Script to set folder security

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Windows 9x user longer than 5 chars can't log into windows 2003 do Hello, for several weeks windows 9x client can't log into our domain, strange thing is that if the user is less than 6 charecters it can log into the domain, articles has suggested changing the local domain policy NTLM to NTLM 2, but this changes eliminated the abilitiy to log in at all. any one?! suggestions? Regards, Dror Admon Operations & Infrastructure Manager Sheba Medical Center Tag: Script to set folder security Tag: 71132
  - 2
    - Microsoft AntiSpyware - Developer info - How to make installation of non-intrusive ActiveX DLL more user friendly? Greetings all. I was wondering is any developer information is available for microsoft antispyware product. We are a software vendor, who's developing a by-no-means non-intrusive, non-spyware ActiveX control meant to be run inside IE. Our users which have MSAS installed, are getting an "unknown activeX, block-allow?" question once installed although we digitally sign both the installation package and the DLL file itself. Maybe it's possible to get enlisted in the MSAS database? Or anything else? There's very little information regarding this issue on MS website... Tag: Script to set folder security Tag: 71131
  - 3
    - Should I set passwords for the three accounts to enhance the security? Should the three accounts, which are Guest, HelpAssitant,SUPPORT388945a0, be configured strong passwords to enhance the security of OS? Should I disable Guest & default Administrator to enhance the security? Tag: Script to set folder security Tag: 71129
  - 4
    - Hector saftey button Hi I have just d/loaded the hector saftey button(both versions) from the microsoft site. I am using win xp pro with all the latest updates instaled. The exe file will not run and is displaying the error message. "C:\windows\system32\autoexec.nt, the system file is not suitable for running MS-DOS and microsoft windows applications.Choose close to terminate the application." As stressed there are two files of this application one for Win Xp and one for all other systems. I have d/loaded both, both do the same error message. Please please reply to Bernard@ihug.co.nz as well please as i do not go to the newsgroups all of the time. Tag: Script to set folder security Tag: 71120
  - 5
    - password filter -parameter mismatch i have wrote a password filter dll in c++. When i try calling that dll from vb6 it works fine. But when i am trying to install on domain controller i am not getting the correct value for user name and password. I get only one character as user name and password. Do i need to install any lib. on domain controller? My function parameter are as follows BOOLEAN __stdcall PasswordFilter( PUNICODE_STRING AccountName, PUNICODE_STRING FullName, PUNICODE_STRING Password, BOOLEAN SetOperation ) stru defination is typedef struct _LSA_UNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING; Tag: Script to set folder security Tag: 71118
  - 6
    - Can "trusted Computing" be trusted? http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html IM Tag: Script to set folder security Tag: 71116
  - 7
    - RUN TIME ERROR ???? Hello The following error continues to pop on my screen when logging onto limited accounts, and at the same time it does not allow me to log on BUT changing the account to one as a Computer Administrator ... it logs on fine, No Error. ------------------------------------ Run - time error '26001': Failed to set registry value Key:'2147483646', Section: Software\Microsoft\Windows NT\Current Version\Winlogin',Key:'Userinit' to value:" ---------------------------------------- Any help with this error would be mighty appreciated. P.S. I do not want everybody to have Computer Administrator priveeys!! Thankyou much all. Tag: Script to set folder security Tag: 71113
  - 8
    - Please Help!! Security policy Hi to everyone!! I don't know if i'm in the right place or not but i have a question regarding writing a security policy for a company. The client has multiple servers running Novell 6.0 + NT PDC + Memeber Servers windows 200x + Unix SCO servers in the environment. They want to me to write a security policy or what are the procedure when somebody left the company or been fired, when a high ranking IT manager who knows all the passwords and all wants to leave or fired. what to do??? first actions??.... examples like disable account, changing the passwords,at NT + NOVELL + UNIX at e-mail, VPN and so on... Ex: when been fired , the person is escorted to the door. I need help!! i need an exisitng procedure to base on.. Please help ant suggestions. Tag: Script to set folder security Tag: 71108
  - 9
    - Getting windows Security Center to NOT warn of AV not running Running xp home, sp2. Using Sygate firewall, Norton AV 2004, Spy Sweeper, Spyware Doctor, AdAware. Because of the time required for all these to open at boot, Windows Security gets impatient & thinks the AV is off, so it gives me a "balloon" telling me the program isn't running at each startup. Any way to disable this alert? I looked through the Windows Security settings, if it's there I can't find it. TIA Dan Tag: Script to set folder security Tag: 71103
  - 10
    - Failed to initialize crypto API Hi, Is there any way I can run an application that requires ms crypto api (CAPI) without an administrator privileges? I get the following error "Failed to initialize crypto API" when trying to run a ciscosecure app and cisco says that is because microsoft requires admin access to use the crypto api. Is this true? Is there any work around for this since I dont have an admin account, but still need to run the app. Please help! Thank you Tag: Script to set folder security Tag: 71092
  - 11
    - Enabling virus protection Hello The question I am about to ask might sound very silly but it's really bugging me. I've tried day and night and I just can't find where to go to enable the virus protection which comes with Windows XP. Please could some one help me out???? Thanks Phil Tag: Script to set folder security Tag: 71084
  - 12
    - Windows 2003 Server SP1 Removes the MS03-039 Patch Using Windows 2003 SP1 and after running an ISS scan shows that patch MS03-039 needs to be applied. When I tried to apply the MS03-039 patch (Windows 2003 version) it will not install and a message box popped up stating there was already a newer version of the file because a service pack was applied. Did a fresh install of Windows 2003 Server and appled the MS03-039 successfully and ran Windows Update and completed all updates with the exception of SP1. Using the KB824146 scanning tool, it showed the patch was still applied. After applying SP1, the scanning tool showed MS03-039 patch was NOT installed and required investigating. Anyone have suggestions? -- JJ Tag: Script to set folder security Tag: 71082
  - 13
    - Authentication with MAC Is it possible to use IAS to authenticate a wireless card through RADIUS using the MAC address? If it is how would you configure this? Thanks, Ed Tag: Script to set folder security Tag: 71075
  - 14
    - How do I prevent users from using any form of password or other ge There used to be a way in NT4 to update a dll that prevented users from using password or any variation of password as their login password. Is that possible in 2003. I've heard of 3rd party tools but I don't want to spend the money. Tag: Script to set folder security Tag: 71070
  - 15
    - how to disable point-to-point tunneling protocol (pptp) anybody how to disable point-to-point tunneling protocol (pptp), port 1723 on a windows 2000 server? it's a system process but not sure how /what launched it -- poco Tag: Script to set folder security Tag: 71069
  - 16
    - Dialer.WSV Hi, I hope somebody can help me, my pc is infected with a virus called Dialer.WSV and also with a form of adware by the name of adag.exe. Norton will delete Dialer.WSV but will not delete adag.exe. I am unable to manullly delete the adware. Tag: Script to set folder security Tag: 71066
  - 17
    - how to restrict limited user only visiting several websites Windows XP SP2, the administrator account want to restrict limited account only visiting several dedicated websites, and forbidden the limited account visit all the rest websites! My ideal is that disable quering DNC server, and mapping the IP addresses to host names only which I allow the limited account to visit...... But the drawback is that the limited account user can input the IP address directly in browser! Maybe there have other methods to accomplish the hard work! __ Lecter - "Trust No One!" Tag: Script to set folder security Tag: 71060
  - 18
    - Spybot found DSO Exploit I recently installed Spybot & it has found 5 entries re the above, details are: HKEY_USERS\S-1-5-18. Registry Change. HKEY_USERS\S-1-5-21. Registry Change. HKEY_USERS\S-1-5-20. Registry Change. HKEY_USERS\S-1-5-19. Registry Change. HKEY_USERS\DEFAULT. Registry Change. Can I remove these safely without causing any problems please? (As lately I've had quite a few)!! Many thanks Tag: Script to set folder security Tag: 71056
  - 19
    - OWA CITRIX SECURITY Hi there, We have a sytem with one domain and two sites.These 2 sites are connected to internet and eachother through a firewall located in somewhereelse. We are now considering remote acces to exchange server.We have 2 considiretaions. 0ne of them is owa, the other one is Citrix. Which one should I prefer and is more secure? Thanks -- Tag: Script to set folder security Tag: 71055
  - 20
    - 2003 Enterprise CA, MSCEP - 0 length cert message on cisco 837 rou Hello Everyone, I'm trying to use MSCEP on a 2003 Enterprise CA to request a certificate for Cisco 837 router. When I run the cisco command "crypto ca authenticate TRS-AD-CA" the router comes back with a message "% Error in receiving Certificate Authority certificate: status = , cert length = 0" which indicates that my 2003 CA is not sending anything back for the request. I can successfully request a certifcate from this router when I connect to a 2000 Standalone CA but my new 2003 Enterprise CA is not working correctly. I initially had problems with the 2003 Cert Server installation as IIS was already installed on the server before DCPROMO was run however I followed the Microsoft Knowledge base article (332097) and corrected the security permisions. When I install MSCEP I can see that the CA issues an "Exchange Certificate" and "CEP certificate" but there is still something wrong when trying to get the router to request a cert. I think the CA is okay as I can request other Certs from a web browser etc. and I see my AD Domain servers have automatically requested and received certificates however my MSCEP is failing. Does anyone have any ideas where to look to resolve this problem as I can't find any similar problems on the internet. Thanks in advance, Peter Arians. Tag: Script to set folder security Tag: 71054
  - 21
    - What happened to my OS? I used anti-spyware software Ad-ware to scan my OS. Below is the log: Vendor:Windows Category:Vulnerability Object Type:RegData Size:6 Bytes Location:exefile\shell\open\command "" (%1 %*) Last Activity:2005-4-28 Risk Level:Low TAC index:3 Comment:Possible virus infection, executable file extension compromised Description:General Windows Security Issue. Your system security may be compromised. The specifics of the possible compromised item are listed in the comments section. I have fixed the problem with the software. But what confused me is what and when caused the problem? Thank you. Tag: Script to set folder security Tag: 71052
  - 22
    - Limiting Logon to a Specific Group of Computers I know the method of how to specify what computer a users account can logon on to, but I was wondering if there are any limitations. Somebody told me that I can only limit the number of computers on person can logon to which is 30. Does anyone know if this is true or not? TIA CurtisC Tag: Script to set folder security Tag: 71041
  - 23
    - Password/Authentication Problem Our W2K3 server suddenly (as far as we can tell) started denying access to any user whose account was created, or whose password was changed after some unknown event occured. Any user created before the event and whose password has not been changed can login without dificulty. The problem users receive the "incorrect username or password" message. Any ideas what happened and how to fix it? Thanks! Tag: Script to set folder security Tag: 71040
  - 24
    - Generic Account Password Failures Unfortunately at this time, we are required to provide a generic account to a group of people that are attached to the domain. On occasions, the password will just quit, die, stop working, and we have to reset it. Has anyone else experienced this kind of an issue and was it solved? TIA CurtisC Tag: Script to set folder security Tag: 71039
  - 25
    - Authenticating user's join domain credentials ? --- win32 api ??? Hello Gurus, I have a scenario where I have to validate a given set of credentials, without actually joining a computer to a domain, using the credentials. The information I have username password domain name computer name I am trying to find a windows native/managed api, which would let me do that. I did find some api which would let me Join the computer to the domain and unjoin from the domain. I am sure these api, internally, are using some low level functions/api to authenticate the credentials first before attempting to join the system to the domain. Your answers are highly appreciated. Thanks in Advance. Srikanth Tag: Script to set folder security Tag: 71037
- Next
  - 1
    - Root CA Certificate vs Client Cert Expiration I have a very basic security question. If I set up a root CA for my domain and begin handing out all kinds of certs that expire in a year. Do I have to keep renewing those client certs every year or will they automatically pull down a new one upon expiration? Or do I just need to assure that my Root Cert doesn't expire before being renewed? Tag: Script to set folder security Tag: 71034
  - 2
    - Process ownership Hi, I want to control who a process is running as on the fly. Is this possible? LogonUser and impersonation doesn't seem to work because LogonUser doesn't actually start everything needed by that user. VPN connection for example. I see so much about Security IDs and such, is there a way to manipulate the owner of a process while the process is running via these IDs? I don't see any apis that take UN, Domain, and PW like LogonUser. Thanks Tag: Script to set folder security Tag: 71033
  - 3
    - Free Download: Visio Connector for MBSA Visualize the security status of your network with the Visio Connector for MBSA. This free utility allows you to view the results of an MBSA (Microsoft Baseline Security Analyzer) scan in a clear, comprehensive Visio 2003 network diagram. You must have both Visio 2003 and MBSA 1.2.1 for this connector to function. Learn more or download this free utility at http://www.microsoft.com/technet/security/tools/mbsavisio.mspx Sanjay Puri This posting is provided "AS IS" with no warranties, and confers no rights. Tag: Script to set folder security Tag: 71031
  - 4
    - Internet Explorer 6 Hijacked Browser has been highjacked and I have tried the 3 most popular spyware removal tools, Spysweeper,Spybot and Adaware. To no avail. They each detect and remove various spyware but they are all missing the same problem. IE 6 is still being hijacked. Aside from wiping the drive I need some advice or tools to get rid of the malware. Any ideas? Tag: Script to set folder security Tag: 71025
  - 5
    - Cannot change filename I have two very strange folder problems. To start off, I am the Domain Admin and have all rights. My domain is Windows 2003. I have created a folder in my document directory under my home home directory (H:\Docs) and it is called New Folder. I would like to rename it, but the system will not let me. I get the access denied. System is full or write protected message. Looking at the properties, it is Read Only, which I cannot clear, I am the owner. Administrator cannot modify it either. If I log directly on my Data Server (the location of the home directories) as me, I cannot even open the Docs directory. On the same subject but a differnt server, there is a directory that was created to temporarily store data as we moved data around. Now that directory cannot be deleted or renamed. The folder is called hi01 but when you try and delete it, the error message is Cannot delete My New DW Site. Cannot find the specified file. Make sure you specify the correct path and file name. I am out of guesses and any help is appreciated. Steve Tag: Script to set folder security Tag: 71024
  - 6
    - Password Policy Issues Hi all, I've ran into an issue with my password policy. I've changed it on one of my DCs. Replicated out (one site domain, 3 total DCs), can not find any password policy in any other GPOs (gone to the extent of only having my dc policy and default domain polcy enabled) and my changes still won't take effect. This is 2003. I have DCA DCB DCC. Changed the polcy on DCB. Did a gpupdate on my client, no settings take. However, I do say a homepage GPO, do a gpupdate, and immediately takes. Is there something I'm missing? TIA, Joshua Tag: Script to set folder security Tag: 71022
  - 7
    - Automatic Update Problems Hi Yesterday I had a signal for an automatic update download and install. The process proceeded to shutdown and restart at which time I noticed that the update symbol was still in the tray and when selected notified that updates where ready for installation. When I selected install the installation was shown as a failure to install; when I checked the installation history screen it showed a success for the first installation but a failure for all subsequent tries. The machine has been shutdown over night but the update symbol is still active in the tray. How do I remove/shutdown this process? Thanks. Tag: Script to set folder security Tag: 71020
  - 8
    - C:\WINDOWS\system32 any software to monitor this folder C:\WINDOWS\system32 ? that is if any applications want to add something, it need permissions? Tag: Script to set folder security Tag: 71016
  - 9
    - My Domain Security Policy is not Opening.. Hi I have Win2000 Domain Controller logged in as administrator having full rights. Problem is : I could not able to open Domain Security Policy or Domain Controller Security Policy. We would like to apply some policies. But Domain Default Policy Editor is not opening at all. Its showing a message like "you dont have appropriate permissions. Details : The System Cannot find path." That is the message i m getting whenever i tried to open Domain Security Policy and Domain Security Policy. Please help me in this. Thanks and Regards Rajam. Tag: Script to set folder security Tag: 71014
  - 10
    - how can i add certificate to kerbrose hi how can make authentication of kerbrose v5 stronger with machine certificate without ipsec please help me thank u Tag: Script to set folder security Tag: 71010
  - 11
    - AzMan with 2000 mixed DC We are deploying an application which uses AzMan, with the store in AD, and have just discovered that it won't work with the production DC which is Windows 2000 in "mixed" mode. For AzMan to work it has to be a Windows 2003 "native" mode which is not possible as there are Unix machines in the domain. We need to preserve the windows authentication capabilities in AzMan, against users and groups in the existing (windows 2000 mixed) domain. Would a separate Win2003 domain with trust relationship to the primary domain be a solution? If so would users need to be replicated to the Win2003 DC? Can anyone suggest other alternatives? Tag: Script to set folder security Tag: 71009
  - 12
    - Error 1003 I've a problem with error 1003. Once a day (twice) I have a blue screen error. I've read many articles, here you have definition: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/errors_1001_through_1010.asp and other from support.microsoft.com. I supposed that it could be a virus (read on Microsoft site) but checked and no viruses were found (with Ad-Aware & MKS, bit defender caused my system to crash- error with regspy.sys (blue screen)- it's a file which belongs to BD and I'd waited for 3 minutes (!) to haveTask Manager oppened, so I removed BD with ACE Util (with Microsoft Windows error reports oppened in the background- if closed, blue screen appeared :|. It has a number 0x00000050 (STOP ERROR). I've also checked logs in the Administrative Tools (Computer Management) and I've got a message that it was a System Error in Category 102 Number 1003: Error Code 000000d1, parameter 1 000000b1, parameter 2 00000002, parameter 3 00000000, parameter 4 f743d205. I've no idea what could it be, I don't cause my system to crash, it must be an internal system problem. My system has 4 days (format). Do you think that it could be a memory or chipset problem? Or just a software? I have Win XP Pro with SP1. My computer: AMD Athlon 64 3200+ BOX (Socket 939) Winchester Microstar K8T Neo2-FR/939 (MS-6702E-020) Via K8T800 (I've installed new drivers now!) Seagate 160 GB Barracuda 7200.7 ST3160827AS 8MB Serial ATA / NCQ (I had to install drivers (on floppy) during the installation) Kingston HyperX DDR 2x 512MB PC-400 (KHX3200ULK2/1G) CL2 Nvidia GeForce FX 5900XT Gainward (has 10 days, I'had no problems on the old system XP Pro sp1- the same) Modem Thomson SpeedTouch USB (new, was 2 days working on the old system, no problems) Logitech UltraX Flat Keyboard OEM Creative Optical Mouse 3000 Lite-On SOHR-5237S bulk (x52/x32/x52) Neotec V4200 Please help, Paula Tag: Script to set folder security Tag: 71003
  - 13
    - Windows 2003 SP1 and CHM files over a network connection Hi, I have recently upgrade a windows 2003 server to sp1 and have found that I have a problem with chm files that are opened from a network drive or resource. The following article explains this and gives suggestions on a resolution. However the article talks about topics missing not the content pages not displaying. http://support.microsoft.com/kb/896054 When I copy the file from the network drive to the local desktop the chm file opens fine and displays correctly. Can anyone explain why this doesn;t work its driving me nuts. Thanks, Andy Tag: Script to set folder security Tag: 71001
  - 14
    - Antivirus what antivirus do you use ? -- catchyogi ------------------------------------------------------------------------ catchyogi's Profile: http://forums.techarena.in/member.php?userid=3298 View this thread: http://forums.techarena.in/showthread.php?t=88520 Visit - http://forums.techarena.in/archive/index.php/ Tag: Script to set folder security Tag: 70999
  - 15
    - Obvious manipulation of e-mail headers - what good are they? Received: from %STATIC_3WORD (IMLI-852-880.%S_1FROM_DOMAIN [%LIST_IP] (may be forged)) by %STATIC_2WORD.%S_1FROM_DOMAIN (MOS 3.3.6-GR) with ESMTP id DLT75284 (AUTH %STATIC_3WORD-02) ; Thu, 28 Apr 2005 01:37:32 -0200 (IST) Date: Wed, 27 Apr 2005 22:39:15 -0400 (EDT) Date-warning: Date header was inserted by ms-mta-03.nyroc.rr.com From: Martha Peck <iheskhfcbe@action.com.au> Subject: Message subject To: dverdow@nycap.rr.com Message-id: <3kmqqq$ehe806@orngca-mx-03.mgw.rr.com> MIME-version: 1.0 Content-type: TEXT/PLAIN Content-transfer-encoding: 8BIT Nothing in these (partial) headers has any relation to the real world. = Everything is made up. But not by me by the sender. Now what good are = headers anymore? I can answer that. It's easy. It gives the ISP of = the spammer an excuse used to deny they are enabling the spammer - dah! --=20 George Hester _________________________________ Tag: Script to set folder security Tag: 70997
  - 16
    - Modify Default User Template in Certificate Server I am running Win 2003 Enterprise......and I can create version 2 templates....but I need to modify the default user template used by the web enrollment... is this possible or would it be better to modify the web enrollment code? Thanks Tag: Script to set folder security Tag: 70994
  - 17
    - Impersonating accounts Hi, I am logged into Windows as User A and running a service under Local System account. This service is trying to find a certificate that is in the user store (not the local machine store). To search for the certificate, I assume I have to impersonate the user (User A) programmatically. The impersonation functions are returning successfully and I am able to find the certificate. However, the problem is that although the impersonation functions are working, they do not load the registry hive for User A. So if I am logged in to Windows as User B (or even logged out), the certificate searching fails. How can I programmatically load the registry hive for a specific user? Thanks, Mat. Tag: Script to set folder security Tag: 70993
  - 18
    - Security update dated 2/13/2002? I have been receiving notices and installing critical updates on a regular basis for years, but I am now receiving notification of a security update dated February 13, 2002 MSXML 4.0. I'm not sure if I should download and install this update or not. Does anyone know why I am suddenly receiving notification of a security update which is more than three years old? Tag: Script to set folder security Tag: 70989
  - 19
    - Error: 801 using mbsacli.exe on Windows NT 4 server I am using the mbsacli.exe utility to scan a Windows NT 4.0 server. The command line I use is as follows: mbsacli -HF -v -s 1 The error I recieve is as follows: Information Error: 801 - No XML was loaded for the language of the machine. Does anyone know what is causing this error? Tag: Script to set folder security Tag: 70987
  - 20
    - Tracking Hi, I was at the Infotech security show in London today, where I saw a HUGE variety of anti-hacker, anti-virus, anti-phishing etc etc ad infinitum, programs. These program vendors told how these products could detect intrusion and stop it. Detect patterns of use and stop advers patterns. Stop viruses and trojans and spyware etc etc. But imagine that you are a corporate who relies on trade worldwide in a sector where all information regarding deals and clients needs to be kept absolutely secret from competitors. Now imagine that you have some-how been hacked and such information has been breached. Also imagine, that you have a pretty good idea that you know that a competitor is behind it. I did not see one piece of software(maybe my eyes are not that good), that offered a means to track, trace and provide evidence with relation to a breach. Many showed how, if breached the system could be quickly secured, but hey.... isn't that rather beside the point?? Haven't you already lost your livelihood?? Is there any product out there that can detect, secure and then trace a hack etc so that at least you can take some kind of legal action against these people?? Surely, if a system is hacked with the purpose of obtaining information then that information has to go back to the hacker, otherwise, what use is it?? (or to be published thus rendering the info useless). If this is the case then surely there is a way of detecting where and who..... Or am I over simplifying things here..?? Corporate hacks in todays competitive corporate environment are only going to get worse and more prevalent, .... Is there anything out there................. Terry Tag: Script to set folder security Tag: 70986
  - 21
    - SFTP Ten minutes ago was the first time I had ever heard of "Secure FTP". I assume that is using SSH or SSH2 underneath. What support, if any, does the various versions of Windows provide for SFTP ? Thanks Stephen Howe Tag: Script to set folder security Tag: 70980
  - 22
    - There is a serious problem within Server 2003 SP1. There is a serious problem within Server 2003 SP1. I have updated my Server 2003 EE to SP1 and soon after (about 3 days) I noticed some strange networking problems. Now the server has a multi homed network configuration where it has two gateways. One point's to the internal network here in the office LAN the other rests on the DMZ so that I can forward traffic to that server for http / https and SMTP. This has worked fine with out any problem for over a year. It seems SP1 changes the main gateway when ever it feels like it. and I don't know why. I am posting a few route prints of how it was when all was working fine. =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.0.0.2 10.0.0.1 20 0.0.0.0 0.0.0.0 192.168.1.3 10.0.0.1 20 10.0.0.0 255.255.255.0 10.0.0.1 10.0.0.1 20 10.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 20 10.255.255.255 255.255.255.255 10.0.0.1 10.0.0.1 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.110 10.0.0.1 20 192.168.1.110 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255 192.168.1.110 10.0.0.1 20 224.0.0.0 240.0.0.0 10.0.0.1 10.0.0.1 20 255.255.255.255 255.255.255.255 10.0.0.1 10.0.0.1 1 Default Gateway: 192.168.1.3 Then in about 3 days time with no info in event viewer at all I now have: =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.0.0.2 10.0.0.1 20 0.0.0.0 0.0.0.0 192.168.1.3 10.0.0.1 20 10.0.0.0 255.255.255.0 10.0.0.1 10.0.0.1 20 10.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 20 10.255.255.255 255.255.255.255 10.0.0.1 10.0.0.1 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.110 10.0.0.1 20 192.168.1.110 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255 192.168.1.110 10.0.0.1 20 224.0.0.0 240.0.0.0 10.0.0.1 10.0.0.1 20 255.255.255.255 255.255.255.255 10.0.0.1 10.0.0.1 1 Default Gateway: 10.0.0.2 The 2nd route print is the one that doesn't work Tag: Script to set folder security Tag: 70972
  - 23
    - Trace deletor of files Is there any way of tracing which user deleted files from a Windows 2000 (SP4) server? The files are not in the recycle bin as they were deleted from a client PC (Win98 or XP) I'm not concerned about restoring the files,just tracking the deletor. Tag: Script to set folder security Tag: 70963
  - 24
    - Viewing what share users are using. -- please help! Hello, hoping someone can help. I want to see which users are logged into what shared directories. When I go to My Computer --> Manage --> Shared Folders --> Sessions. I can see the user name, and IP..etc, but I can not see what share they are using. Can anyone point me in the correct direction? Does Microsoft have a tool to determine what shared session they users are using. Thanks. Tag: Script to set folder security Tag: 70962
  - 25
    - Customized Error Message Hi, I have registered a customized Password filter dll and it works fine . My requirement is that i need to display a customized message when a users attempt to change his/her password fails since the new password is not confiming the password complexity algorithm implemented by the my password filter. Thanks Tag: Script to set folder security Tag: 70955

I recently moved the home folders for 900 students to a new 2003 server and
when I did I messed up all the folder security settings. The folders name is
based on the users login name. Is there a way to run a script that would
read the folders name and then set the folders security to give that user
full permission, and give a number of other security groups permission at the
same time? E.g. user:F Domain Admins:F System:F and teaching:F

Top

Re: Script to set folder security by Roger

Roger
Sun May 01 09:56:42 CDT 2005

Sure this is possible.

One could use a Wsh language like Vbscript, instance the
filesystem object, then get object for the root folder of
which you are concerned.
(BTW, if you set here inheritable NTFS security to carry
all that is the same for all subfolders, like Administrators
Full control, then you would have a tighter end result).
In the script, from the folder object you would get the
subfolders collection, and then for each of them it is
just going through a loop to parse out the account that is
correct for the folder and then, most simply, shelling out
to a cacls execution using the /e /t /g flags.
See cacls /?
Other than shelling out to cacls, it us possible to use WMI,
adSecurity.dll, or third-party additions like setacl that could
be used.

There is a microsoft.public.windows.server.scripting
newsgroup if the hint of using cacls is insufficient . . .

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Stephen Bloomer" <StephenBloomer@discussions.microsoft.com> wrote in
message news:8C2C05FA-E0AD-4C96-A00E-05B473C37944@microsoft.com...
> I recently moved the home folders for 900 students to a new 2003 server
and
> when I did I messed up all the folder security settings. The folders name
is
> based on the users login name. Is there a way to run a script that would
> read the folders name and then set the folders security to give that user
> full permission, and give a number of other security groups permission at
the
> same time? E.g. user:F Domain Admins:F System:F and teaching:F

Top