  - 5
    - Windows security out of date My windows security is out of date, but I also have McAfee virus scan 8.0.0 do i need to download another AV I am running wxp sp2. Also can I unistall the windows security center... thank you in advance wendy Tag: Desktop.ini auditing filling event logs Tag: 74196
  - 6
    - letter from technet (not!) i got the following letter - watch out it is a phony and dangerous. came from Security Assistance [zczruklrzf@technet.com] Warning: This message has had one or more attachments removed (Patch79.exe). Please read the "ITOL-Attachment-Warning.txt" attachment(s) for more information. Microsoft All Products | Support | Search | Microsoft.com Guide Microsoft Home MS Customer this is the latest version of security update, the "July 2005, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run code on your computer. This update includes the functionality of all previously released patches. System requirements Windows 95/98/Me/2000/NT/XP This update applies to MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later Recommendation Customers should install the patch at the earliest opportunity. How to install Run attached file. Choose Yes on displayed dialog box. How to use You don't need to do anything after installing this item. Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us. Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies. -------------------------------------------------------------------------- The names of the actual companies and products mentioned herein are the trademarks of their respective owners. Contact Us | Legal | TRUSTe ©2005 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility Tag: Desktop.ini auditing filling event logs Tag: 74189
  - 7
    - How to view wireless clients in Win2000 network? Hi, how do I view a wireless client in a Win2000 domain network? Currently, I'm testing out accessing our network using a RADIUS server (Microsoft IAS Server) using PEAP-MSCHAPV2. However, we need to view who is currently connected to our network via the wireless AP. TIA. Tag: Desktop.ini auditing filling event logs Tag: 74188
  - 8
    - EFS / CRL / Laptops ? We have a W2K3 Enterprise (domain-joined) Certification Authority which issues a diverse group of certificates â?? smartcard logon, code signing, client auth, etc. Because of these functions, it publishes its CRL every twelve hours, and in a location visible only from inside the enterprise. If we issue EFS certificates from this server, for use on laptops, what will happen when they are off the network? If the user is on an airplane on a two day journey â?? or otherwise unconnected past the expiration of the current CRL â?? will the EFS certs work ok, or will they eventually not be usable for encryption? If that's the case, would the laptop self-generate a cert instead? -- Lynn Tag: Desktop.ini auditing filling event logs Tag: 74187
  - 9
    - PKI S/MIME issue Has anyone seen an issue where an email should be encrypted, but for some reason is not? I have captured several e-mails in my system that have headers that would suggest encryption was intended. When I take a look further into the email, it is obviously not encrypted. The header that would suggest encryption is: Content-type: application/pkcs7-mime;smime-type=enveloped-data;name=smime.p7m Any help appreciated. Tag: Desktop.ini auditing filling event logs Tag: 74186
  - 10
    - Logon Interactivly one of the xp sp2 clients is getting "Local Policy of This System Does Not Permit You to Logon Interactively" regardless what account I use. cannot logon locally with local admin account because password has been changed from default I use for every new pc install somehow (i'm saying somehow because policy does not allow users to be in local admin group so they are not able to change local accounts passwords anyways) here is what I did, create new OU | move this one PC to this OU | create GP that allow 2 doman users to logon locally | now if I use one of these users to try to logon I do not get this message but here is how it behave: - I logon then get "applying sec policy message - then, is see logging off message - then, I get saving your settings and I'm back to login screen any idea what else I can try? Tag: Desktop.ini auditing filling event logs Tag: 74180
  - 11
    - policy for one computer "this computer has been locked by" I have one computer that is in a shared area and people keep walking away from it without logging out. The result is that it locks them out. How can I change this feature on this one computer. It's in a windows2000 domain, I am the admin. I want to change the policy on this computer only. I have changed policies for all, but not just one. thanks Tag: Desktop.ini auditing filling event logs Tag: 74174
  - 12
    - WINDOWS 2003 BLUE SCREEN Dear all I have a filserver within my organistion running on a Windows 2003 server platform, I have recently installed the Windows updates for July, however when I restarted the server it took an extreemly lengthy time to start up and in the end the blue screen appeared. I then restarted the server is 'Safe Mode', rebooted the server in 'Windows' normal mode, checked the event logs and I noted down the following Event ID with Error Messages: - EVENT ID: 1003 CATEGORY: 102 ERROR CODE: 0000007a, parameter1 e1402d14, parameter2 c0000185, parameter3 bf9194b0, parameter4 2f668860. I have rang Microsoft with no success, anyone who has experienced a similiar problem or has any advice/recommendations please post them. KR BrunoDJ Tag: Desktop.ini auditing filling event logs Tag: 74172
  - 13
    - Determining security on an NT server I need to find a way of analysing an NT server to see where there rights and security groups are and what permissions they have been given. The data on the server I am looking at is going to be migrated onto another server but I need to determine what security is in place in order to migrate that security across to the new server. Is there a quick way to do this? maybe with a shareware tool or Microsofts own resource kit? Thanks for your help Mal Tag: Desktop.ini auditing filling event logs Tag: 74171
  - 14
    - Upon Logon, IE Trusted Sites trying to automatically be added -- help. I am certain that many users have already posted requesting help with this. However, as I have just setup my newsgroups reader, I am failing to find help with this during any of the searches I have tried. With that in mind here goes... I am running Windows XP Pro (Svc. Pack 2) and was attacked several weeks ago by something that reset my home page to about.blank. Very annoying. I researched on the Internet and found some wonderful advice which lead me to the offending files and registry entries -- all of which I removed successfully! Yeah! Except there is this one lingering issue -- Trusted Sites attempting to auto-add themselves to my IE Trusted Sites list. Now, the only reason I am aware of this is because I am currently running what is most likely quite an outdated MS AntiSpyware software (probably the beta version still). Every time I logon, I get several "green" messages from this software informing me of allowed items (of which I am not concerned), but at the end I am always getting an alert ("blue" alert) informing me of some site trying to be added to the Trusted Sites list in IE. Each time, it is a different site (e.g. just now solongas.com tried to be added automatically). Now, each time this alert pops up, I choose to block it and everything seems fine. However, it is very annoying to have to do this extra step after logging on every single time. Is there a procedure I can perform to detect the root cause of this auto-adding functionality and remove it? I suspect there are some rouge registry entries and/or some bad files in my filesystem which, once deleted, will no longer attempt to add any sites to my IE Trusted Sites list automatically. I greatly appreciate any and all suggestions. Many thanks. Jared Schrag Tag: Desktop.ini auditing filling event logs Tag: 74162
  - 15
    - got hacked this weekend fully patch, anti virus up to date wasn't running ms spybot beta, but it didnt' see anything after the fact on scan files in c:\winnt\system32 as.exe mt.exe let.exe zp.exe esmb.exe skill.exe s.exe wpa.dbl files in c:\inetput\extranet\scriptlibrary rt.asp msg.asp ( lets you upload files ) c.exe (rename of cmd.exe) lanping.asp (shows files in inetpub. web is in korean or chinese, my files are in english) rz.asp (lets you upload files) ideas on how they got in? google says as.exe is from zorro or scorpio worm not much in logs, firewall shows them (i have ip addresses) downloading, but i can't find any uploads advise? thanks mike Tag: Desktop.ini auditing filling event logs Tag: 74161
  - 16
    - VPN Connection Using RASDIAL.EXE Hello, My VPN connection is working fine while using GUI. When I am trying to connect the same connection using rasdial.exe ( rasdial "all connect") I am getting Remote Access error 691 - Access was denied because the username and/or password was invalid on the domain. Error. At the same time when I am connecting the VPN Connection using GUI and disconnecting the same from command line ( rasdial "all connect" /disconnect) it's working - that means it's disconnecting. I am missing something while connecting.... what is it? Thanks & Regards Suraj Jadhav Tag: Desktop.ini auditing filling event logs Tag: 74160
  - 17
    - Can PGP and GnuPG share the same keyrings? Is it possible to install both, the PGP (v6.5.8) and GPG on one Windows system and let them share the same keyrings? Gerd Tag: Desktop.ini auditing filling event logs Tag: 74158
  - 18
    - Can IPSec connect 2 VPN Clients or is ALWAYS an IPSec server needed ? As the subject already asked: Do I always need an IPSec server to establish an IPsec connection or is something like an ad-hoc (similar to WLAN) IP-sec connection between two clients possible? Peter Tag: Desktop.ini auditing filling event logs Tag: 74157
  - 19
    - Recurring Event Id: 529, Windows 2000 SP4 Hello, I have been seeing failed secuirty audits that happen every ten minutes on the dot. These are occurring on our Domain controller. Details are as follows: Event ID:529 Logon Failure Reason: Unknown user name or bad password User Name: Administrator Domain: <Our local Domain> Logon Type: 4 Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_VI_0 Workstation Name: <Our Domain Controller> Do you guys have any idea what could be causing this? I have searched Microsoft's Knowledge base and have come up with articles: http://support.microsoft.com/default.aspx?scid=kb;en-us;811082 and http://support.microsoft.com/default.aspx?scid=kb;en-us;312827 This is on a Windows 2000 SP4 Server platform with Windows XP SP2 workstations. Any Idea how to resolve this problem? Thanks in Advance, Nate Tag: Desktop.ini auditing filling event logs Tag: 74156
  - 20
    - rsa key pair generator in jscript or com Can anybody point me to a jscript or com implementation for a opensource key generator for rsa key pair's? Thanks, Kees. Tag: Desktop.ini auditing filling event logs Tag: 74130
  - 21
    - Quota information not returning user name When I view my Quota Entries, it does not return the users name, only the SSID (?). What should I check? TIA Tag: Desktop.ini auditing filling event logs Tag: 74129
  - 22
    - How to get post SP2 WinXP security updates to get burned in a CD? Hi, Saturday I installed WinXP on a PC. I connected to the net to get security updates and immediately the LSASS service got hacked and made restart the PC. I was less than 5 min connected!. Some time ago I posted a message asking how to download all the security patches for Win98 in order to burn them in a CD and apply to a non connected PC. I was suggested to go to http://v4.windowsupdate.microsoft.com/catalog/en/default.asp . That worked fine. But now I want to do the same for a WinXP SP2 system (I mean, download all critical security updates post SP2) but the results I receive are all .NET related updates. What is wrong? How can I get all security patches to burn in a CD? Thanks in advance Sammy Tag: Desktop.ini auditing filling event logs Tag: 74125
  - 23
    - Internet Security After recently having problems with my internet security suite I have decided to change it. I previously had Norton Internet Security 2005 but after stop allowing things to connect to the internet and not allow any changes to be made. I wonder if anyone can tell me what are they think are the best ones to use for things like anti-virus and stuff. Any help would be appreciated. Sean Tag: Desktop.ini auditing filling event logs Tag: 74117
  - 24
    - cannot get into e-mail at hotmail Hi, I keep trying to get into my hotmail e-mail account & it starts loading it, then it gets to 30 percent and then a box pops up that says that server cannot find my e-mail account and to try again later. This has been happening for the last two days. My friend tried getting into her e-mail account from my computer and she got right in, and then I tried getting into my e-mail at her house and it wouldn't let me in, but it let her into her e-mail at my house and her house. I want to get into my e-mail what is going on? KELLS. my email is kells197924@hotmail.com Tag: Desktop.ini auditing filling event logs Tag: 74112
  - 25
    - Terminal services oddity I am currently working on a server that is 10 feet from where I sit. I'm using my laptop to connect and configure via Terminal services. Because the server is in a default mode of locking after so many minutes of non use, the server locked me out. Obviously this is of little consequence if I have the password - I do, I am the one who set the password. However, the server is not recognizing the password that I set???!??! When I get up and walk to the server and physically enter the password on the server directly (not through Terminal services) I am allowed access. The server recognizes the password I set. But when I go back to my laptop and terminal server connection, I find the serve denies my access and sites incorrect password as the reason. Cap locks is not on - there is no apparent reason for this, can someone please offer advice- I'm clueless. Thanks Tag: Desktop.ini auditing filling event logs Tag: 74111

I have enabled auditing on a directory and all of its subdirectories
and files, for a location where users My Documents have been
redirected. I have set auditing for Change Permissions, Take
Ownership, Write Attributes, and Write Extended Attributes. However,
my security log on that machine is being filled with "Object Access"
entries referring to Accesses of ReadAttributes and WriteAttributes.
For the normal user, this is happening for only their redirected
folder. For the few in the domain admins group, there is an Accesses
entry with READ_CONTROL, ReadData (or ListDirectory) and ReadEA in
addition to the previoius two, for everyone's desktop.ini file in their
redirected users. This is really filling up the log files, making
auditing very difficult. Any ideas or help would be greatly
appreciated.

Rich C.

Top

Re: Desktop.ini auditing filling event logs by Eric

Eric
Mon Aug 22 10:40:40 CDT 2005

Desktop.ini is a file Explorer always looks for in every directory, telling
it how to display the folder. If you enable auditing on this file or on
directories such as My Documents that users are likely to browse to with
Explorer, you will get a large number of accesses and therefore audit
records.

As a general rule, you should avoid auditing for ReadData and other read
accesses, and you should avoid auditing for WriteAttributes and
WriteExtendedAttributes, as these are very noisy.

Best regards,
Eric

--
This information is provided "AS-IS" with no warranty, and confers no
rights.
"rcurley" <rcurley@stewartmarchman.org> wrote in message
news:1122647617.436853.288930@g44g2000cwa.googlegroups.com...
>I have enabled auditing on a directory and all of its subdirectories
> and files, for a location where users My Documents have been
> redirected. I have set auditing for Change Permissions, Take
> Ownership, Write Attributes, and Write Extended Attributes. However,
> my security log on that machine is being filled with "Object Access"
> entries referring to Accesses of ReadAttributes and WriteAttributes.
> For the normal user, this is happening for only their redirected
> folder. For the few in the domain admins group, there is an Accesses
> entry with READ_CONTROL, ReadData (or ListDirectory) and ReadEA in
> addition to the previoius two, for everyone's desktop.ini file in their
> redirected users. This is really filling up the log files, making
> auditing very difficult. Any ideas or help would be greatly
> appreciated.
>
> Rich C.
>

Top