Logging

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Locked servers and Remote Desktops Snap-In Hello, I have some developers who use the remote desktops snap-in (with console connect) to log into thier servers. Until recently, if they connected to a machine that another admin was logged into, they could log them out. Now for some reason they get a message that domain\user is already logged in at this time and that they don't have permissions to log them off. I looked and they are administrators on the server. Does anyone know how to grant them the ability to log other users off? Thanks, Ishmeal Tag: Logging Tag: 88067
  - 2
    - RE: EFS files without recovery agent Hi Roger, To create and link group policy I have follow the usual steps. Open gpmc.msc click on company.com domain and select "Create and link GPO here...". Then create Recovery agent with certificate from enterprise CA, I have also add Enterprise CA certificate to the "trusted root certification authority". Than make sure that Group policy has been applied on client workstations and file server. Enable "Trust computer for delegation" on file server. One more thing that may be related to the problem: Before we had recovery agent configured on "Default Domain Group Policy" with outdated certificate. I deleted that recovery agent (we did not have any encrypted files on the network), and then created a new policy that was described above. I think it is a pretty standard procedure that's why I have referred to this as "enable on domain level" and "link it to the domain". Yuriy Tag: Logging Tag: 88060
  - 3
    - New domains / workgroups aopearing in our MS Network We had something odd happen in the last day or two. Some unusual domain/workgroup names appeared in our Microsoft Network family in the network places area. They had some interesting names that indicated a german origin, like MSHeimNetz, and a german looking surname. My question is what happens that causes items in that folder? We tried clicking on them, but they dont respond. They also just disappeared. I feel like we've been hacked. Does any of this scenario sound familiar? Tag: Logging Tag: 88050
  - 4
    - windows defender.. i dont get it? When I view History in windows defender beta 2 it has a list of items which it notes that they have unwanted activites whatever but it says action taken Allow and then I view the quarantine and allowed lists they have nothing listed now I have not done anything about this apart from post this here because i dont know what to do here? when the full system scan is completed it says that my computer is running normally so i dont worry too much but are these items still running or has windows defender done something about them? Tag: Logging Tag: 88049
  - 5
    - Several problems... 1. Which Java program would you recomend that i could use that is safe and a good program too. 2. These newsgroup pages are taking a while to load up and the pop up blocker is laggy too. 3. I have rescently unintstalled microsystems sun java program because apparently it is being exploited. 4. I cannot find any rescent posts that I have posted in the newsgroups? Tag: Logging Tag: 88048
  - 6
    - Creating a Thread as a different user? I know that when using CreateThread, the default security descriptor comes from the primary token of the creator. How can I create a thread with a different token? I'm in IIS land (which is running as "NT AUTHORITY\NETWORK SERVICE"), in an ISAPI Extension that's been authenticated and invoked as a different user. I want to launch a thread as that user, but by default the new thread inherits NETWORK SERVICE from IIS, and I can't find specifics on how to form the LPSECURITY_ATTRIBUTE paramter for CreateThread. All the MSDN articles I've found contain vague hand-waving about access tokens and lpvoid parameters. Thanks Jason Tag: Logging Tag: 88046
  - 7
    - Max OSX 10 on Large Windows Domain Can anyone please point me to a resource that would explain the security risks to placing Mac's on a Windows domain. I am trying to find how/if group policy is/isn't applied and other security problems that can arise in a mixed environment. Thanks. -- Tag: Logging Tag: 88045
  - 8
    - IIS 6.0 Bug? Hi, I apologize for the extensive cross-posting but I'm getting desparate. We have a web page calling one or another web service. Both web service communicate with Sharepoint 2003, and both temporarily change impersonation using WindowsImpersonationContext class and then revert back with WindowsImpersonationContext.Undo() to typically save documents with the correct user name. Calling the web services synchronously works fine, but we need it to work asynchronously (typically creating and saving a document before the web services do some work on it). The problem is, instead of reverting to the original user, WindowsImpersonationContext ends up as the user running the Application Pool for the web page. I have been unable to find out anything why this happens. Furthermore, I created a new Application Pool for the web page, thinking perhaps sharing the same pool was the problem, but before I could attach it to the web page the problem appeared to solve itself, for a short time. Doing some extensive testing I have concluded this: WindowsImpersonationContext.Undo() works for a short time if a dummy application pool (not used by anything) is STARTED WindowsImpersonationContext.Undo() works for a short time if a dummy application pool (not used by anything) is STOPPED When it works, it seems to work as long as only one web service is called, and it stops working as soon as the other web service is called. ???? The only google result I could come up with related to this does not have a solution or email address http://www.derkeiler.com/Newsgroups/microsoft.public.dotnet.security/2005-02/0223.html Any idea, suggestions or something to try is extremely welcome - Morten Tag: Logging Tag: 88039
  - 9
    - New MSSECURE Dated 2006.09.12 MSSECURE.XML Data Version 2006.09.12.0 for use with MBSA 1.2.1 (SMS 2.0 or 2003 with Software Update Inventory Tool (SUIT)) was last modified today, September 12, 2006, and is now available for all supported languages (English, French, German and Japanese). Today's release contains 3 new bulletins, and 2 Re-release bulletins MS06-040 and MS06-042. Note: The revised date for the MS06-040 re-release reads 08/08/2006 in the mssecure.xml file, this could affect reporting for SMS customers and users should be aware of this issue. This does not affect detection and deployment for SMS or MBSA customers. MSSECURE Support - Today's release enables MBSA 1.2.1 support for the following bulletins: MS06-040 re-release Netapi Re-offer to Windows 2003 SP1 KB921883 MS06-042 re-release IE Re-offer to IE501 SP4, IE 60 W2k,IE W2k w2k3 KB923761 MS06-052 PGM KB919007 MS06-053 Index Server KB920685 MS06-054 Publisher KB910729 Charles Weidner [MSFT] cweidner@online.microsoft.com If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for support on the Microsoft Baseline Security Analyzer (MBSA). Information is available at the following link: http://support.microsoft.com/default.aspx This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: Logging Tag: 88030
  - 10
    - MSN Messenger eavesdropping? Is it technically possible to log into the same msn messenger account from two separate computers and be logged on at the same time? My partner and I use messenger often to communicate, but are worried whether a third person would be able to log into one of our accounts at the same time (assuming they knew the password) and eavesdrop our conversations undetected. Can anyone enlighten me/reassure me? Thanks! Tag: Logging Tag: 88029
  - 11
    - EFS files without recovery agent Hi, I'm experiencing strange problem with EFS on my domain, and wonder if any one can help me understand what is happening. I have recently configured EFS group policy, created recovery agent, and apply it on domain level. Now users are able to encrypt files, but there is no Recovery agent in the list when I open Encryption details window. All domain controllers are Win2003 (Win 2000 native function level) and workstations are WinXP. Can any one give me some ideas where it went wrong? Regards, Yuriy. Tag: Logging Tag: 88026
  - 12
    - Expired Code Signing Cert with VBScript I have a code signing cert from an internal CA that I have been using to sign all my admin scripts that has recently expired. Does anyone know of a way to "renew" a code-signing cert with an interal MS CA so that I dont have to re-sign all my scripts with a new cert every year? Tag: Logging Tag: 88025
  - 13
    - Windows Logon My son thinks he is funny and he changed my account to a limited account. I am the registered owner of windows, so how is it possible that I get myself back into administrator status? 1st thing I'm going to do is restrict him like I should have to start. Tag: Logging Tag: 88017
  - 14
    - prevent to change Administrator password Hello There is any wat to prevent (by policy or regestry) that a user of the Administrators Local Group (Windows 2000 Prof./XP) can changes the Administrator password ? gracias. PD: No AD Best Regards Tag: Logging Tag: 88011
  - 15
    - How do I issue SSL Certificate? I require a digital signature and private key for uploading onto a router/gateway in order to provide ssl connectivity for the web interface of the gateway through which users will log on to gain access to the Internet. The digital signature has to have a "CRT" extension and the private key requires a "KEY" extension. I have been informed by the manufacturer that I need a Base64 encoded digital certificate, do I need any other information in order to create a valid digital certificate for use on the gateway? How can I do this using Windows Server 2003 SP1? Also, should I select Stand Alone CA or Enterprise CA when installing Digital Services on the Server itself? Users of the gateway will log on the gateway from a public LAN and the gateway will verify log on details via RADIUS using the Windows 2003 Server on a Private Network. Thank you for your assistance David Sharman Regional Computer Services Tag: Logging Tag: 88004
  - 16
    - Audit logon and logoff I need to collect and keep login and logoff times for all staff on my domain/network, I've searched around and found software that can do it bout wondered if anyone had a free way to do this via scripts etc, microsoft must have a central way to collect these events now? Hopefully, let me know what you know :) Thanks in advance Tag: Logging Tag: 88003
  - 17
    - says i have a virus, but cant get rid of it. i have a little ?mark on my computer, it says that i have a virus. i tried to download VirusBurst but it wont go through is there another way to get rid of this. i'm new at this computer thing. anything would help, thank you Tag: Logging Tag: 88000
  - 18
    - Spyware Hi Does anyone know why every time I switch my computer on, my firewall was automatically turned to off? It all started a few days ago when I got a message that I have spyware in my system. I panicked, downloaded Ad-Aware and removed all the stuff in the system that were critical. I continued serving the internet without problems but the same thing happens again after switching off and on again, the firewall was turned off and I had spyware warning again. I never had this problem before and I have not downloaded any unusual stuff or served any unusual sites. Any ideas? Thanks. Tag: Logging Tag: 87997
  - 19
    - Trojan Horse Discovered On Samsung Site Trojan Horse Discovered On Samsung Site People generally expect to enjoy a degree of safety when they visit the website of a major corporation. There's an implicit guarantee that these brand names won't have any malware on their pages. That trust may have been broken, though, with the recent revelation that the Samsung site is home to a Trojan horse. http://www.securitypronews.com/news/securitynews/spn-45-20060908TrojanHorseDiscoveredOnSamsungSite.html Imhotep Tag: Logging Tag: 87990
  - 20
    - Unexplained computer behavior may be caused by deceptive software See: http://support.microsoft.com/default.aspx?scid=kb;en-us;827315 Silj -- siljaline MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP Security Tools Updates http://aumha.net/viewforum.php?f=31 Reply to group, as return address is invalid that we may all benefit. Tag: Logging Tag: 87985
  - 21
    - Free Computer Help Please visit our Free Computer Help Bulletin Board http://www.yocs.net/phpBB2/index.php where you can get answers to everyday computer issues. This is a great resource for FREE technical support help. You can ask questions related to Applications, Hardware, Operating Systems, Networking, Email, Viruses, Spyware & Spam etc. or just general How do Iâ?¦ questions. Alternatively you can share your technical expertise to answer somebody elseâ??s question. By joining our free community you will have access to post topics as well as many other special features including Computer How to Tutorials & Tech Tips & Tricks. Registration is fast, simple and absolutely free so please, join us today See you in the forum. http://www.yocs.net/phpBB2/index.php Ye Olde Computer Shoppe "We fix PC's right over the Internet" Phone: 207-618-1966 Toll Free: 877-ASK-YOCS support@yocs.net www.yocs.net Tag: Logging Tag: 87980
  - 22
    - ESTA FA - Cuidado con cursos de CEH Estimados usuario del NewsGroup, Quisiera ponerlos en conocimiento de un hecho muy lamentable que se ha presentado en Argentina respecto al dictado de cursos de la certificacion Certified Ethical Hacker de EC Council. Existe una empresa llamada Security Consultant (www.securityc.com) perteneciente al Sr. Gustavo Rodolfo Sepulcri que es una ATC (Authorized Training Center) de EC Council y que hace tiempo esta promocionando los cursos "OFICIALES" de CEH (Certified Ethical Hacker). Esta empresa promociona los cursos como los oficiales , que incluyen los materiales oficiales y el voucher para rendir el examen . Tengan cuidado porque es toda una esta fa , si bien Gustavo Sepulcri es CEH y la empresa es un ATC autorizado , los cursos no son los oficiales , el material son fotocopias sueltas de diapositivas de powerpoint . Tambien, Gustavo Sepulcri, esta dictando estos cursos en Chile y Peru , asi que colegar latinoamericanos , tengan cuidado con este siniestro personaje. Ademas, me entere de que el Comite Etica de EC Council ha iniciado una investigacion debido a las denuncias en contra de Gustavo Sepulcri y a la violacion del codigo de etica del organismo , sin ir mas lejos , las personas que se han atrevido a denunciarlos sufrieron denegacion de servicio en sus servidores de correo e incluso la perdida de informacion al borrarse base de datos de sus servidores. Gran casualidad que de 4 personas que lo denunciaron , 3 reportaron incidentes de hackeos. Ademas , la empresa de este personaje , Security Consultant , dice tener varios partners : Security&Technology Magazine : el dueño es Gustavo Sepulcri IT Global Systems : el dueños es Gustavo Sepulcri ImpactoIT : no existe Security Consultants - Costa Atlántica : el telefono que aparece es el de un hostel en mar del plata O sea, el tipo es su propio partner , asi cualquiera se monta empresas fantasmas y se hace partener de si mismo , una truchada. Pero por favor, no se queden con mis dichos, si tiene algo de tiempo, verifiquen lo que les digo e investiguen a este estafador, es lamentable que por algunos $$$ se llegue a esto. Tag: Logging Tag: 87974
  - 23
    - McAfees HackerWatch Currently I am on a rolling subscription to McAfees VirusScan, nothing else, no SpamGuard, etc. But yesterday, some major upgrade took place and I found that HackerWatch, which I did not ask for, was installed. There is no mention of this service in their help files. This repeatedly tries to connect to the Internet and I am looking to disable/uninstall it. A bit of rummaging around shows - it is installed as a Windows Service on Automatic Startup - shows up as a O23 process (HiJackThis) - It is installed under $(SystemDrive)\Program Files\Common Files\McAfees Seems that the number of processes that McAfees run just to protect your PC these days is incredible. Does anyone know if McAfees run a news server? I was also not impressed in that in installing a new version of VirusScan, various files of the old version are still on the PC. Surely they should have been deleted? Stephen Howe Tag: Logging Tag: 87971
  - 24
    - Digital Signature and Private Key I require a digital signature and private key for uploading onto a router/gateway in order to provide ssl connectivity for the web interface of the gateway through which users will log on to gain access to the Internet. The digital signature has to have a "CRT" extension and the private key requires a "KEY" extension. I have been informed by the manufacturer that I need a Base64 encoded digital certificate, do I need any other information in order to create a valid digital certificate for use on the gateway? How can I do this using Windows Server 2003 SP1? Also, should I select Stand Alone CA or Enterprise CA when installing Digital Services on the Server itself? Users of the gateway will log on the gateway from a public LAN and the gateway will verify log on details via RADIUS using the Windows 2003 Server on a Private Network. Thank you for your assistance David Sharman Regional Computer Services Tag: Logging Tag: 87957
  - 25
    - incorrect google search The result of my quests is always so unlikely! I 've noticed that the search is slow in starting than usual as if something monitored my google. And then what I receive are strange websites never seen before. The pc seems to be clean after several antivirus scanning and antispyware. Who can help me? Tag: Logging Tag: 87950
- Next
  - 1
    - Renewal request for public cert on a Win2003 server w/o IIS installed I have a Windows 2003 Server running Live Communications Server 2005 and it uses a public Verisign certificate to secure Internet IM traffic. I need to renew the certificate as it is about to expire in a month, but I'm not sure how that works since I've only renewed certificates via IIS in Windows. Do I have to use the certutil.exe utility? If so, what would the syntax be? Tag: Logging Tag: 87945
  - 2
    - Disabled soldiers at Walter Reed are in need! Hello, For those people who feel this may be inappropriate, forgive me. I had an idea to donate my "airline miles" to a local disabed/discharged soldier so that per could take a trip to someplace like Vegas. I contacted Disabled American Veterans (DAV) to see if they could assist me with setting up housing and food. During my discussion with DAV in DC, I was told that many patients at Walter Reed Medical Center would like to go home for a visit but can't afford the plane fare. The DAV rep suggested that I give my miles (enough to buy two domestic tickets or one international ticket), to two patients. I immediately realized his wisdom. A patient returning home for a visit can do a lot for per.'s health. When the DAV can find a way to get the patient home (like someone donating miles or money to buy a ticket), the DAV will purchase baseball tickets, etc. so that the patient can enjoy activity with the family. Although the airlines have created programs like "miles for america", these miles cannot be used by Walter Reed. The airline company that I deal with said individuals would have to individually contact Walter Reed, get the name of a patient, and personally "cash-in" their miles to purchase that person a ticket. This is what I was planning on doing. Are other people willing to donate miles for these soldiers/patients? I think so. Listen, the act of donating miles to get soldiers home from the battle field is a great idea/cause. It benefits the solder, the soldiers family, and our nation. As a veteran, I appreciate this cause but I also realize these soldiers have other options. Since programs like "miles for soldiers" and "miles for america" exist, these soldiers will have some help in returning. Furthermore, the soldier can also take a "HOP". Granted, there is a wait time when taking a "HOP" but it is available. Personally, I would say most "active duty soldiers" would rather get a Walter Reed Patient home for a visit instead of taking the miles for their own visit. If you have some extra miles and would like to donate them, please consider a Walter Reed Patient. If you have some extra cash and would like to buy a ticket, please consider Walter Reed. If you have some pull in your corporation and suggest the idea to the "people of power", please consider Walter Reed Patients. Thanks for reading this post! Tag: Logging Tag: 87944
  - 3
    - Tracking software for laptop Is there a free or open source software package that will send the location or other info of a laptop if it's stolen? Any recommendations would be appreciated. Tag: Logging Tag: 87937
  - 4
    - Digital Signature and Private Key I require a digital signature and private key for uploading onto a router/gateway in order to provide ssl connectivity for the web interface of the gateway through which users will log on to gain access to the Internet. The digital signature has to have a "CRT" extension and the private key requires a "KEY" extension. I have been informed by the manufacturer that I need a Base64 encoded digital certificate, do I need any other information in order to create a valid digital certificate for use on the gateway? How can I do this using Windows Server 2003 SP1? Also, should I select Stand Alone CA or Enterprise CA when installing Digital Services on the Server itself? Users of the gateway will log on the gateway from a public LAN and the gateway will verify log on details via RADIUS using the Windows 2003 Server on a Private Network. Thank you for your assistance David Sharman Regional Computer Services Tag: Logging Tag: 87936
  - 5
    - Digital Signature and Private Key I require a digital signature and private key for uploading onto a router/gateway in order to provide ssl connectivity for the web interface of the gateway through which users will log on to gain access to the Internet. The digital signature has to have a "CRT" extension and the private key requires a "KEY" extension. I have been informed by the manufacturer that I need a Base64 encoded digital certificate, do I need any other information in order to create a valid digital certificate for use on the gateway? How can I do this using Windows Server 2003 SP1? Also, should I select Stand Alone CA or Enterprise CA when installing Digital Services on the Server itself? Users of the gateway will log on the gateway from a public LAN and the gateway will verify log on details via RADIUS using the Windows 2003 Server on a Private Network. Thank you for your assistance David Sharman Regional Computer Services Tag: Logging Tag: 87935
  - 6
    - cuidado con cursos de CEH en Security Consultant Estimados usuario del NewsGroup, Quisiera ponerlos en conocimiento de un hecho muy lamentable que se ha presentado en Argentina respecto al dictado de cursos de la certificacion Certified Ethical Hacker de EC Council. Existe una empresa llamada Security Consultant (www.securityc.com) perteneciente al Sr. Gustavo Rodolfo Sepulcri que es una ATC (Authorized Training Center) de EC Council y que hace tiempo esta promocionando los cursos "OFICIALES" de CEH (Certified Ethical Hacker). Esta empresa promociona los cursos como los oficiales , que incluyen los materiales oficiales y el voucher para rendir el examen . Tengan cuidado porque es toda una estada , si bien Gustavo Sepulcri es CEH y la empresa es un ATC autorizado , los cursos no son los oficiales , el material son fotocopias sueltas de diapositivas de powerpoint . Tambien, Gustavo Sepulcri, esta dictando estos cursos en Chile y Peru , asi que colegar latinoamericanos , tengan cuidado con este siniestro personaje. Ademas, me entere de que el Comite Etica de EC Council ha iniciado una investigacion debido a las denuncias en contra de Gustavo Sepulcri y a la violacion del codigo de etica del organismo , sin ir mas lejos , las personas que se han atrevido a denunciarlos sufrieron denegacion de servicio en sus servidores de correo e incluso la perdida de informacion al borrarse base de datos de sus servidores. Gran casualidad que de 4 personas que lo denunciaron , 3 reportaron incidentes de hackeos. Ademas , la empresa de este personaje , Security Consultant , dice tener varios partners : Security&Technology Magazine : el dueño es Gustavo Sepulcri IT Global Systems : el dueños es Gustavo Sepulcri ImpactoIT : no existe Security Consultants - Costa Atlántica : el telefono que aparece es el de un hostel en mar del plata O sea, el tipo es su propio partner , asi cualquiera se monta empresas fantasmas y se hace partener de si mismo , una truchada. Tag: Logging Tag: 87928
  - 7
    - 10 Immutable Laws of Security (http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true) Silj -- siljaline MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP Security Tools Updates http://aumha.net/viewforum.php?f=31 Reply to group, as return address is invalid that we may all benefit. Tag: Logging Tag: 87927
  - 8
    - WEBDAV OWA Access Had an odd login shown on our security device but not registered on our Exchange Server. An OWA access using WEBDAV and a user account (or system account) of schemas? Anyone have any info? Could this be a hole? Thanks, Mike Tag: Logging Tag: 87919
  - 9
    - Using windows explorer 7 e-mails won't display graphics or web lin I downloaded the beta edition of windows explorer and I use Goldmine as my e-mail link. When I open e-mails the text is displayed but no graphics and the web links may or may not work. Any suggestions as to how I fix this problem? Tag: Logging Tag: 87916
  - 10
    - infected message Since switching my pc on this evening, a yellow bubble keeps popping onto screen on bottom right saying that my computer is infected and that windows has detected spyware. I am using windows xp home and have norton 2006 and have scanned my pc with no results. What do I do to get rid of this annoying bubble and might I have an infection? I'm a complete novice with computers, any help appreciated. Tag: Logging Tag: 87911
  - 11
    - Downloads Required? Did a destructive recovery on a hp pavilion 511n - Windows XP Home. Am now receiving messages stating downloads are needed from the following sites: http://www.regpro32.com http://www.rinsepro.com http://www.registrycleanerxp.com http://www.msrepair.net and others. Are these valid microsoft sites or ???? -- Robert H. Tag: Logging Tag: 87910
  - 12
    - User account always locking out Where can I check to see if someone is trying to use the presidents logon account? His account is needing to be unlocked daily for the past week. Is this a sign of a hacker in our firewall? What can I do to check? I have looked on the logs on the servers, but I am not able to find anything in the logs. Tag: Logging Tag: 87908
  - 13
    - Firewall of windows and Firefox When i see video stream from websites the firewall of windows question for access to the internet to Firefox. ¿is't normal, no security issues? Tag: Logging Tag: 87907
  - 14
    - TweakUI and Security Hello All, I run a small network for the employee's social club of a large company which consisting of 1 Windows Server 2003 SP1 and several client computers running Windows XP Pro. The client computers are mainly provided for members of the social club to pass their downtime such as lunch breaks by surfing the Internet and thought to have been severely restricted using GP's so as to prevent modification of the client computer, networking and server systems and hopefully to assist in the prevention computer virus infection and the installation of illegal software. Members are also prevented from logging on to the local computer using GP. Restrictions thought to have been enforced include only granting members access to their own directories, the Intranet and the Internet and cannot see the local hard drives, all system control panels hidden except where only personal choice options are available such as selecting the autotype feature in Internet Explorer, no access to the command prompt , etc etc From what I can see their is no way to create new folders and store files on the local computer nor the ability to install unauthorised software but every so often when I scan the client hard drives they seem to doing exactly that! Of greatest concern is that during one of these scans I came across "TweakUI". I think I came across somewhere that TweakUI cannot be prevented from running on the local computers and that all you can do is ensure continueing refresh of the active directories group policies. My questions is; "What settings can I check are in place regarding the relevant GP's within AD to ensure TweakUI or any similar software cannot be used to break the integrity of the computer network?" Thanking you for your assistance David Sharman Regional Computer Services Tag: Logging Tag: 87906
  - 15
    - Creating a very limited user account to run a service Hi everybody. I've looked everywhere, I googled, I read windowssecurity.com, I found no information on how to do this :-(. So I have to ask for help: I want to run Subversion as a service on a Windows XP 64bit Pro machine. To do this, I use SrvAny.exe by Microsoft. I created a service that runs svnserve.exe (Subversion's server process). My problem is this: I want to create a user that svnserve.exe runs as that is restricted to read just the directory that contains my code repository, nothing else. The user can't login, can't open any files or anything outside of c:\repositories. I created an user-account called SVN (with password) using the Computer-Management MMC and didn't add it to any group, so that it doesn't inherit existing group-level permissions for "Users". Then I used the Local Security Policy Snap-In to give SVN the permission to "Logon as a Service". But this doesn't work as it seems that any process automatically is part of the Builtin\Users-group that, according to Sysinternal's ProcessExplorer, is "mandatory" (whatever that means). Users has Read/Execute rights on c:\ and these are inherited by c:\repositories. So while SVN might not be able to read or open files, any process started by SVN can... as far as I understand that. However, removing "Users" from c:\ and adding SVN to c:\repositories with "Full Control"-privileges interestingly removes SVN's ability to read or write files vom c:\repositories even though the user account has full control privileges... please help me, I have no idea how to do this. How do I create a user-account that has access to only one directory? (and additionally all libraries that are needed to run a Win32 executable, presumably read&execute access to c:\windows and c:\subversion) Thanks! -Jonas Tag: Logging Tag: 87905
  - 16
    - HELP We are looking to buy databases in the following industries * Pharmacy * Poker * Bingo * Casino * Sportsbook * Backgammon We will pay top $ for data Please contact albert_constantin@walla.com Thank you, Albert Tag: Logging Tag: 87900
  - 17
    - Network Cable Disconnection and Elevated Access We have discovered in my workplace (A School) that they students are unplugging the network cables as the students log on, this prevents the GP from been applied. This then allows them the browse the network, although they can only see visable shares which are not many but what did surprise me was that they could get access to the sysvol and where able not only to write to it but change permissions. This in turned stuffed up sysvol and forced me to do a authorative restore on it. Now the questions i have are 1. Whom or to what level are they been authenticated as 2. How can i prevent them from logging on if the GPOs are not applied. 3. And how do i do it in the way that won't affect the other users (teachers) who use the machine. Tag: Logging Tag: 87894
  - 18
    - ADVANCED IDENTIFICATION SYSTEMS 2006 AGENDA IS SET: The brochure for Advanced Identification Systems with Biometrics & Security 2006 has been set and is available for download at http://www.intertechusa.com/biometrics! Join your colleagues, customers, competitors, and government partners at 2006's premier event for identification! AIS 2006 will be held in Washington, DC on December 6-8, 2006 at the Crystal City DoubleTree Hotel and is expected to draw 300+ people and 25 exhibitors. If you invest in, integrate, engineer, or manufacture identification systems, solutions, products, or ID technology, or provide raw materials or electronic components to manufacturers, do not miss this conference! This conference is co-chaired by Terry Hartmann, Unisys; Grant Evans, A4 Vision; Scott Carr, Digimarc; and Benjamin Brink, U.S. Government Printing Office. Our distinguished list of contributing organizations includes: A4 Vision Accenture Animetrics AuthenTec BearingPoint Cisco Systems CA Cross Match Computer Sciences Corporation Digimarc FaceKey Gemalto International Association for Biometrics International Biometrics Industry Association International Biometric Group IBM Identix ImageWare Systems Infineon Technologies Microsoft Motorola NEC America Nortel Government Solutions Northrop Grumman IT Operational Research Consultants Panasonic System Solutions Philips Semiconductors Precise Biometrics Raytheon Sagem Defense Sagem Morpho Siemens Smart Card Alliance SRA International Sun Microsystems The Keyser Group Unisys US FBI US GPO US GSA US-VISIT Advanced Identification Systems 2006 is the leading international technical conference designed to break new ground in the discussion and advancement of identification systems, solutions, products, and document/ID technology by bringing together leading industry experts, government, investors, and technology-minded organizations. With the US Government alone spending $8 billion on identity systems and another $14 billion on secure ID systems (Stanford Research Group) and the market for biometrics exploding to more than $6 billion in the next 5 years, can your organization afford to miss this once-in-a-lifetime gathering of industry experts, brilliant technologists, and government officials? Spending on domestic security across all U.S. federal agencies is expected to reach $58 billion in fiscal 2007 - up from $16.8 billion in 2001, according to the Office of Management and Budget. Additionally, states and cities are annually contributing $20 billion to $30 billion more, Gartner Inc. estimates. This conference will address the challenges producers, purchasers, and users are facing in the development and deployment of identification and biometric solutions for government, law enforcement, security, transportation, telecommunications, high-tech and IT, financial services, retail commerce, and document/ID. Subject areas to be addressed include: civil, criminal, and consumer ID, physical access control, device/system access, surveillance, border control, passenger tracking, image processing, intelligent video, time & attendance, identity management, government initiatives, smart cards, document security, computer vision, interoperability, standards, privacy, algorithms, scalability & implementation, mobile ID, facial recognition, iris recognition, AFIS/live-scan, multi biometrics, sensors, token systems, 3D recognition, and much, much, MORE! Plus, make the most of your time in Washington, DC and sign up for our two three-hour pre-conference seminars, to be held December 6th - Seminar 1: Taking Biometrics into New Markets and Seminar 2: Biometric Sensors, Legacy Access Control Systems and Match On Card. Please check the conference website http://www.intertechusa.com/biometrics for details. Advanced Identification Systems 2006 is sponsored by Sagem Morpho, Inc., and brought to you in association with findbiometrics.com, International Biometric Group, International Biometric Industry Association, International Association for Biometrics, European Biometrics Forum, Biometric Watch, Biometrics Institute, Biometric Insight, Advanced Imaging Magazine, and Business International. The early bird registration expires October 27th, so register now and save $100! You can register online at http://www.intertechusa.com/biometrics, by fax: +1-207-781-2150, by telephone: USA +207-781-9622 or by email: syandell@intertechusa.com. Opportunities for exhibiting, sponsoring, and attending are available, however this conference is expected to sell out. Feel free to call Peter H. Cheesman directly at USA +207-781-9624 or pcheesman@intertechusa.com if you have any questions. See you this December in the security capital of the world, Washington, DC!!! ### Tag: Logging Tag: 87890
  - 19
    - Pirated software - to legal Is there a way to take the pirated software that a user might have on their computer and "legalize it" by paying Microsoft some money. What I mean is if I had a "friend" give me a "pirated" copy of software and I went to the update.microsoft.com website and it says that the copy is "Illegal" is there a way to get a "legal" copy, via a key or download or something, of which you will pay? I also wonder if you have a key on the side of your computer, but your hard drive is wiped out and you are not under warranty anymore, how you can get that "legal" copy to work, however, you don't have the right CD to install, such as an OEM. We have many Windows 2000 computers at my company that were legal at one time from IBM, and I wonder if they are "legal" anymore. I am fully aware that they are still "owned" by my company, but I see that users have these keys as well, for XP as well, and I wonder if they buy from, Dell, for instance and have that restoration CD that blows their system away and forces them to start from scratch. Well, if that is ALL that they have and someone discards the CD, is there a way to get the legal key to work without the CD!? Maybe by calling Microsoft or something? Thank you. Matt Tag: Logging Tag: 87884
  - 20
    - Digital Certificate "There are problems with the signature" Dear All, We are testing out Digital Certificates as a prelude to Secure Messaging with some of our Clients. We obtained individual certificates for ourselves (as there is not many of us) but started our Client on a Business account with a CA. After setting up one of their users we notice that most times their email is fine, but other times instead of the usual "rosette" there is a red line and the statement "There are problems with the signature. Click the signature button for details." The message in the Security Properties is "Error: The message contents may have been altered. Signed by sa@<client domain here>.com using RSA/SHA1 at 15:05:47 16/08/2006." As we use an external mail filter (so all our mail is scanned in transit) we believe that the scanning by our mail filter is causing the Digital Certificate to detect a modification (or attempt) and hence the error. My questions are: 1) Is the above assumption correct, and this is normal? 2) Is there anything that can be done to elimiate this (if caused by an external mail scanner perhaps not) 3)If we move to Secure Messaging where the email is encrypted and hence cannot be scanned by our mail filter, should I presume that the above error will not appear and that all will be OK (at least as much as it should be)? thanks ----- pbw Tag: Logging Tag: 87883
  - 21
    - What is Net Neutrality? "Congress is pushing a law that would abandon the Internet's First Amendment -- a principle called Network Neutrality that prevents companies like AT&T, Verizon and Comcast from deciding which Web sites work best for you -- based on what site pays them the most. If the public doesn't speak up now, our elected officials will cave to a multi-million dollar lobbying campaign." http://www.savetheinternet.com/ -- Imhotep Tag: Logging Tag: 87850
  - 22
    - Digital Signature and Private Key I require a digital signature and private key for uploading onto a router/gateway in order to provide ssl connectivity for the web interface of the gateway through which users will log on to gain access to the Internet. The digital signature has to have a "CRT" extension and the private key requires a "KEY" extension. How can I do this using Windows Server 2003 SP1? Users of the gateway will log on the gateway from a public LAN and the gateway will verify log on details via RADIUS using the Windows 2003 Server on a Private Network. Thank you for your assistance David Sharman Regional Computer Services Tag: Logging Tag: 87838
  - 23
    - unwanted history i've got an annoying problem @ the moment. whenever i delete cookies, delete files and clear history,theres always one site that still comes up on the address bar. i've physically looked in the neccessary folders but cannot seem to find the address anywhere in my computer. it only shows up on the address bar. i then clicked on the history button and did a search.the site/page came up.when i checked properties,it displayed: TYPE:INTERNET SHORTCUT. ive tried a few spyware programs but i still cannot delete this one history file. i'll paste the name of the address:http://www.whatboyswant.com/forum_read/2280223/1/. this address goes straight to a soccer forum page. i have no idea how to solve this problem. can anybody help? -- kompewter illiterat Tag: Logging Tag: 87832
  - 24
    - load error with xp pro I use an OEM xp pro on my laptop. Yesterday when I started my computwer I got the following message on a black screen: Load ERROR! Press any key to reboot... When I follow the instruction I get the same message. I have a recovery CD but from this the only oportunity I get is to reinstall XP AND i would like to awoid that as my last backup is two days old and there are some files I havent saved. Please help. GM Tag: Logging Tag: 87825
  - 25
    - Windows Information Toolbar The new security feature in Windows XP Service Pack 2 (SP2), the information toolbar, used to appear. It has suddenly stopped appearing. How do I turn it on again? Denise Tag: Logging Tag: 87801

I was curious if there is a way to log every file and folder change by every
user. I have users deleting files and I wan't to know who is doing it. I
don't want to change the security permissions, I just want to see who is
deleting files and when.

Thanks

Top

Re: Logging by Steven

Steven
Thu Sep 14 18:46:07 CDT 2006

You can do that but you don't want to as it can severely bog the computer
down with all that logging. You can however audit specific folders for
deletion permissions for success. First you need to enable auditing of
object access on the computer that has the files in Local Security Policy or
whatever Group Policy is enforcing auditing, then audit the folder for ONLY
the users/groups and permissions you want to audit. Avoid auditing read and
list if possible as you want to minimize the object access events in the
security log which will be very substantial. Increase the size of the
security log to like 50MB. To help sort through all the object access events
use Event Comb from Microsoft that allows you to search for specific event
IDs and text strings such as file names and delete, etc. The links below may
be helpful.

Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://www.microsoft.com/technet/security/topics/auditingandmonitoring/securitymonitoring/smpgch02.mspx
--- info on Event Comb

"CJ" <CJ@discussions.microsoft.com> wrote in message
news:65FDB919-CB1F-4AEC-8CBB-4F24A684EDA1@microsoft.com...
>I was curious if there is a way to log every file and folder change by
>every
> user. I have users deleting files and I wan't to know who is doing it. I
> don't want to change the security permissions, I just want to see who is
> deleting files and when.
>
> Thanks

Top