EFS Recovery Agent Creation Question.

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - CA Autoenrollment I have an Ent. Root CA that has a Cert. Template that I want autoenrolled for specific users in AD. The CA works fine with manually requesting the certificate but I cannot seem to get the users autoenrolled. The certificate was created and the group added in the security tab of the certificate and read, write, enroll and autoenroll are checked. But the users still do not get the cert unless they pull it down through the web. I have run out of ideas. Any help would be appreciated. Thanks bob - new york Tag: EFS Recovery Agent Creation Question. Tag: 89534
  - 2
    - NTService & ShellExecute Hello all, I'm trying opening a GUI application from an NT Service using the ShellExecute or CreateProcess API's. The execution succeeded, but the problem is that the GUI runs in the SYSTEM environment, so no GUI displayed. Can anybody help me in this? NOTE: I'm using VC++ with MFC 7 and the target OS's are 2K and later. Tag: EFS Recovery Agent Creation Question. Tag: 89530
  - 3
    - Electronic Signatures in MS Word Hello, Does anyone know where I can get information on how to set up electronic signaturesin word?? What I am trying to do is set up users to email there approvel off insted of have to print off the sign them. Please let me know if anyone can help Tag: EFS Recovery Agent Creation Question. Tag: 89529
  - 4
    - 802.1x, roaming profile, VLAN change Hi all, I have problem with roaming profile when the 802.1x authentication is configured and where there are 2 or more VLANs. If the machine authentication succesful, IAS will instruct the switch to configure the port to VLAN x. Then when a user logs on, IAS will instruct the switch to move the port to VLAN y. For other group of users, we set to VLAN z. The problem: the user won't be able to download (after logging in) and upload (after logging off). I notice that this is due to changing of VLAN on the switch: once the user logs on, the switch will quickly move the port to VLAN y, while the IP address of the PC still belongs to subnet of VLAN x. It means the PC cannot contact the server until it gets a new valid IP address (in the VLAN x). My setting: AuthMode --> 1 SupplicantMode --> 3 (based on http://technet2.microsoft.com/WindowsServer/en/Library/8e74974f-c951-48ce-8235-02f4ed8e74921033.mspx?mfr=true) I tried to create: GpNetworkStartPolicyTimeoutValue --> 60 (seconds) (under HKLM\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon, based on http://support.microsoft.com/default.aspx?scid=kb;en-us;840669) but no success. Is there any way to delay the downloading/uploading the profile? So that the PC will have time to change the valid IP address before downloading/uploading the user profile. Thank you in advance. Tag: EFS Recovery Agent Creation Question. Tag: 89525
  - 5
    - My email address appears through search engine Although this may not be an appropriate forum for my question/concern, I am pleading for someone's suggestion or help to resolve my dilemma. Back in 2002 when I was a novice to on-line newsgroups, I posted several questions on the MS Newsgroup forum showing my actual email address. Several weeks ago I googled my email address and to my surprise it appeared several times on the following site. http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ms/ I am not familiar with that site but it appears to contain both active and archived newsgroups. Since about 2003 it appears that the email addresses are being encrypted (if thats the correct term?) to possibly prevent mining of addresses. However, prior to that time the posters' actual email address appeared, including mine. There could possibly be thousands of actual email addresses appearing on the site which are being mined and used to spam unsuspecting victims, of which I may be one. I have sent the web site several emails in recent weeks requesting that my postings and email address be removed from the site, however, it has only been removed in one instance and still appears in two other instances. Recent emails to the site requesting further deletions have gone unanswered and my postings and address still appear for the world to see. Can anyone advise how I can get this matter attended to. Sorry for the long post. Thanks. Tag: EFS Recovery Agent Creation Question. Tag: 89524
  - 6
    - very strane problem with a mandatory profile i create mandatory profile with this steps: 1- create the profile I'll use as a mandatory profile 2-Save the mandatory profile in folder in local partation 3-change the Ntuser.dat to Ntuser.man 4-i configure the user accounts i want to use the mandatory profile 5-and when i log on with one of this users this error message appear : "Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator" i don't know what wrong i make .... plz plz plz plz help me thanx ta2ta2 Tag: EFS Recovery Agent Creation Question. Tag: 89523
  - 7
    - Dialui Hello all, After scanning my system with Windows Defender a dialer called Dialui was found but when Defender tried to remove it error OX80501001 was encountered and the removal could not be completed, how can I remove this software and why Windows Defender could not complete the removal? Thank you in advance for your help. Tag: EFS Recovery Agent Creation Question. Tag: 89519
  - 8
    - Eventlog Warning !!! WinXP SP2 Pro. Event Log Warning for both limited user, and priviliged user too. Windows saved user's xxxxx registry while an application or service was still using the registry. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as user account, try configuring the services to run in either LocalService or NetworkService account. Now I know where Services are, and how to go to properties-general tab-log on tab, but I do not know which service to click on in the first place in order to configure services. I also do not see a Select User dialog box to specify a user account under the Log on tab. I hope someone can give me a detailed lead in this one. Thank you so much.. >>worried<< Tag: EFS Recovery Agent Creation Question. Tag: 89509
  - 9
    - Event log Systems we have 100+ servers, and would like to implement a syslog type of server. does anyone love/hate theirs that they would please share. We would like to get a eventlog system that will tell us when certian critera are met, like multiple failed log in attmepts, and critical system errors. a one stop shop per say for monitoring event logs. Something that will make reading the event logs easier, and easier to spot the important stuff. Tag: EFS Recovery Agent Creation Question. Tag: 89500
  - 10
    - Kerberos with "Selective Authentication" over forest Trust Hello When we use "selective authentication" on the one-way forest trust, kerberos is not working, only NTLM. When we deselect "selective authentication" on the forest trust, kerberos works fine to access ressources in the ressouce domain. For security reasons we need "selective authentication" on the trust and we want kerberos as the authentication protocol. (The Domains are in W2K3 mode, serviceprincipalnames for the accounts are created) With "selective authentication" enabled we receive the following error from a DC in the resource Domain: No. Time Source Destination Protocol Info 53 3.896470 159.29.17.56 159.29.193.212 KRB5 KRB Error: KRB5KDC_ERR_POLICY Frame 53 (196 bytes on wire, 196 bytes captured) Ethernet II, Src: Cisco_f2:6c:f0 (00:d0:bc:f2:6c:f0), Dst: CompaqCo_dc:b2:4b (00:08:02:dc:b2:4b) Internet Protocol, Src: XXX.29.17.56 (159.29.17.56), Dst: XXX.29.193.212 (XXX.29.193.212) Transmission Control Protocol, Src Port: kerberos (88), Dst Port: 1853 (1853), Seq: 1, Ack: 1740, Len: 142 Kerberos KRB-ERROR Record Mark: 138 bytes Pvno: 5 MSG Type: KRB-ERROR (30) stime: 2006-10-27 09:54:51 (Z) susec: 940079 error_code: KRB5KDC_ERR_POLICY (12) Realm: SERVICES.XXX.YY Server Name (Service and Instance): HTTP/personal.services.XXX.YY Name-type: Service and Instance (2) Name: HTTP Name: personal.services.XXX.YY e-data PA-PW-SALT Type: PA-PW-SALT (3) Value: 130400C00000000003000000 NT Status: Unknown (0xc0000413) Unknown: 0x00000000 Unknown: 0x00000003 Does anyone have an idea? Greetings Roger Tag: EFS Recovery Agent Creation Question. Tag: 89494
  - 11
    - Disable CD ROM for Certain User Account Hello, I am on Windows XP SP2. Is there a way to completely disable CD ROM (stop user from being able to use CD ROM, thus prevent use of bad, or virus infected CDs) for certain user account? I heard it is possible to do it via Group Policy or Local Security Settings, but I might be wrong. Thank you everyone. Tag: EFS Recovery Agent Creation Question. Tag: 89489
  - 12
    - Beautiful women, aged clones, and Ultimate Fighting Championship Friend, I'm always looking for good and intelligent individuals like you to visit my website, www.ChezBrandon.com , and it has pictures of beautiful women, information about aged clones, and a link to Ultimate Fighting Championship, a very good show. My name is Brandon, and I'm in my 20s, am a college student, and as lie detectors, both conventional and unconventional would show, I've never been sexually penetrated. Moreover, I could be shown pictures of X, Y, and Z, and it would show that I'm only sexually attracted to women. The Murders of Our Leaders in Government were Stopped. I, Brandon, can take lie detector and psychological tests, and I can go before a panel of truth detecting experts. I tell the truth. A mini-psychological test: 8 times 2 = 16, the world is round, not flat, and the year is 2006. Feel free to call me, my cellphone number is 503.740.0272 (United States based) and feel free to utilize a GK-1 voice truth detecting device too: >From Congressmen Bill Frist to John Kerry to Dennis Hastert to Hillary Clinton to John Warner to Ron Wyden to Gordon Smith to John McCain to Joseph Lieberman to Nancy Pelosi to Diane Feinstein to Ted Kennedy to anyone else who happened to be in the Congressional chambers during either a joint session of Congress or a State of the Union address from Masons to Skull and Bones members to Secret Service agents to pages to visitors to other good individuals, they all would have been murdered, all of their accomplishments stripped away, their earned wealth stripped away, their homes stripped away, their family and friends stripped away. Moreover, someone else would have been sleeping with their spouses. Elements of the Mossad, who wanted to bathe in the blood of our Congressmen as well as bathe in the blood of leaders around the world, and when they seized power they would, as confirmed by psychic vision and confirmed auditorially, "he's right; he's psychic," would outlaw most if not all organizations, including the Masons, and these elements as Victor Ostrovsky writes about in his #1 New York Times bestseller By Way of Deception are out of control, notoriously lie, and have a disregard for life -- I was able, thank God, to thwart the conquest of the USA and the world, and was able to thwart the murder of United States and world leaders, via a psychic vision of Senator John Warner and other Congressmen being choked to death by gas, which was confirmed auditorially from both ears, such as "He saved Congress," who they were going to kill "all of them,""how did he know that?" and "he's psychic" -- murdered my biological Aunt Gloria Atkinson, whom I loved very much, as she did of me, and there is a tribute to her on my website. Please, friend, be sure to barricade your bedroom door at night. I'm not afraid of aged clones or the attempted chopping off of my appendages (elements of the Mossad talked about chopping off my right middle finger and right ear, and 10 out of 10 of my toes, like my right middle finger have unique steeple designs). I'm not afraid of anything. I'll defend myself to the best of my ability, and I commit my life to saving the lives of men, women, and children and strengthening good organizations. I will always remember my biological Aunt Gloria Atkinson. Sincerely, Brandon Tag: EFS Recovery Agent Creation Question. Tag: 89488
  - 13
    - Event ID: 537 Hi, sorry if it post it before ( can't find a good solution ) On my DC win2003 i have manny security events Can anyone tell me what to do. Regards, Addy Tag: EFS Recovery Agent Creation Question. Tag: 89487
  - 14
    - If I have created recovery image in a hidden partition, should I creat bootable rescue media in addition? Hi, all. I am using Acronis True Image to backup the partitions. I have created Acronis recovery manager in a hidden partition. If there is serious problem in the system, I can restore the chosen partitions just by pressing only one key a few seconds after system starts. Then should I creat bootable rescue media using CD-R in addition? Can't the recovery image function when the system can not be booted? Thanks. Tag: EFS Recovery Agent Creation Question. Tag: 89485
  - 15
    - in defender: why is ther no 'always allow' status i have an old program that is not recognized by Defender. every time i start my computer Defender reports that it doens't recognize the program, then i can only choose between 'allow' and block. There should be a 'Always allow' but I can't find that option. Joepie. Tag: EFS Recovery Agent Creation Question. Tag: 89482
  - 16
    - Trojan? Computer security issues Recently I was browsing the internet, and (I have Mcafee security programs) a window popped up saying a trojan was found, and blocked. I tried to close Internet Explorer when I saw this, but it wouldn't close for the next minute or so. I ran a virus and adware scan afterwards, but found nothing but the usual adware here and there, which I deleted. The computer has been running rather slowly since then, and so I opened up Windows Task manager recently. It showed the Processes menu, and didn't show the rest of the menu. All I could look at were the changing graphs of the computer's usage of space. When I examined these graphs, they showed the CPU usage going from 65-100% usage. I've tried many things to look at the rest of the menu of it, but to no avail. So, any suggestions as to what to do to find out what is causing this much space to be used on the computer? Tag: EFS Recovery Agent Creation Question. Tag: 89479
  - 17
    - Google Powered Search Engine for Security/eSecurity Community I am building a Search Engine exclusively for the Security and eSecurity Community using Google's Coop program. I would like to NOT include any vendor sites, but just index sites that are vendor neutral. Would this is be a good strategy or not? The URL for the search engine is http://www.xml-dev.com Here are my current guidelines for site inclusion 1) I will NOT include any vendor site (e.g. Cisco, Microsoft, Bluecoat etc) 2) I will check the Netcraft ranking for each suggested URL that I receive. The site has to rank in <50K to be included in the index. (e.g. http://toolbar.netcraft.com/site_report?url=http://www.securityfocus.com) 3) I will also make sure that the site doesn't excessive amount of Ads. For e.g. I will not include http://www.securitynewsportal.com/index.shtml As far the inclusion of vendor sites in concerned, I think if one is searching for some specific information (e.g. install guide) for a particular product they should probably go to the vendor website or google it. However if you researching about a technology, lets says IDS, you really don't need to see the vendor sites. They will, off course, say that their product is the best in the world. For e.g. search for "Full Disk Encryption" on Google, and you will see that DriveCrypt and WinMagic show up in the first 3 results. And they both claim to be "best in the world" :) And I have tried both, and they are not the best (to say the least)! ;-) Instead I would like to see what other sites are saying about these products or "full disk encryption" in general Note: I am looking for few other people to help me filtering out the website, and updating the index. Please let me know if anyone is interested. As always please keep sending your favorite URLs. I have tons of URLs in my email box, and I will catch up with them (and reply to the sender) over the weekend :) Tag: EFS Recovery Agent Creation Question. Tag: 89475
  - 18
    - EMAIL Scanning Error/Turned Off in Norton Internet Security (NIS) The following problem seemed to start about 3 weeks ago. The Anti Virus status window in NIS shows the status of email scanning as ERROR. It is turned off with no way to turn it back on. Uninstalling and reinstalling have not helped. A lengthy discussion with Norton tech support, not surprisingly, was useless as well. I just cleaned my Registry (WIN 2000), but that too made no difference either. The only other security product I am running is SPYWARE DOCTOR, but uninstalling that did not help either. I am now suspecting a conflict someplace, or perhaps even some as yet unidentified malware. Any ideas of a possible cause, or an approach I can take? Tag: EFS Recovery Agent Creation Question. Tag: 89462
  - 19
    - Found an unknown keylogger/ spyware named "MrvGINA.dll" Anyone heard of this? Found it while trying to correct my computer starting in "Administator" user mode, as opposed to my normal user profile. A log in window appears, which I believe is created by the spyware to try and phish passwords. When I tried to change the settings a warning stating "Windows Security and Fast User turned off. Uninstall program to correct. Finding MrvGINA.dll may help determine the responible program". MrvGINA.dll is in the sytem32 folder. Neither Spybot Search & Destroy nor Norton Internet Security have identified the file leading me to believe it is a new spyware/malware. Tag: EFS Recovery Agent Creation Question. Tag: 89453
  - 20
    - Parental Internet-access Control Software Title says it - any advice on which products are good? A free one would be ideal if it works reasonably well. Basic requirements are to lock-down which websites three children can visit. or at least to reduce the chances of them accidentally landing on disturbing porn material. Must work with Firefox. (or Opera/NS/Mozilla would be OK, but not IE for security reasons) Tag: EFS Recovery Agent Creation Question. Tag: 89447
  - 21
    - IE7 final and SpySweeper Ver 5.2.3 build 2120 There are numerous incompatibilities with the latest version of SpySweeper and Internet Explorer 7.0 final. These incompatibilities have finally forced me to uninstall the latest version and go back to SpySweeper Ver 5.0.7 build 1608. Here is a list of the most troublesome interactions: 1. Opening a second tab in IE7 takes about 5-7 seconds just for the tab to appear. I had previously said 3-5 seconds but it got worse. 2. After the 2nd tab opens it takes about another 5 seconds for "anything" to even begin to appear in the new tab. 3. When holding the ctrl key and clicking on a link, in most cases, the desired link would appear in the original tab. 4. If I had multiple tabs open, and I wanted to close the active tab, I would press CTRL & W, which should close the active tab only. Many times when I did this Internet Explorer would close down. 5. Outlook Express would take ages to open and make a connection to my ISP's mail server. 6. Many other programs just seemed to be taking a lot longer to initialize. All of these problems have gone away after going back to SpySweeper Ver 5.0.7 build 1608. The 2nd (and additional) tabs open instantaneously. The web information begins to immediately paint the page. CTRL & click on web links open a new tab every single time. CTRL & W closes the active tab "every single time". Internet Explorer 7.0 final has stopped crashing. I think I will wait until the next SpySweeper program update until I try again. The present version just has too many problems! BTW, Firefox has not been affected with the SpySweeper update. -- Regards, Richard Urban Microsoft MVP Windows Shell/User (For email, remove the obvious from my address) Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! Tag: EFS Recovery Agent Creation Question. Tag: 89444
  - 22
    - e-mail problems When I try to sign in to my hotmail account a window opens that informs me that I am about to view pages over a secure connection as I click on sign in to open my account another window opens informing me this time that I am about to leave a secure internet connection it will be possible for others to view information you send, if I do not wish to continue I can not access my messages. I am extremely concerned about this problem, I have been reading and looking for reasons and solutions on windows newsgroups but found nothing, I am almost computer illiterate and I am afraid that by having tried to solve the problem without the right knowledge I have check and uncheked, enable and disable and made a right mess out of my PC . I had enabled automatic updates but I feel that this problem started after I installed SP2, I have now uninstalled SP2 but the problem has not gone away, my homepage has also been changed to MSM Homepage and when I try to change it again it always reverts back to MSMHomepage, is it possible that my PC has been hijacked? Please, please help, thanks a million. Tag: EFS Recovery Agent Creation Question. Tag: 89442
  - 23
    - Should I enable TLS 1.0? Should I enable TLS 1.0? If I do, will the encryption be stronger. So far, all I get when I am on a secure site is 128 mb encryption or less. If I do enable TLS 1.0, will anything happen? Tag: EFS Recovery Agent Creation Question. Tag: 89439
  - 24
    - outside source changing passwords? Recently started having problems with MSN and Yahoo., where someone has been able to gain access from an outside source and reset my passwords. Not only are they resetting the passwords, but have managed to hijack,, 3 accounts,, and erased allmy contacts and personal e-mails. I have changed my passwords at different computers, and different areas not affiliated with home and work. is there any info that someone can help me with. please send any e-mail to lenmoscovitch@bond-tech-industries.com my msn is not secured,, Tag: EFS Recovery Agent Creation Question. Tag: 89436
  - 25
    - Registry Access I want to remove domain users from having any rights to the registry on windows 2003. how do i do that? Tag: EFS Recovery Agent Creation Question. Tag: 89433
- Next
  - 1
    - Is corruption of Hyperlinks possible? 1. Can something be embedded *in the hyperlink itself* which might cause immediate 'infection' of ones PC if it is 'clicked'? 2. Is there some way that a *third party* could interfere with a link - innocently posted in a messages - so that if a reader subsequently 'clicks' on the link (or even copies and pastes it into a Browser) - instead of being directed to a bona fide site, one might end up on, say, an 'infected' web site - a Spoof site in other words? Should the answer(s) be yes - exactly *how* might it done - clever use of Scripting? Is there a guide available from Microsoft to advise of how to avoid the pitfalls if either scenario *is* possible? Any guidance will be much appreciated. TIA David (XP Home SP2 and all Updates) Tag: EFS Recovery Agent Creation Question. Tag: 89420
  - 2
    - Mysterious Files? I have just noticed a series of files that have started to appear on my c drive each day. Today they are s1vo.i, s1vo.j s1vo.j and so on. The file sizes and times created vary. Previously there were some named s2ss and so on that I deleted. I also have a couple of TXT files with similar file names that when I open with notepad are copies of emails I have received. Could someone provide some insight to what these are? I ran a full system scan with NIS 2006 with a "0" infection result. Thanks, Bob1170 Tag: EFS Recovery Agent Creation Question. Tag: 89419
  - 3
    - stealth; good idea or bad; I have 2 different sources; who's right Well, I've heard some people say that having a "stealth" firewall is good, and some say it's bad. Two different views: Position A: Supposedly, according to the text beneath this, if a computer is not "stealthed", connecting to that computer, for example with a PING (I assume ICMP), a simple ICMP ping would send a "host unreachable" message back to the attacker. If the computer is "stealthed", it will simply drop the echo request, and no reply is sent back to the attackers' computer. That way, a "stealthed" computer will confirm it's existance. Thus being counterproductive. Position B: the "attacker" would receive a "host unreachable" message from a "stealthed" computer. Or would it not receive a "host unreachable" message, but something else, that will look like the same to the attacker ? For as far as I know, Steve Gibson from www.grc.com stands behind position B. So, which view is correct ? Maybe it's even more complicated, I'd like to gain some insight. Maybe firewalls can have different kinds of stealth. I don't know. That stealth is "out of spec" is not an argument for me. WHAT I SUSPECT, and I'd like to hear your views about that, is THAT THE INTERNET ITSELF is configured in such a way that if a "stealthed" computer does not respond to a ping or other attempt to establish a connection, the "attacker" would receive a "host unreachable" message. Thus making stealth sensible. Essentially position B. Below this the original article, that prompted me to do some investigation of my own (not very succesfull), and asking this question here. Insight/help appreciated. Quoting article" Stealth, when it comes to computer security, is when the computer (or other network equipment) does not issue any sort of reply to connection attempts, including ICMP echo requests (ping). I guess the idea was that if there's no response, they can't see that anything is there, and therefore you're "stealthed" from the outside world. For some reason, this was assumed to be a security enhancement because you cannot attack what you cannot see... Oh boy, is that ever wrong. "Stealth" doesn't mean you are invisible at all. Instead, it makes you stick out like a sore thumb. Here's a picture showing a would-be attacker and your computer behind a firewall. A simple "ping" from the attacker travels through the cloud, and to the router in front of your firewall. Next, the echo request gets to your firewall. A stealth firewall will simply drop the echo request, and no reply is sent back to the attackers' computer. So, you're invisible, right? Since there's no reply, there's no computer there, right? Wrong and wrong! If there really was no computer (or firewall) there, the router sitting in front would reply for you with a simple ICMP "host unreachable" message back to the attacker. The attacker would then know that there really is nothing there. The lack of this "host unreachable" message is a clear indication that something is there and it's dropping the packets rather than replying to them. A simple telnet connection will yield the same result. If the attacker attempts to telnet to your computer, and your firewall simply drops the packets with no reply (stealth), then the connection attempt simply times out. Again, this is not an indication that there's nothing there, because the router did not send the "host unreachable" message. With a non-stealth setup, a reply packet is sent, and assuming no telnet server is running, the reply will be a loud "no service here." If you shut your computer off, the connection attempt will also time out, but then the router will send the "host unreachable" message back to the attacker, so they really know that you're not there at the moment. So, being "stealth" doesn't really add any security at all, nor does it really hide you from anyone else. Anyone who wants to really know if there's anyone at a give IP address will have no difficulty seeing that you're really there because you are trying too hard to appear not to be. Since stealth is violating the normal rules of network connectivity, it makes you more visible, not less. " Tag: EFS Recovery Agent Creation Question. Tag: 89403
  - 4
    - changing local administrator password *securely* I've been asked to change the local administrator password on a number of remote Windows 2000 and Windows XP systems. I know that this can be easily accomplished in a number of ways: scripted with VBScript and run from my PC or from SMS, third-party tools like pspasswd, via the cusrmgr.exe resource kit tool, and so on. However, I'm concerned that these distribution methods send the password in the clear across the network. Does the cusrmgr.exe tool use any sort of encryption when changing the password of a remote computer? Is there some way of doing this change that doesn't involve something drastic like setting up IPSec on the entire network? Tag: EFS Recovery Agent Creation Question. Tag: 89402
  - 5
    - Schedule Task freezes explorer I'm running windows 2003 SP1 (is a domain controller and a exchange 2003 SP2 server) and every time I open the schedule task my server freezes. I manually kill the explorer process and everything just go back to normal. This happens all the time and I need to run the schedules tasks in order to make my automatic backups. I have all the updates installed on my server, can you help me? Tag: EFS Recovery Agent Creation Question. Tag: 89401
  - 6
    - modem, router, firewall ? advice requested Well, for some time some "data" has been "leaking" through my router (supposed to have a firewall, which is confirmed by SOME tests), to my computer, where my software firewall catches it. I have been considering geting a 100 % stealth firewall/router. Including port 0, that my Sitecom router won't let me make stealth anyway. It doesn't have an official stealth option, you need to use a trick, but that doesn't work for port 0. (Which can be detected). Data passes through my modem to my router, and then to my pc. Today, it just occurred to me: would having a stealth router make any sense at all ? I really don't know how this works, but wouldn't scanners/computers just detect my modem (brand Arris, got it from cable company), regardless of what my router claims to be stealth ? My modem is directly connected to the internet, and for as far as I know it doesn't have a firewall. So it's really a technical question: can the mere presence of an active modem with an active router be detected by others on the internet ? Imagine I got a 100 % stealth router, wouldn't others on the internet detect me (IP address, basically static computer name and IP), by detecting the modem ? And does it matter in that case, whether my computer was ON or OFF ? Insight appreciated. Tag: EFS Recovery Agent Creation Question. Tag: 89400
  - 7
    - Service Pack 2 problem Ever since I accidentally reinstalled Windows XP(I had forgotten that I left the disk in the drive, and when another user started the computer, he 'boot[ed] from CD'), an alert has been telling me that I do not have service pack 2 installed, yet I installed it months ago, and the site where I could retrive Service Pack 2 told me I had it. The remnants of SP2 that I have, like the icons for Security Center and Windows Firewall, are inoperable, with SC turned off completely, and the WF link not working, due to an 'unidentified problem.' I don't know what to do, and every second I am online is another second I am exposed to innumerable security risks... Help! Tag: EFS Recovery Agent Creation Question. Tag: 89399
  - 8
    - How to communicate with a named pipe on another PC without security Hello, assume I create a named pipe on one pc where can set up any security descriptor for it I want to (you name please how to do this and what descriptor to set), how can I connect from a second PC on the LAN (assume both cases: peer to peer and domain based networking) to that pipe without my connection being rejected due to security reasons? OS is either W2000 SP4 or XP SP2. Greetings Markus Tag: EFS Recovery Agent Creation Question. Tag: 89390
  - 9
    - releasing confidential docs have a question. I have a potential client asking for Security documents from my company. They include, IT Org chart, Information Security Policy, Data Classification Policy, Data Retention Policy, Data Destruction Policy, Risk Assessment Standard, System Backup Policy, Business Continuity Plan Summary, Disaster Recovery Plan Summary. In your opinion, does releasing this info make for a security violation? Would signing of Non-Disclosure be enuf to protect my company? thx Tag: EFS Recovery Agent Creation Question. Tag: 89382
  - 10
    - published: Microsoft Security Intelligence Report Microsoft posted, dated 10/23, a pdf titled the Microsoft Security Intelligence Report http://www.microsoft.com/downloads/details.aspx?familyid=1c443104-5b3f-4c3a-868e-36a553fe2a02&displaylang=en This details the "as experienced" trends in the malicious software arena for the first half of '06, is a quite interesting read (if you are into such things that indicate the hostility of the environment) and virtually certainly is based on the largest real-world sample ever used in such an analysis. -- Roger Abell Microsoft MVP (Windows Server : Security) MCDBA, MCSE W2k3+W2k+Nt4 Tag: EFS Recovery Agent Creation Question. Tag: 89381
  - 11
    - SNMP Service Security Key I'm trying to find out the purpose behind the following registry key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Security] If anyone can help shine some light on the uses of this key by SNMP or point me to a resource explaining it I would deeply appreciate it. I haven't been able to find anything in my reference material so far. Thank you, -- Cody Billings Tag: EFS Recovery Agent Creation Question. Tag: 89379
  - 12
    - Root CA CRLs I'm setting up a two-tier PKI hierarchy. The root will be offline and will sign the issuing CA certificate. What is the best-practice for the root Certificate Revocation List and revoking the root certificate? Should I immediately revoke the root certificate after creating the issuing CA and store it in a secure location in case the passphrase is lost? Should I create a certificate revocation list from the root or only on the issuing CA? I certainly don't want to have to retrieve the root authority to update the list, but will the clients handle this OK if the root public key is in the browser but the issuing CA revokes certificates and publishes the list? I would think so, since the chain should be intact. Thanks in advance. Tag: EFS Recovery Agent Creation Question. Tag: 89378
  - 13
    - Defender 1.0 error I am receiving the following error when attempting to update the definitions from the original install of Defender 1.0. Please advise, Thanks, Jeff > Event Type: Error > Event Source: MPSampleSubmission > Event Category: None > Event ID: 5000 > Date: 10/25/2006 > Time: 11:03:47 AM > User: N/A > Computer: CCIS1773 > Description: > EventType mptelemetry, P1 8024001d, P2 unspecified, P3 unspecified, P4 1.1.1592.0, P5 mpsigdwn.dll, P6 1.1.1592.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. > > For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. > Data: > 0000: 6d 00 70 00 74 00 65 00 m.p.t.e. > 0008: 6c 00 65 00 6d 00 65 00 l.e.m.e. > 0010: 74 00 72 00 79 00 2c 00 t.r.y.,. > 0018: 20 00 38 00 30 00 32 00 .8.0.2. > 0020: 34 00 30 00 30 00 31 00 4.0.0.1. > 0028: 64 00 2c 00 20 00 75 00 d.,. .u. > 0030: 6e 00 73 00 70 00 65 00 n.s.p.e. > 0038: 63 00 69 00 66 00 69 00 c.i.f.i. > 0040: 65 00 64 00 2c 00 20 00 e.d.,. . > 0048: 75 00 6e 00 73 00 70 00 u.n.s.p. > 0050: 65 00 63 00 69 00 66 00 e.c.i.f. > 0058: 69 00 65 00 64 00 2c 00 i.e.d.,. > 0060: 20 00 31 00 2e 00 31 00 .1...1. > 0068: 2e 00 31 00 35 00 39 00 ..1.5.9. > 0070: 32 00 2e 00 30 00 2c 00 2...0.,. > 0078: 20 00 6d 00 70 00 73 00 .m.p.s. > 0080: 69 00 67 00 64 00 77 00 i.g.d.w. > 0088: 6e 00 2e 00 64 00 6c 00 n...d.l. > 0090: 6c 00 2c 00 20 00 31 00 l.,. .1. > 0098: 2e 00 31 00 2e 00 31 00 ..1...1. > 00a0: 35 00 39 00 32 00 2e 00 5.9.2... > 00a8: 30 00 2c 00 20 00 77 00 0.,. .w. > 00b0: 69 00 6e 00 64 00 6f 00 i.n.d.o. > 00b8: 77 00 73 00 20 00 64 00 w.s. .d. > 00c0: 65 00 66 00 65 00 6e 00 e.f.e.n. > 00c8: 64 00 65 00 72 00 2c 00 d.e.r.,. > 00d0: 20 00 4e 00 49 00 4c 00 .N.I.L. > 00d8: 2c 00 20 00 4e 00 49 00 ,. .N.I. > 00e0: 4c 00 20 00 4e 00 49 00 L. .N.I. > 00e8: 4c 00 0d 00 0a 00 L..... Tag: EFS Recovery Agent Creation Question. Tag: 89375
  - 14
    - Security Logs Monitoring and Alerting Tool Hello! Could you, please, recommend to me if you know a software which can monitor security logs on domain controllers and send allerts? I did look at the software which tracks changes to AD - admin, configuration compliance and that is 'too big' also big IPS IDS systems are not needed - really something which reads the logs and send alerts? Does Microsoft has an plug-in or is there a good third party software? Thanks! -- Nikki It Admin Tag: EFS Recovery Agent Creation Question. Tag: 89359
  - 15
    - OWA Does the dedicated OWA server need any special antivirus software for Exchange in addition to common antivirus server software? Why? The actual OWA server contains no mailbox store, nor is any SMTP traffic transmitted across it. Thus there is no e-mail to scan on the OWA server, assuming that this is the server's only function. Tag: EFS Recovery Agent Creation Question. Tag: 89356
  - 16
    - CCapp error? I get a CCapp error while I am shutting down the pc,& when I click on end now,or even when I don't end now,& when the pc starts to shut down,I then get a CCsvchst error that the reference could not be read. I have run a full virus scan& spyware check& the system is clean,uninstalled& reinstalled Norton internet security 2007 at least 3 times,uninstalled & reinstalled Windows Xp, & I am still getting the same error message. I think this is something having to do with Norton 2007- I have contacted Norton support with no luck whatsoever. Any recs on what to do? Thanks! Tag: EFS Recovery Agent Creation Question. Tag: 89346
  - 17
    - Blocking USB I have been tasked with finding a way to block some devices from being connected to USB ports. We need to be able to block thumb drives for example, but allow other things like keyboards and mice. I have downloaded and am evaluating DeviceWall and SecureWave, but am just wondering what else other people are using and also if Vista will be able to do this when it is (finally) released. Thank you Ryan Benning Tag: EFS Recovery Agent Creation Question. Tag: 89343
  - 18
    - PCI Compliance question I work at a uni and am faced with PCI compliance on my payment gateway server (2003 enterprise). This server is part of the credit card transaction process. One of the requirements of the PCI standard is that unused user accounts automatically get set to disabled after a certain amount of time. This server will only have a few local accounts on it and is not a member of a domain so I could easily hand manage the creation, modification, and deletion of accounts, but thatâ??s not good enough. Does anyone know of a way to set this up on the windows box for local accounts to expire if not used in a certain amount of time???? I found all the other necessary settings in the local security settings account policies. Maybe I have to go with a third party product to handle this?? Thanks Tag: EFS Recovery Agent Creation Question. Tag: 89341
  - 19
    - Hiding last logon, all MS platforms, why or why not to do I'd like to know the cons of hiding last user name in the logon dialog. The pros are obvious...why give away half the key to the castle? I'll be darned if I can think of one GOOD reason to leave it displayed. My company has rec'd a policy change recommendation, to blank it out, and they want the P's and C's of it. Hit me with both arguments if you wish... Thanks much. Tag: EFS Recovery Agent Creation Question. Tag: 89340
  - 20
    - MS06-061 version 2 for Win2K SP4 I am trying to evaluate the risk to systems in which I have previously installed the version 1 patch for 06-061 (KB 924191) According to the bulletin update: V2.0 (October 19, 2006): Bulletin updated: This bulletin has been re-released to re-offer the security update to customers with Windows 2000 Service Pack 4. The security update previously did not correctly set the kill bit for Microsoft XML Parser 2.6. So my question is: With the first patch installed am i protected from the vulnerability, just missing the kill bit for 2.6? If that were the case I would wait until next month's patch cycle to apply version 2. My clients are getting pretty weary of the numerous rereleases and subsequent down time on their servers. And i'm getting cranky from lack of sleep. gt Tag: EFS Recovery Agent Creation Question. Tag: 89337
  - 21
    - multiple CA for same domain ? (a little long..) Hi all, i have a question: i have a PKI infrastructure, with a offline root, an enterprise CA and a domain controller. We use PKI for smart card, email signing and what future time will offer... Now we start a branch office with many user so i make a new domain controller (for same central domain) in the branch office for autentication speed and geographics redundance. The lan's have non egual ip addressment but one see each other. I'll correctly set "site and service" applet so pc remote will use remote DC. My question is... i need also a second CA in the branch office ? if not i can have speed problem ? (i don't kon how fast is connection, specifically during working hour). And, if i need a second CA, can install on DC ? (i think have not CPU power problem and no security access problem) and there same particolar procedure to avoid strange situation like pc autentication or PKI process on erratic CA and DC ? Thanks all in advance (and excuse my english.... writing from italy.) Tag: EFS Recovery Agent Creation Question. Tag: 89335
  - 22
    - The security log on this system is full Dear All, I activated most of security audit (within the default domain controller policy) for the domain controllers installed with Windows 2000 sp4 (Active Directory) and it ran well. Then I have recently upgrated to Windows 2003 sp1 all domain controllers and now I get the following error when I open a session on domain controllers : "the security log on this system is full" When I look at the properties of security event logs file, it shows that the log size isn't full and there is enough space to further events security logs. Could you tell me why I get this error ? I precised that I have defined the log to overwrite events security logs older than 60 days. Thanks for your help, Job Tag: EFS Recovery Agent Creation Question. Tag: 89331
  - 23
    - Quarantined network segment Just thinking of setting-up a 'quarantined' network segment in the workshop, for testing computers that might be virus-infected. Often it's necessary to connect such computers to the Internet, to downlaod antivirus tools. But, I want to do this in such a way that other computers (this one, for example!) are not exposed to risk of attack. I use a pppoa ADSL connection, via a typical TI-chipset NAT router. Internal machines have fixed IPs except for those on wireless. Double-NAT might be one option, witha second router feeding a 'downstream' subnet for the workshop computers, and the 'suspect' computer(s) being connected at the first NAT level. In other words: Internet -Â¬ NAT Router #1 -Â¬ -Joe Public's broken PC, in for repair. -Â¬ NAT Router #2 -Â¬ - This Workstation - Windows Server - Linux Server - Laptops - Etc. Only drawback is that this puts the 'trusted' computers at the lower level in the connection-tree, and potentially makes their connection less reliable. Plus it raises issues if I want to serve-out public data from any of the servers, as I can't map ports straightforwardly. Therefore not ideal. I'd rather find a way that makes the 'suspect' computer the 'low boy' in the hierarchy, without altering the setup for 'trusted' computers. Yet the 'suspect' computer must not be able to see anything of the internal network. Any suggestions? Tag: EFS Recovery Agent Creation Question. Tag: 89329
  - 24
    - virus... Hi, my name is Joan, my problem is that my lap top get a SDBOT.WORM.GEN.N. trojan, and the another problem is that i cant to conect to internet to find any solution, what can i do? Tag: EFS Recovery Agent Creation Question. Tag: 89325
  - 25
    - Windows Defender has been released After a very long beta, Windows Defender has been released. => Two (2) free Support Incidents included. <= Windows Defender Home Page http://www.microsoft.com/athome/security/spyware/software/default.mspx More info: http://aumha.net/viewtopic.php?t=22266 At least for now, the Defender Support newsgroups (and this is NOT one of them) remain on a publicly accessible but private newsserver. See this page for newsgroup information: http://www.microsoft.com/athome/security/spyware/software/newsgroups/default.mspx. -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE, OE, Security, Shell/User) Tag: EFS Recovery Agent Creation Question. Tag: 89322

All,
I am in the final steps of implementing EFS into Active directory. I
have created my CA server, configured my EFS recover template, but that
leaves me with one question. When I request an EFS recovery certificate, the
computer name is displayed in the summary page during the certificate request
wizard. Does it matter which computer I create the recovery agentâ??s
certificate upon as long as the computer is a member of the domain? Or does
it need to be a certain computer in the domain such as a DC?

Thanks for your help in this.

Mark

Top

Re: EFS Recovery Agent Creation Question. by Brian

Brian
Wed Nov 01 22:06:58 CST 2006

In article <429DFF46-1968-47F6-B9FF-485F745DA09C@microsoft.com>,=20
Mark@discussions.microsoft.com says...
> All,
> I am in the final steps of implementing EFS into Active directory. I=
=20
> have created my CA server, configured my EFS recover template, but that=
=20
> leaves me with one question. When I request an EFS recovery certificate,=
the=20
> computer name is displayed in the summary page during the certificate req=
uest=20
> wizard. Does it matter which computer I create the recovery agent=E2=A4=
=3D3Fs=20
> certificate upon as long as the computer is a member of the domain? Or do=
es=20
> it need to be a certain computer in the domain such as a DC?
>=20
> Thanks for your help in this.
>=20
> Mark
>=20
>=20
It really does not matter where you request the certificate. Just make=20
sure that you export:
- The certificate in base64 or DER encoding to add to the Recovery Agent=20
policy (preferably at each domain)
- The certificate in a PKCS#12 format and saved to media such as a CD to=20
allow import for recovery procedures

Brian

Top