Questions about CDP an AIA distribution points

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - HELLO HIYA -- \m/ O_O \m/ Laura..... :) Liverpool, England Tag: Questions about CDP an AIA distribution points Tag: 86057
  - 2
    - Forcing XP Clients to use NTLM instead of Kerberos Authentication Howdy We are in the middle of an in-place upgrade from NT4 to Windows 2003 SP1 AD. We are using the NT4Emulator key as a transitional step to prevent Windows XP SP1 clients from using Kerberos for a range of reasons. We are about to neutralize all machines in our upgraded domain which will mean that all clients will begin to use Kerberos once their secure channels are reset. We have chosen this method over simply removing NT4Emulator as it gives us a better back-out option (i.e. we can selectively back out machines from Keberos without having rejoin the whole fleet to the domain). My question is - once we remove the Emulator keys from the Domain Controllers and all the clients are using Kerberos, is there any way we can force the clients to use NTLM? The reason I ask is that we are concerned that Kerberos may break some of our key applications and would like to ensure that once the emulator is removed, we have an alternative to revert to NTLM without rejoining everything to the domain. Regards, DB [Note: This is a cross post as the topic was noted as less applicable in the Windows XP Security newsgroup] Tag: Questions about CDP an AIA distribution points Tag: 86047
  - 3
    - firewalls vs. wireless Hi. I have a McAfee firewall 6.0, but even if you don't have this particular firewall you might be able to answer my question. You can also consider this a question about firewalls in general. My configuration: wall socket from cable company, from there a cable to my cable modem, from there a cable to my router, from router to adapter on computer in different room a wireless connection, WPA-PSK security. No other devices in network. What is the place of the firewall in the configuration ? WHAT I'D REALLY LIKE TO KNOW IS IF ANY (INCOMING) DATA THAT GOES THROUGH THE ADAPTER ON THE COMPUTER, WILL AFTER THAT WILL HAVE TO GO THROUGH THE FIREWALL. Or is it possible to connect wirelessly to my computer without having to go through the firewall ? (wl-143 sitecom router and wl-142 adapter) Please ignore the issue about WPA-PSK security. Thank you. Tag: Questions about CDP an AIA distribution points Tag: 86042
  - 4
    - FTP and it's security Gurus, Everyone knows that FTP is inherently insecure. What with it's passwords sent in clear text and the un-encrypted data stream. But what about using a program like WinZip to encrypt the data that is being FTP'd? Wouldn't that meet today's security standards, especially in a situation where an FTP hosts only accepts data from a certain IP address? We have a government manager who says FTP is insecure and wants to implement an SSH solution. I say we have no time to do that an that WinZip encrypting the documents being FTP'd out are good enough. I don't need more work I am already busy enough. -- Spin Tag: Questions about CDP an AIA distribution points Tag: 86041
  - 5
    - How to clean AD from enterprise certification authority I noticed that somebody played with C.A. and removed th autority but there is still some traces in the configuration partition in AD. Can I safely remove it with ADSIEDIT or is there more precautions and cleanup to do. Thanks Tag: Questions about CDP an AIA distribution points Tag: 86038
  - 6
    - Enrollment agent cannot enroll on behalf of a user... Hello, I've got an enterprise certificate authority. When I try to request a certificate on behalf of a user the root certificat authority is not retreived nor shown in the web page. IT as worked... I get an error in the server event log : Active Server Page Id 5 "The Template Persistent Cache initialization failed for Application Pool 'Application_Pool_Name' because of the following error: Could not create a Disk Cache Sub-directory for the Application Pool" A client can successfully request a certificate from the webpage. I checked a lot of things but cannot find the problem! Thanks for your help Tag: Questions about CDP an AIA distribution points Tag: 86036
  - 7
    - QoS??? What Quality of service (QoS) will we worsen, if we use a more rigorous detection system of intruders? thnaks Tag: Questions about CDP an AIA distribution points Tag: 86027
  - 8
    - How to create a LDAP service account user and assign permissions I want to setup an account in AD that allows some third-party systems to query the AD using LDAP or secure LDAP to validate users credentials. We have systems like WebSense that need to use a special LDAP account that has rights to validate users ID and passwords before they are allowed access to the Internet. How to I get this to work? Tag: Questions about CDP an AIA distribution points Tag: 86022
  - 9
    - BLOCK SKYPE Skype can be blocked in ISA 2004 if you allow only AUTHENTICATED USERS instead of ALL USERS, this will allow authentications methods which Skype is unable to overpass..... I have tried and Works!!!!!! Tag: Questions about CDP an AIA distribution points Tag: 86018
  - 10
    - CRL CDP LDAP question... Is there a tool that will validate/fetch a CRL via a LDAP distribution point? A windows tool would be ideal. But I'll take anything. Thanks in advance Tag: Questions about CDP an AIA distribution points Tag: 86017
  - 11
    - Windows Defender nor running scheduled scans I recently installed Defender beta 2 and scheduled it to run at 2am every morning but it will not run. Does any1 know how to fix this. Is ther a solution wher are all the so called experts????????? Is any1 else experiencing the same thing Tag: Questions about CDP an AIA distribution points Tag: 86016
  - 12
    - permanent solution to viruses Did you ever wonder....do antivirus companies genuinely hope that hackers will have a change of heart and stop trying to infect other people's computers? That's obviously not the case. For the antivirus companies, such as Norton, a reduction in number of hackers/viruses would cause their business to fail. Norton, like law-enforcement, THRIVE BECAUSE of the bad things that people do. This in and of itself is not a bad thing. But now I'm gonna show you my point. If you found out that by sitting at your computer for a mere 5 minutes a day, you could generate thousands of dollars in revenue for your company each month, would you do it? Of course you would. What business owner would take steps to make sure she MISSES OUT on this money-making opportunity? Well now... if companies like Norton thrive on the existece of hackers (sort of like Satan, who is responsible for keeping the church in business), then what exactly would prevent the stock-owners of that company from hiring anonymous geeks to spread new viruses, thus ensuring Norton will be continually needed in the future by ignorant poeple who shore don't want any viruses? Perhaps you are familier with CPS (Child Protective Services). Know what happens if the reps they hire go too easy on the families accused of crimes against children? They ensure that their local CPS office will have progressively less and less work, and eventually ensure the future loss of their job. How can they avoid this? By turning mountains into molehills. If your child falsely accuses you of abusing them, you can be sure CPS will justify their continued future employment by dragging you through the courts, threatening to take away your child if you don't conform, or threating not to give the child back. Wow, ain't nothing like drumming up business for yourself which guarantees your own employment security, amen? This CPS thing is an analogy to the antivirus companies. In short, the very idea that they truly wish all hacker would come to know Jesus and stop this virus stuff immediately is ridiculous. It doesn't take a rocket scientist to figure out that IF companies like Norton secretly hire hacker to continually infest the internet with ever-new viruses, they assure themselves a very prosperous future in that business. The analogies are endless. Suppose a cop gets a mean talk from his Sergent for not fulfilling his monthly quota of arrests? Being in the privileged position he is in, what could he do to make his boss very happy? You guessed it, start arresting people more often when he otherwise would let the issue die with just a warning. Speeding tickets are so easy. If his boss says he ain't giving out the full quota expected, he can just start pulling people over for doing 60 in a 50 mph zone, instead of waiting to zap the 70 mph speeder. Hell, why not carry a little cocaine around in a plastic bag on the job (whose gonna frisk a cop?), and the next time he's called to the scene of a relatively calm situation, he can request to search the car, or have it towed away then searched if they don't comply (guaranteeing the driver will allow the search), and he can plant his cocaine on the guy, and be the hero of the day back at the cop shop. Think about it....that cop will lose his house and credit cards and probably his family if we all started obeying the laws of the land like paranoid monks. It should now be as clear to you as the sun on a cloudless day at noon....that antivirus companies can be fully expected to guarantee humanity will need them in the future by spreading newer and newer virus threats themselves. Now that the sermon is over, you don't need antivirus software to stay safe from the onslaught of online hackers. All you need are two hard drives and one copy of Norton Ghost. Use one hard drive for your operating system. Use the other for storage only. Run Norton Ghost and make a back up of your operating system before you surf the internet. Now surf all you please. If your computer starts manifesting symptoms of spyware/virus infection, such as slowing down, acting inconsistent... simply run Norton Ghost and tell it to replace your current operating system with the pristine back up copy. Now you've surfed where you wanted, and it only took 5 minutes of Ghost Restore to put your computer back in perfectly clean top running shape. Now unless you only surf hacker/porn/illegal/cracks type websites, you should be able to access your hotmail, yahoo, use google to search and click on the search hits, for at least a month before you find it necessary to run Ghost and restore your computer. Personally, I have my computer set up to automatically run Ghost every night after I go to bed. I am greeted in the morning by one beautiful woman and one very clean and virus-free computer. The only sacrifice you have to make is that whatever you download from the internet or save from cd-rom, must be placed on the second hard dive, where the Ghost back up files are. Cuz if you just download stuff to your desktop, theywill all be wiped out with everything else as soon as you run the ghost restore. I haven't used virus protection for the last three years, and yet I surf the internet sometimes up to 10 hours a day (I'm retired, I hope you get something more out of this post than the mere shock that other poeple have no kids and more time than you. Here's a parting thought: You realize that you have to download ANTI-virus definitions, so that you antivirus software knows what to look for to disinfect your computer, right? Those antivirus definitions, though small, are nevertheless all necessary to make sure your computer doesn't get infected by any of the thousands of viruses that are out there now, and that have been around since 1996. Ever wonder how much space those definitions are gonna take up on your hard drive after 10 years goes by? In the year 2016, you will all probably need an extra 200 gig hard drive just to hold all the anti-virus definitions that will be necessary to keep up with 10 years of new viruses! But don't worry...I'm sure Norton and Microsoft will figure out a way to get you those extra hard drives real cheap. Ain't that just sweet of them? I never wait around to hear you say thanks. I KNOW you are thankful that my parents met each other. Just look down whenever I walk by and we won't have any mess, kapeesh? Tag: Questions about CDP an AIA distribution points Tag: 86010
  - 13
    - Question regarding Cryptographic Hash ... Sorry for posting this purely theoritical question in this forum. Members may say that this question better suited to be posted in any other newsgroups. Since, I am not clear where exactly to post this question, and this forum also deals with security, I have posted it here. With a thought, that many members must be knowing in details of Hashing algorithm they use, here goes the question: I was asked a question in B-Level exams for Network security. Long after 6 months, the question still remain unanswered to me. I am very interested for getting answer for this question. Can you please elaborate on this ? ------------------- Consider the random cipher model with random variables M, C and K for plain text, cipher text and key, respectively. Give an interpretation in cryptographic terms of this equation: H(M,C) = H(M) + H(C) Also specify an example of a cryptosystem, which has this property. ------------------- As far as I know, this is computing Hash of M and C separately and cancatinating them. Also, it claims that when a Hash is computed with M and C (combined), it is same as the cancatination. Is it possible given the rules of strong hash functions? Anyway, the above was my Interpretation, please let me know the Experts comments on this. Thanks, *(Vipul)() ; Tag: Questions about CDP an AIA distribution points Tag: 86009
  - 14
    - Security Updates BOOCOOP@HOTMAIL.com Why does my computer log off several times a day? I get the message "windows has currently dowloaded and installed an important security update......." Tag: Questions about CDP an AIA distribution points Tag: 86004
  - 15
    - How to restrict users to access web pages all exept one Hi, I should set up a computer to a stand. How could I simply restrict users to freely browse the internet - all except the one site that we would want? Internet options seem to have very little tools for that. Should I really buy an extra software for that purpose? TIA, Mika Tag: Questions about CDP an AIA distribution points Tag: 85993
  - 16
    - The Oscarbot.IV, Peerbot.B and Netsad.B worms Oscarbot.IV is a worm that opens several communication ports on infected computers, allowing attackers to access the system remotely. It also drops the Protestor.A Trojan on the system, which can capture screenshots and steal user data. Oscarbot.IV spreads via America On Line Instant Messenger, sending messages to all active user contacts. When run, it is installed on the system as a service called "Windows Genuine Advantage Validation Notification", trying to pass itself off as a Microsoft antipiracy service and ensuring it is run on every system startup. Peerbot.B can open a backdoor to receive commands from an attacker via IRC. It can also steal data from SQL Server or Mysql databases on the computer, which it then sends out via email. When run, the worm creates several files on the system, such as Taskdrv.exe (a copy of the worm itself) and Libmysql.dll, a library belonging to the Mysql database. Peerbot.B can spread using email or P2P file-sharing programs. It creates numerous files in the shared folders in P2P programs under names that refer to cracks for well-known applications and games. When other users of the P2P program run a search, they could find the infected files of the initial victim among the results. To avoid detection, Peerbot.B terminates a long list of processes related mainly with security tools, firewalls or even other malware. It also modifies the hosts file to block access to web pages related with security products. Netsad.B is a worm that spreads as an email attachment, using messages such as "sharing files is the essence of living". It also uses several P2P applications, including Kazaa or Emule, creating copies of itself in shared folders so that it can be downloaded by other users. Netsad.B can only operate if the computer has Microsoft .NET framework 2.0. When run, it creates a copy of itself called winservices.cab.bak.exe in the Windows system folder. It also creates copies of itself with a variety of names, including some related to antiviruses, in the other system drives. In order to remain hidden, the worm terminates a series of security-related processes, leaving the computer vulnerable to further attack. Tag: Questions about CDP an AIA distribution points Tag: 85990
  - 17
    - AD Security reporting tool Dears; How I can get a reporting tool for w2k give me whole details of users security informations and permitions on all the active directory? Tag: Questions about CDP an AIA distribution points Tag: 85989
  - 18
    - Monitoring Servers Hey guys, I've been a lurker here for a while, but I need some specific answers on this one. I have a network with about 14 windows 2003 servers, Exchange 2003, and also host two website in house. We have a PIX firewall and an IDS System on the outside of the PIX. But I really need a good solution for securing and monitoring our servers and network. right now I really have no way of telling if someone has gotten in to our network.Can someone give me some ideas? thats for all the help L Smith Tag: Questions about CDP an AIA distribution points Tag: 85987
  - 19
    - Securing a Mobile 5 Device Hello all, I am cross posting to Security and SBS since we are an MSBS with our M5 devices connecting to SBS environments. We are migrating our organization, and subsequently clients, from Palm to M5 devices. On the Palm, we have an easy to manage encryption software package that encrypts data on the device and on the SD card. Is there anything out there that is reasonably priced for small business that is similar in its abilities? We are looking to encrypt the Outlook data on the M5 device itself, since it contains sensitive information... The remote wipe will not work if the unit is in a faraday cage or in some way radio isolated. It also will not take care of the data on any media cards inserted in the M5 device. We are also looking to encrypt the contents of the media cards. Any help pointing us in the right direction is greatly appreciated! Thanks, Philip Elder MSBS Tag: Questions about CDP an AIA distribution points Tag: 85986
  - 20
    - Invalid Digital Signature in Certificate Dear All, I have a digital certificate which when opened (double-clicking) with Windows 2000 Professional or Windows XP shows the following error message "The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered" The same certificates opens up without any such error in Windows 98/Windows NT machines. Is this any Patch problem ? If yes, Please let me know which patch has to be applied? Tag: Questions about CDP an AIA distribution points Tag: 85985
  - 21
    - Problems with SQL Server after installing security updates Hello I have SQL server with service pack2, and i just installed the hotfix for the worm which came out few weeks back, after installing the fix i am unable to connect to my local SQL server, though am able to connect to remote SQL server instances, but when i try and connect to the local SQL server, the whole thing just freezes... Tag: Questions about CDP an AIA distribution points Tag: 85980
  - 22
    - two-factor authentication for both local and remote login Can anyone here suggest a solution for two-factor authentication (e.g., password and USB key) that would work both for normal Windows login (i.e., user is sitting at PC) *and* for remote login via Remote Desktop (or some equivalent remote access solution)? The solution must support the *same* two-factor method for *both* kinds of access. Cheers, James Tag: Questions about CDP an AIA distribution points Tag: 85978
  - 23
    - Local Certificate Authority Server Hello I have configured an enterprise Certificate Authority Server that will issue each email user a USER Certificate for Digital Signature purposes. On our internal email with digitally signed mail we can read the email but when I mail a free mail servers like yahoo or gmail the message is place on a smime.p7m file. How can our local CA server be trusted? Tag: Questions about CDP an AIA distribution points Tag: 85974
  - 24
    - Computer(s) keep trying to crash on me. It seemed to start about 6 months after I bought a new computer from infotech. It is running XP pro, has an MSI motherboard and cable modem. I was running Defender antivirus and firewall, but someone was able to disable the firewall and antivirus (from a remote location) without me noticing. I usually turn the computer off at night, or if I won't be using it for a while, but evidently the computer doesn't need to be on to access it remotely. Anyway, I turned it on one morning and noticed the display was different, the mouse and keyboard both had their drivers removed and all my email was gone. Shortly after that you could hear the harddrive running like crazy. I assumed it was a virus, so i tried going into msconfig to turn most of the stuff off. I noticed windows explorer was running, along with remote desktop and a few other web-publishing programs most of which I have never used. When I attempted to restart the computer, all I got was a "no operating system found" error. I have lots more info, but no time right now to go into detail. If anyone has had a similar problem or has any suggestions, I would appreciate it. Thanks!!!! Tag: Questions about CDP an AIA distribution points Tag: 85970
  - 25
    - CA store Windows has a Certificate store Manager; Tools>Options|Content tab and click [certificates]. There are [import and export] and [Advanced] buttons. How do I get an CA digital ID out of there for use in email. Why is this a problem for users when seeking digital ID for encryption algorithms of work data? Tag: Questions about CDP an AIA distribution points Tag: 85968
- Next
  - 1
    - Permissions I need help here. I have a SBS2003 network with a member server running Windows 2003 Server. I have setup volumes on the machine, i.e. H, T, V drive etc... Now, what I have done is I have shared out these volumes, e.g. T drive with the Share to have Everyone=Read. The Security tab also has the same, Everyone=Read. Now, a user has setup a folder in T drive (called EEE) and shared this as well. This time, the share permissions are for that user only=Full Control, and in the security tab that user is set to=Full Control. Via Network Neighbourhood>Windows Network>etc... the user can paste into the subfolder in T drive (shared as EEE) with no problem, but when he goes through machinename\T\EEE he is unable to. He does not understand the fact that right-clicking the EEE folder has the same permissions (i.e. Full Control is greyed out) but going in via the correct share he will have different rights. He believes that no matter what, that user has the same permissions via any share he goes through on T drive - i.e. T or EEE. Furthermore, I need to understand the logic myself before I speak to him, so please can someone make me understand this. Thanks, S Tag: Questions about CDP an AIA distribution points Tag: 85962
  - 2
    - Excel Attempts to contact Akamai.com every time it's started Can anyone tell me why Excel (2002) has just recently started to try to contact akamai.com every time I start it (Excel) up (I know this because my Firewall intercepts the attempt) and how I can stop it from doing so Tag: Questions about CDP an AIA distribution points Tag: 85960
  - 3
    - Hotmail Hacked Hello, My other hotmail account was hacked and consequently money stolen from my paypal account. How can I contact hotmail to tell them this and have them close my account? Lucas Tag: Questions about CDP an AIA distribution points Tag: 85953
  - 4
    - looking for a suitable proxy Hi. I've posted about proxy's before, but now I know better what and how I want to protect myself. Using security services that have a very high security, such as those that send heavily encrypted data, can be counterproductive and attract attention, because someone who would use one of those would probably have something to hide. Wouldn't the NSA or the Israelities/israelies (?) be interested ? I'm just looking for a secure proxy, without taking extreme measures with regard to security. A proxy service through which a lot of traffic would go would be good, I'm less likely to be noticed that way. In the first place I want to protect myself against criminals, hackers, nosy people, organizations and yes, I don't want Big Brother (the state) looking over my shoulder. A proxy in control by a non-profit organization or some other organization that would fight for my privacy, even if pressed by law or security officials or advanced social engineering, would probably be good. Is more anonymity better ? I wonder in which Homeland Security would be interested ... Also important is speed. Often, proxies slow down speed, and I'm using a broadband connection. Essentially my computer name AND IP are static, would proxies hide them ? I know you can't get 100% anonymity, but that's ok. What about www.the-cloak.com ? I live in Western Europe. Any recommendations ? Thank you. Tag: Questions about CDP an AIA distribution points Tag: 85950
  - 5
    - Permissions Removed from Folders Mr. Sanders, is correct. You would need to take ownership of the folder/files and then assign the desired permissions. Tag: Questions about CDP an AIA distribution points Tag: 85947
  - 6
    - SSL/TLS & renegotiation and Internet Explorer Dear All, I am working on my own server that supports SSL, both with and without client authentication. I am in the process of implementing a feature which allows the server to prompt the user to provide his digital certificate whenever he tries to access a resource that requires client authentication. So whenever i get a request for such a Page then my server sends a SSL HelloRequest to the Client thus initiating a SSL renegotiation. The server caches the HTTP request in its Session buffer before it initiates the renegotiation. So, the client re-initiates the handshake by sending the 'client-hello' packet (encrypted with the session key negotiated in the previous session) and the server reciprocates with the serverhello, server cert, client cert request and server hello done packets, all encrypted with the older session key. At this stage, IE closes the connection with the server and prompts the client to choose his digital certificate. When the client chooses the certificate it re-initiates the handshake, establishes a new connection and then starts the handshake process again with the 'client-hello' packet. Now, at this stage I am not sure how to link up the old SSL session and the new SSL session on the server side. Actually I have to forward the HTTP request to another backend server, get the response and forward it to the IE client. My question is how do i link the old and new sessions that i have established with the Internet Explorer. Is there anything that will be common between the two sessions Any help on this would be greatly appreciated. Regards Tag: Questions about CDP an AIA distribution points Tag: 85946
  - 7
    - All permissions removed from folders One of my customers has removed all groups and all permissions from several folders on a Small business Systems 2000 Server. So far all attempts to regain any kind of access or control have failed. Is there any way at all, or perhaps a tool of some kind, that would allow me to manually assign Administrator rights to these directories? Tag: Questions about CDP an AIA distribution points Tag: 85944
  - 8
    - Essentials of Biometrics Training Course Essentials of Biometrics" is set at an introductory level and requires no previous specialist knowledge of Biometrics. The main focus of this course is on:- Raising awareness and understanding of the Biometrics technology in layman's terminology. Providing a comprehensive understanding of the different Biometric technologies. Highlighting the key considerations for implementing a Biometric solution within a security system. Providing an overview of current Government and private sector applications. This course will be useful for managers, senior management, security consultants and anyone who needs a general understanding of Biometrics. By the end of this course the delegates will: Gain an up to date basic knowledge of the Biometrics technology Gain a view of how Biometric applications can best be implemented Understand the factors affecting the performance of a Biometric application Appreciate the social and ethical issues Learn how governments and private sector areas are adopting the technology Availability: July 25th 2006 Fully Booked August 22nd 2006 Fully Booked September 26th 2006 Spaces Available November 7th 2006 Spaces Available November 28th 2006 Spaces Available A synopsis of the course can be found at www.identitysolutions.uk.com/training.html Tag: Questions about CDP an AIA distribution points Tag: 85934
  - 9
    - 'C:\Windows\System32' window pop up at startup Hi, When I start up Windows XP, folder 'C:\Windows\System32' always pops up. I following the suggestions from some articles, and created the following message. Could anyone suggestion how should I proceed? Thank you very much! Key Name: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Class Name: <NO CLASS> Last Write Time: 7/5/2006 - 8:32 AM Value 0 Name: MSMSGS Type: REG_SZ Data: "C:\Program Files\Messenger\msmsgs.exe" /background Value 1 Name: ctfmon.exe Type: REG_SZ Data: C:\WINDOWS\system32\ctfmon.exe Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Class Name: <NO CLASS> Last Write Time: 7/4/2006 - 11:21 PM Value 0 Name: ATIModeChange Type: REG_SZ Data: Ati2mdxx.exe Value 1 Name: SynTPLpr Type: REG_SZ Data: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe Value 2 Name: SynTPEnh Type: REG_SZ Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Value 3 Name: QCTRAY Type: REG_SZ Data: C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE Value 4 Name: QCWLICON Type: REG_SZ Data: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE Value 5 Name: BMMGAG Type: REG_SZ Data: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor Value 6 Name: TPTRAY Type: REG_SZ Data: C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE Value 7 Name: TP4EX Type: REG_SZ Data: tp4ex.exe Value 8 Name: TPHOTKEY Type: REG_SZ Data: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe Value 9 Name: NPDTray Type: REG_SZ Data: C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe Value 10 Name: AGRSMMSG Type: REG_SZ Data: AGRSMMSG.exe Value 11 Name: UC_SMB Type: REG_SZ Data: Value 12 Name: Tgcmd Type: REG_SZ Data: "C:\Program Files\Support.com\bin\tgcmd.exe /server" Value 13 Name: OfficeScanNT Monitor Type: REG_SZ Data: -HideWindow Value 14 Name: SunJavaUpdateSched Type: REG_SZ Data: C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe Value 15 Name: AVG7_CC Type: REG_SZ Data: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents Class Name: <NO CLASS> Last Write Time: 7/2/2006 - 8:20 PM Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL Class Name: <NO CLASS> Last Write Time: 7/2/2006 - 8:20 PM Value 0 Name: Installed Type: REG_SZ Data: 1 Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI Class Name: <NO CLASS> Last Write Time: 7/2/2006 - 8:20 PM Value 0 Name: Installed Type: REG_SZ Data: 1 Value 1 Name: NoChange Type: REG_SZ Data: 1 Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS Class Name: <NO CLASS> Last Write Time: 7/2/2006 - 8:20 PM Value 0 Name: Installed Type: REG_SZ Data: 1 Tag: Questions about CDP an AIA distribution points Tag: 85927
  - 10
    - I just don't get it??How to remove threats? Someone please help.For the last couple of months everytime I scan my pc for threats it finds 6 and then there's no option to remove them what do I do I've got norton antivirus and I'm completely lost as to what I do -- Many thanks Zowie Tag: Questions about CDP an AIA distribution points Tag: 85922
  - 11
    - Password safe/vault Hi all, Can anyone recommend a password safe/vault that uses AD authentication? I want to be able to use AD groups to control who has access to the safe and hopefully restrict access to certain password groups. e.g. the logged in user can only access the SQL passwords; another can access only exchange passwords; etc. Does anyone know of products I should avoid? Have you used the product you've suggested in a commercial environment? Did you eval a bunch of products and decide on one? What made you purchase that product over the others available? Of course I'm not expecting answers to all these questions. I just need an idea of what you guys have experienced with this type of product. Thanks, Scott Tag: Questions about CDP an AIA distribution points Tag: 85920
  - 12
    - Need to protect your network from ALL unknown devices, not just USB? Dear All, With rapid advancements in network connectivity such as USB, Bluetooth, WiFi, Firewire etc. and the multitude of peripheral devices available, as you are aware organisations like yourselves have a constant battle against data being stolen or leaked through 'honest mistakes'. Antidote Security Ltd are partnered with SecureWave Ltd whose Sanctuary Suite employs the White List - "Default Deny" approach, which is a proven, positive security model and fast becoming the industry standard. Sanctuary Device Control provides an essential platform to develop, administer and enforce effective granular policies for the safe use of removable devices. Along with detailed auditing and reporting, this solution protects both PC's and servers alike, enabling you to control which devices can be used by whom, when and how! SecureWave customers include, Barclays Bank, Norwich Union, Bank of Tokyo-Mitsubishi, Inland Revenue, Egg, Unisys, Fujitsu, Royal Navy, M.O.D., Metropolitan Police (+ 9 other police forces), PITO, Home Office, Hampshire County Council, Cabinet Office and others. Benefits: a.. Security - Control over what enters and leaves the organisation b.. Confidentiality - Prevent use of unauthorised end user devices c.. Legal - Ensures regulatory compliance d.. Productivity - Lower IT operating costs and improved IT management efficiency e.. Administration is straightforward with a 3-click operation to assign/remove permissions f.. Full auditing of user & administration actions is provided After rigorous testing by the UK Government's Cabinet Office (www.cabinetoffice.gov.uk/csia), Sanctuary has was awarded the CSIA - Claims Tested seal of approval, proving this solution does indeed do what it claims - which is a great accolade to place alongside it's other certifications. Please feel free to download a FREE 30-day evaluation (http://www.securewave.com/public_request_partner.jsp?id=33271) or for further, please forward an email to info@antidotesecurity.co.uk Best Regards Mark Smith Managing Director - Antidote Security Ltd Tag: Questions about CDP an AIA distribution points Tag: 85915
  - 13
    - Outlook 2003 + Can't Publish to GAL We're using several Verisign Digital ID's in our company network. Previously i was able to install new private keys then publish to GAL, but now this doesn't work any longer. I get the following message when i press Tools->Options->Security->Publish to GAL Microsoft Office Outlook was unable to publish your certificates. The server may be offline or your certificates may be invalid. Contact your administrator if the problem persists. On some other machines this works fine. They also have a verisign digital ID. Who can help me with this pleeeaase? Tag: Questions about CDP an AIA distribution points Tag: 85913
  - 14
    - stop ie error message it happens when i go into yahoo chess game site can anyone tellme what going on when ie give me a error message then reboot my computer? Tag: Questions about CDP an AIA distribution points Tag: 85904
  - 15
    - Partial profiles appearing on W2K GC A handful of partial profiles have appeared on a client's W2K GC in the "documents and settings" directory. The profiles belong to user accounts that are NOT administrator accounts. The profiles only have three subdirectories instead of the customary twelve subdirectories. The three directories are "Application Data", "Cookies" and "Local Settings". NTUSER.DAT, ntuser.dat.log, and ntuser.ini are also created. It is my understanding that user profiles should only appear on a W2K GC in the "Documents and Settings" directory as a result of a user logging on from the server keyboard, or by an administrator logging in via Terminal Services (which is in admin mode). Windows Update and the client's third party patch management software both report the server as fully patched. 1) Is there any legitimate way that a non-admin user could create a profile on the server? 2) If the profiles were created by a user using an exploit to elevate their privileges via Terminal Services, how would you manually check to see that the appropriate TS patches were actually fully installed? Thank you Tag: Questions about CDP an AIA distribution points Tag: 85903
  - 16
    - Utlility to display alternate identity in Window bar? Hi all: I might have dreamed this, but I'm wondering if anyone has seen a utilty or add-on patch that cuases the the identity of the user to be displayed in the title bar of a window. The app I seem to recall seing displayed this info (logged in user) near the resize/close buttons. This was useful for running with lowest privilidge, but using "Run As" to run utilities, etc. with alternate credentials. Any ideas what I saw or where? Thanks, d. Tag: Questions about CDP an AIA distribution points Tag: 85899
  - 17
    - Attachment Manager Problem in Windows 2003 Hi The attachment manager in Windows 2003 is not futioning properly or im not setting it up correctly. Please advice me how to make it working properly with in the GPO. as i noticed its functioning only to the hotmail.com/msn.com/hotmail.co.uk ... All microsoft related sites. but attachments are functioning in Gmail,Rediffmail,Yahoo & all external Sites. Whom do i need to contact regarding this issue. Please reply me at the earliest to kurunji@yahoo.com Thanks & Regards Kurunji Tag: Questions about CDP an AIA distribution points Tag: 85895
  - 18
    - View content of PKCS#12 file (.pfx) How can I view content of PKCS#12 file? I don't want to install its certs, but only to view content (list all certs). Tag: Questions about CDP an AIA distribution points Tag: 85894
  - 19
    - Can't remove Windows Defender Windows Defender generated an error. Tried to remove Defender from control panel, would not uninstall. When trying to reinstall another error generated " you must remove installed version first". Started PC in safe mode and tried removing Windows Defender entries from registry. Some entries would not remove. Restarted in normal mode. Problem still exists. PLEASE HELP as Microsoft Antispyware runs out on the 31st of July 2006. Tag: Questions about CDP an AIA distribution points Tag: 85890
  - 20
    - deactivate IE intranet security warning In need of assistance. Just initiated a IE Group Policy to establish the proper security zones for all our XP SP2 clients. Have placed our intranet webservers in the trusted zone and set the security level to LOW. User logs into a web app on these servers and an IE warning appears: When you send information to the local intranet, it might be possible for others to see that information. Do you want to continue? [check box] In the future, do not show this message. User checks the box clicks Yes on the "do not show this message again" and the app opens. User closes the app and then reopens User receives the same warning. Is there any way to disable this warning message? Have tried several changes to the policy with no success. Any help would be appreciated. Jay Tag: Questions about CDP an AIA distribution points Tag: 85889
  - 21
    - how to restrict limited user only visiting several websites I've been reading here alot and decided to post. Windows XP SP2, the administrator account want to restrict limited account only visiting several dedicated websites, and forbidden the limited account visit all the rest websites! My ideal is that disable quering DNC server, and mapping the IP addresses to host names only which I allow the limited account to visit...... But the drawback is that the limited account user can input the IP address directly in browser! Maybe there have other methods to accomplish the hard work! __ Ash Tag: Questions about CDP an AIA distribution points Tag: 85867
  - 22
    - Permission to Copy Files to Server Folder But Not Edit Them On a Windows 2003 Server I would like a specific user to have permission to add Excel files to a folder on the server from his own workstation, but not be able to edit the files, once they are placed into the folder. He still needs to be able to open and read the files, once they are in the folder on the server, just not be able to make changes to them. Can anyone tell me what combination of file permissions in Windows 2003 Server would produce this result. Thanks in advance! Tag: Questions about CDP an AIA distribution points Tag: 85865
  - 23
    - Error Message (???) I keep getting the following messsage when I open any of the Works applications e.g. Word Processor, Database etc C:\Programe Files\Microsoft Works\MSWorks.exe The NTVDM CPU has encountered an illegal instruction. CS:0604 IP:0145 OP: ff ff ff 00 00 Choose "close" to terminate the application I have choosen Close a million & one times! It allows me to access Word Processor but every time I log out and log back in (restart) the same message appears. Can anyone help??? Thank You! Tag: Questions about CDP an AIA distribution points Tag: 85860
  - 24
    - Mulitple Antispyware Beta Questions The address http://communities.microsoft.com/newsgroups/default.asp?ICP=spyware link in the software doesn't work. Is there and active newsgroup to post questions? When my system is left idle and offline for periods of time, the antispyware just isn't active when I open my desktop and use the computer again. Is there an explanation or known issue where the antispyware would dissapear from my toolbar or why it would become inactive and unloaded from the system applications with user input or while the system is idle? Have run other programs and found no spyware on my system just to be sure. Am I the only one annoyed that you can't minimize the window while antispyware updates? Tag: Questions about CDP an AIA distribution points Tag: 85859
  - 25
    - VirusScan Enterprise Security Alert I keep getting an alert that tells me my Virus Scan "may be out of date" but no help is available for my doing an update from anywhere. Can anyone advise me? Thanks, Michael. Tag: Questions about CDP an AIA distribution points Tag: 85855

Hi

I want to install a PKI test environment. I take the recommendation written
in the dokument "Best Practices for Implementing a Microsoft Windows Server
2003 Public Key Infrastructure".

http://technet2.microsoft.com/WindowsServer/en/Library/091cda67-79ec-481d-8a96-03e0be7374ed1033.mspx?mf r=true

Now I have some questions about CDP an AIA distribution points.

For the offline Root CA I design the distribution points in printed order

1. %WINDIR%\system32\CertSrv\CertEnroll
2. http
3. LDAP

I want to assign the parameters with the following script

certutil -setreg CA\CRLPublicationURLs
"1:%WINDIR%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n8:http://pki.ww-intern.de/certdata/%%3%%8%%9.crl
\n10:LDAP:///CN=%%7%%8,CN=%%2,CN=CDP,CN=Public Key
Services,CN=Services,%%6%%10"

certutil -setreg CA\CACertPublicationURLs
"1:%WINDIR%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://pki.ww-intern.de/certdata/%%1_%%3%%4.c
rt\n2:LDAP:///CN=%%7,CN=AIA,CN=Public Key Services,CN=Services,%%6%%11"

Now I have some questions to the parameters befor the protocol value.

In AIA I get the parameter value 1 at file or LDAP when I take it out of the
table for AIA properties
Include in the AIA extension of issued certificates = 1, recommendation set
Include in the online certificate status protocol (OCSP) extension = 2,
recommendation clear

I the Best practice document is the scipt displayed with parameter 2 for
both values. Is this an Error in the document or do I make a mistake in
calculating the parameter values. The same probles are in CDP extensions and
in AIA and CDP for the policy and Issiung CAs.

Can someone define the correct procedure ?

For the Issuing CA at first place in distribution points I want to set the
HTTP path (like displayed in document). If there is an XP client with
membership in the AD domain is the order of CDP or AIA extentions like
displayed or is for the XP Domain member the first distribution points the
LDAP path independed from the definition on CA.

Thank you for help

Ingo

Top