SendAs/ReceiveAs permissions

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - For N. Miller Hi N. Miller, I found out what it is. I made a Rule to Log anything using that IP in or out. It is my Browser Netscape 7.2 that makes a Inbound Domain call using the App (Browser) Netscape.exe and looks for a Outbound return using the Apps Netscape.exe, Wucrtupd.exe and Wuloader.exe. Sometimes it didn't use an App at all on the Inbound that alerted me to it in the first place. I can't Block the In/Outbound using the Netscape App or I can't Surf the Web. But I can Block the In/Outbound one's using the Windows Update Apps wucrtupd.exe and wuloader.exe without any problems. Why the hell does it need to use those Apps when it can use Netscape.exe both ways ????? And it may explain those hits on Port 80 I see too. Is this something we should worry about? Is it a type of Spyware? Kevin Rule "205.188.146.145" blocked (205.188.146.145,domain). Details: Outbound UDP packet Local address,service is (0.0.0.0,1176) Remote address,service is (205.188.146.145,domain) Process name is "C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE" Rule "205.188.146.145" ignored (0.0.0.0,1098). Details: Inbound UDP packet Local address,service is (0.0.0.0,1098) Remote address,service is (205.188.146.145,domain) Process name is "C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE" Rule "Block Outbound AOL Proxy wucrtupd.exe TCP/UDP" blocked (205.188.146.145,domain). Details: Outbound UDP packet Local address,service is (0.0.0.0,1103) Remote address,service is (205.188.146.145,domain) Process name is "C:\WINDOWS\SYSTEM\WUCRTUPD.EXE" Rule "Block Outbound AOL Proxy wuloader.exe TCP/UDP" blocked (205.188.146.145,domain). Details: Outbound UDP packet Local address,service is (0.0.0.0,1094) Remote address,service is (205.188.146.145,domain) Process name is "C:\WINDOWS\SYSTEM\WULOADER.EXE" Tag: SendAs/ReceiveAs permissions Tag: 74495
  - 2
    - Visio Connector for MBSA 2.0 released! Based on the extremely positive response we received to the first version of Visio Connector for MBSA, we have just released Visio Connector for MBSA 2.0. This utility allows you to view the vulnerability assessment information generated by MBSA 2.0 on a Visio 2003 network diagram. You must have both Visio 2003 and MBSA 2.0 (or MBSA 1.2.1) for this connector to function. You can learn more or download this free utility at http://www.microsoft.com/technet/security/tools/mbsavisio.mspx. Sanjay Puri This posting is provided "AS IS" with no warranties, and confers no rights. Tag: SendAs/ReceiveAs permissions Tag: 74494
  - 3
    - LSASS.exe thrashing processor I have a box with Windows 2000 Server (standard) running SQL 2000 (standard). The problem is that the lsass.exe is running constantly at 50-60% and taking up between 150-250 MB of memory usage. To me, this seems like an awful lot, not to mention that the process never stops. Ran Symantec Corporate and came up clean. Any ideas? Tag: SendAs/ReceiveAs permissions Tag: 74491
  - 4
    - One Care Public Beta Where's the Group(s)? One Care is in Public Beta. Usually that would mean a group or groups. Does anyone know where they might be? Best, Chad Harris Tag: SendAs/ReceiveAs permissions Tag: 74481
  - 5
    - Best Anonymous Proxy for Winxp ?? Hey guys I am searching for a Free Anonymous Proxy for Windows Xp .....Send me Links Thanx Tag: SendAs/ReceiveAs permissions Tag: 74475
  - 6
    - xp firewall help I just purchased a new laptop bundled with xp-sp2, Norton AV (90 day), I activated the Norton AV but disabled the Norton personal firewall, ran the network wizard to configure the laptop wireless adaptor to one I installed in my home pc, (xp-sp2, dial up), enabled file, print, ICS sharing, updated Norton definitions and xp updates. The problem is everytime I turn on the laptop the windows firewall is disabled along with two of the three alert options located in the Security Center. So I literally have to open the security Center Window to see that it is off and then manually set it to on. I have to do this each time I restart. I checked the services tab under computer management and the text says its on auto, I also ran a scan with Norton and it came up clean. Anyone know how to keep the windows firewall on as a default or is this a byproduct of having Norton? Hihar in Thanks, Tag: SendAs/ReceiveAs permissions Tag: 74474
  - 7
    - cdp publish hi all i installed a new CA infrastructure in my organization. i have root CA server and subordinate CA and 5 machines as CDP'S. on the subordinate CA server at the server properties in the certificate main consule, when going to the extensions tab, and typing a path to any of my CDP'S using DNS CNAME for the CDP, im getting an error trying to publish to that cdp. its like the server cant find that cdp. when i type the netbios name or the dns name for the cdp path its working. why is that, i need to use cname's for my cdp's for redundecy. thanks for the help Tag: SendAs/ReceiveAs permissions Tag: 74470
  - 8
    - Mapping Drives in Windows Server 2003 HELP! I want to map a XP Pro pc to a share I created on a 2003 server. When I go to map the drive from my PC...it prompts me for a username and password. I try to log into the share and it keeps saying bad username or password. I created at least 2-3 test users to try this with and changed passwords but it still wont except my logins...I am stumped! Please Help!! Tag: SendAs/ReceiveAs permissions Tag: 74463
  - 9
    - spyware Possible spyware installed but I can not detect it. I have zonealarm antivirus/firewall with popup blocker enabled. Ad-Aware pro/ad-watch popup blocker enabled. I've run scans with all including the multi av-cls several times. Popups are occuring regardless if I'm browsing the web or not. Soon as I boot the system if you just wait a while they start to appear. Any thoughts or suggestions? Tag: SendAs/ReceiveAs permissions Tag: 74462
  - 10
    - Certificate Services Performance --- Back in December of 2004 we deployed a large CA based on Microsoft Certificate Services (MSCA) on Windows 2003. The MSCA is advertised to reach 2 million certificates a day - which is about +/- 1388 certs per minute. I recently ran some tests and I was lucky to get 16 certs per minute. This was running on a 4 processor HP DL580, 4 GB memory with nCipher HSM hardware assist --- So, I have two questions for the group --- 1. Has anyone else tested their certificate generation performance; what did you find? 2. If you did test your performance, what tools did you use to test the performance? I used a vbs script running for other networked nodes in a scheduled batch job. Thank you. Daya -- Daya Puls, CISSP IT Security, Sigma Systems, Marlborough, MA Tag: SendAs/ReceiveAs permissions Tag: 74455
  - 11
    - Nessus report is not correct ? Using nessus to scan my website, the report contains follwing messages. ============================= Vulnerability http (80/tcp) At least one of these CGI scripts is installed : hello.bat echo.bat They allow any attacker to execute commands with the privileges of the web server process. Solution : Delete all the *.bat files from your cgi-bin/ directory Risk factor : High CVE : CAN-2000-0213 BID : 1002 Nessus ID : 10246 ============================= Vulnerability http (80/tcp) The CGI 'args.bat' (and/or 'args.cmd') is installed. This CGI has a well known security flaw that lets an attacker upload arbitrary files on the remote web server. Solution : remove it from /cgi-dos. Risk factor : High CVE : CAN-1999-1180 Nessus ID : 11465 ============================ But I can't locate file hello.bat,echo.bat,args.bat or args.cmd in my computer. What should I do ? Ignore these messages? Where can I find more information ? By the way, my computer's configuration is: OS: WIndows 2003 Server IIS: IIS 6.0 language: Active Server Page (ASP) Tag: SendAs/ReceiveAs permissions Tag: 74450
  - 12
    - "message service" pop up window I have recieved a "Message Service" pop up window. The message tells me to go >www.ms-repair.com<. Is this a legitimate site? The message also tells me that my system has 72 errors, need to install registry repair, run registry repair, and reboot the computer. Thank you in advance for anyone who can help, Tag: SendAs/ReceiveAs permissions Tag: 74358
  - 13
    - Ports 6346 and 1434 TCP and UDP HI, Is anyone else getting a lot of hits on 6346 and 1434 in both TCP and UDP ? 1434 is ms_sql-m but what use is 6346 for ? Kevin Tag: SendAs/ReceiveAs permissions Tag: 74355
  - 14
    - Antivirus on server or client? What is recommended: install an antivirus program on the server or on each client individually? Setup: W2K Server, XP clients, MS Exchange. Tag: SendAs/ReceiveAs permissions Tag: 74346
  - 15
    - pop uos i keep recieving pop ups from the same address(69.28.210.175/media/773379) every 5 minutes on the nose 24/7.I'm using stopzilla to block these but they still splash on my screen and are logged and momentarily slow my computer.I use adaware and spybot searcch and destroy as well as delete my cookies but it has no effect. 1. is it legal for these to be sent? if it is something needs to be done. 2.is it possible to stop these from reaching my computer? Tag: SendAs/ReceiveAs permissions Tag: 74339
  - 16
    - MS04-011 LSASS virus My laptop runs under XP(sp2). Since I installed Trend-Micro PC-cillin 2005 (AntiVirus,Firewall,AntiSpyware combined), I'm getting "MS04-011 LSASS" attack warnings. Microsoft XP-SP2 supposed to have the fix for this virus, but the the warning never goes away. "Microsoft Bulletin MS04-011(835732)" offers the fix for all other operating systems except for XP. Anyone knows how to get rid of this problem? Thanks. Ken Tag: SendAs/ReceiveAs permissions Tag: 74332
  - 17
    - AOL Servers Probing ??? Hello, I've been getting a number of hits on Port 80 from AOL Servers and Proxies even without a Browser open. Since they are not tied to an App Rule they are Blocked and they hit some other Ports too, sometimes as high as 60,000. Why are they Banging my Http Ports (80 and 1080) and ramdom Ports from 5000-80,000???? Since I'm Dial-up I'm not the Target but this IP Block must be. The one's between 5000-60,000 are rare and I don't worry about them but it seems they are AOL Servers or Proxie Servers most of the time and not Users. And I'm not talking about when I first go online with Dial-up where someone else could have had the IP and I'm getting their Returns. This example is not from a server but I had cleared my Log yesterday after some Security Scans to check my Firewall so it's all I have right now. Rule "Default Block HTTP Port 80" blocked (compaq,http). Details: Inbound TCP connection Local address,service is (compaq,http) Remote address,service is (172.165.17.222,2122) Process name is "N/A" In Local Address; compaq is another way this computer lists localhost, 127.0.0.1. Tag: SendAs/ReceiveAs permissions Tag: 74330
  - 18
    - spyware - windupdates Hi, Adaware keeps finding something called windupdates. I keep deleting it and it keeps coming back! Help! How do I get it to go away permanently? Tag: SendAs/ReceiveAs permissions Tag: 74326
  - 19
    - possible to block/uninstall games via Group Policy? Hi is it possible to block or uninstall games via a group policy? Tag: SendAs/ReceiveAs permissions Tag: 74325
  - 20
    - Restrict users to only connect to our wireless network Hi, I have a wireless network and want to make sure the users only connect to this wireless network and no others at all. Can this be done? Tag: SendAs/ReceiveAs permissions Tag: 74324
  - 21
    - unable to connect to windows firewall ant-virus wont auto protect I am having dificulties with the windows security centre i keep recieving the warning about the firewall connection and also now my norton anti-virus will not enable autoprotection.. can anybody help. i ahve tried to recconect my windows firewall but it wont do it, a message come sup sayin it cannot connect to windows firewall!! what can i do? Also i have norton anti virus and up untill 2 days ago it was working fine doing a full computer scan every week but now thiswont work, on th eoptions itis not set on auto protect and it will nto allow me to select this option!! help me my compute ris at graet risk what can i go.. i was adviced to download the updates but this has not fixed the problem help Tag: SendAs/ReceiveAs permissions Tag: 74323
  - 22
    - Local Caching Where is the user's password cached when you have a GPO setting on Interactive logon: Number of previous logons to cache (in case domain controller is not available)? Is it store in LSASS secrets? If we set our server to not store local cache of user's password what application or other things will break? I u nderstand that if you turn that off and there is no domain controller available that you will be unable to logon to that server in that domain...But what other hidden gotchas are out there that I might not be thinking of? Tag: SendAs/ReceiveAs permissions Tag: 74306
  - 23
    - Fake Add Message Well hey, i started to hear this from many friends, a contact that adds them then they loose their password and wont be able to sign again to their account.! that's so weird, any one heard about that ?? Tag: SendAs/ReceiveAs permissions Tag: 74305
  - 24
    - How to set up pass-through authentication on W2K server Hi Experts, How do I configure passthrough authentication on the server, so the following task will work. Here is the situation. There is currently a spreadsheet on the network which is being used to capture the date and do whatever calculations are necessary. The location of the spreadsheet is in a shared location and we should recreate permissions so only the necessary people have access. Since the prime purpose of the Tablet is data collection using this speadsheet, I want to have a common logon for anyone who uses this and it should not be part of the domain. The new account needs to be created locally and on the domain so I can map a drive to the spreadsheet location using pass-through authentication. I don't want people logging on using their domain ID because they have roaming profiles and this will mess-up everything. THX in advance Tag: SendAs/ReceiveAs permissions Tag: 74304
  - 25
    - Locked out of Hotmail Account Can't get into my Hotmail account. Locked out. Seems like someone got in and changed my login info. Need some sort of technical support. MSN will not answer emails. I cannot find any support phone numbers. Any and all help is appreciated!! Thanks!! Tag: SendAs/ReceiveAs permissions Tag: 74303
- Next
  - 1
    - File access tracking software Anyone know of a product/solution that can track domain users' access to files on a shared drive and be able to run reports on the data? Tag: SendAs/ReceiveAs permissions Tag: 74301
  - 2
    - IPsec Implementation I'm trying to implement IPsec on the work network just for the LAN. After reading about planning and setting up policies. I'm still not 100% sure what it is that I need to do. We're using Windows Server 2003 Enterprise edition and I checked that IPsec service is running. Do I only need to setup IPsec policies (request security) on the server and the workstations will use IPsec automatically? All the workstations are running XP SP2. If I right-click on an IPsec policy, "Assign" is shown on the menu. If after I selected Assign, would I be able to simply unassign it? Would there be any complications? Do I need to create some sort of certificates for IPsec? server and workstations? Tag: SendAs/ReceiveAs permissions Tag: 74299
  - 3
    - Desktop.ini auditing filling event logs I have enabled auditing on a directory and all of its subdirectories and files, for a location where users My Documents have been redirected. I have set auditing for Change Permissions, Take Ownership, Write Attributes, and Write Extended Attributes. However, my security log on that machine is being filled with "Object Access" entries referring to Accesses of ReadAttributes and WriteAttributes. For the normal user, this is happening for only their redirected folder. For the few in the domain admins group, there is an Accesses entry with READ_CONTROL, ReadData (or ListDirectory) and ReadEA in addition to the previoius two, for everyone's desktop.ini file in their redirected users. This is really filling up the log files, making auditing very difficult. Any ideas or help would be greatly appreciated. Rich C. Tag: SendAs/ReceiveAs permissions Tag: 74293
  - 4
    - Hijackthis Can this program detect presence of viruses on computer. Tag: SendAs/ReceiveAs permissions Tag: 74287
  - 5
    - Viruses and hijackthis Hi. If computer is infected will i see this in hijackthis program or not? Tag: SendAs/ReceiveAs permissions Tag: 74286
  - 6
    - safe mode antivirus hi, I use AVG free version in regular mode. I can NOT use it in safe mode. I also have the sysclean from trend micro that I have used in the past because one can use it in safe mode. But, the scan usually takes more than an hour, though if it does the job, I wouldn't mind. Still, I would like to see if anyone out there has another (free perferably) AV program that they recommend to use in safe mode. that way, if I am short on time and can't use Sysclean, I can use that one. Note: I have stinger too. but, would like to get another one that I can enable only in safe mode. WIll use AVG all the other times. thanx Tag: SendAs/ReceiveAs permissions Tag: 74285
  - 7
    - HELP can't logon to my computer I need help fast...i can't logon to my computer, im using windows XP professional... i was trying to create a workgroup and it said i belonged to a domain already and it had to be changed before i could create the workgroup...so i change my domain to workgroup and then restarted like it said...however now i can't logon to my computer...no user name or password that i can think of will work..i need to know of a way i can get around the logon so i can access my files..please help! -- Jill Tag: SendAs/ReceiveAs permissions Tag: 74274
  - 8
    - Security token design question There is a smartcard chip embedded in a PnP device of completely irrelevant class. It is not exposed as independent hardware function. The chip can be accessed only thru the driver of this device. How I can make this chip visible to CryptoAPI from user mode? Can this be done with a user mode module that sends custom ioctls to the driver? Or I need a root enumerated driver that emulates a Smartcard reader? Can such "virtual" smartcard readers pass HCT? Regards, --PA Tag: SendAs/ReceiveAs permissions Tag: 74269
  - 9
    - dsclient - ntlm v2 I need to know how make win 9x work with ntlm v2. IÂ´ve installed dsclient, changed the registry like described in some websites, but isnÂ´t work. It donÂ´t autenticate. The only way to this work is changing the registry to level 0, but with this the ntlm v2 donÂ´t work. > Locate and click the following key in the registry: > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control > > Create an LSA registry key in the registry key listed above > > On the Edit menu, click Add Value, and then add the following registry > value: > Value Name: LMCompatibilityLevel > Data Type: REG_DWORD > Value: 3 > Valid Range: 0,3 > Description: This parameter specifies the mode of authentication and > session > security to be used for network logons. It does not affect interactive > logons. > . Level 0 - Send LM and NTLM response; never use NTLM 2 session security. > Clients will use LM and NTLM authentication, and never use NTLM 2 session > security; domain controllers accept LM, NTLM, and NTLM 2 authentication. > . Level 3 - Send NTLM 2 response only. Clients will use NTLM 2 > authentication and use NTLM 2 session security if the server supports it; > domain controllers accept LM, NTLM, and NTLM 2 authentication. > Thanks, Leonardo Tag: SendAs/ReceiveAs permissions Tag: 74267
  - 10
    - 086eb794e.html -Desktop Background Can anoyone help. I have found this file on my computer under all users. It is linked to a 'Free Track Remover' program and is locaeted in C:\Documentsand settings then under the user's local settings in a folder called Temp. The file is causing a red background on desktop with the advert for this free track remover-trying to get you to buy it. This background comes up no matter what I do. I have tried deleting this file which is removed until you next log on. The file is then back in the same place. I have also tried delting the folder but an error message appears explaining that some of the folders are used by other programs and can not be deleted. I originally found the file under Control Panel\Display\Desktop\CustomiseDesktop then on the web tab. The file is there under the web pages. I can delte it from there but the same thing occurs where it returns. I have tried using Norton to remove it but it still returns. Please can someone help me with this-email me on Saxonh@Hotmail.com and enter 086eb794e in the subject box. All help appreciated Tag: SendAs/ReceiveAs permissions Tag: 74266
  - 11
    - BMP Processor overflow I'm getting the following alert from my firewall's IPS: WEB-CLIENT Internet Explorer BMP Processing Overflow. I spoke to the user and told them to stop going to what ever site they are, but I keep getting the alert. should I be worried about this person's workstation? My IPS is blocking the threat, but the 100 alerts I'm getting a day are starting to bother me. Thanks. Tag: SendAs/ReceiveAs permissions Tag: 74265
  - 12
    - Kerberos User Ticket Lifetime Hi, In Windows 2000 Server and Windows Server 2003, is it possible to set Maximum User Ticket Lifetime at a userid level, or only at the domain level with the Maximum User Ticket Lifetime parm? I would like to have a domain setting that would cover most of the users, and set a shorter ticket lifetime on the users who are in the Administrators groups, but didn't see a way that a shorter lifetime could be set on those individual userids to achieve that. Anyone know if that's possible, and if so, how you'd do that? Thanks in advance! - Kit Tag: SendAs/ReceiveAs permissions Tag: 74263
  - 13
    - Permissions on created folder If I create a folder called public on a windows 2003 server, is it ok to remove creator owner and system and leave only administrator and authenticated users. Tag: SendAs/ReceiveAs permissions Tag: 74260
  - 14
    - remote access logons in Event Viewer I need to find out if someone is logging on to our sever via remote access desktop. Is there an Event Log entry to indicate access via RAD? Tag: SendAs/ReceiveAs permissions Tag: 74258
  - 15
    - Firewall If I enable the Windows firewall on my new 2003 Server Std x64 SP1 network server (Domain Controller, DNS, File and Print Server, WINS) the loads and saves of files across the network are very slow. I opened a port exception for my network but still very slow loads and saves. When I turn the firewall off I get normal loads and saves again. Do I even need a firewall on this server if I don't have the IP address for my ISP gateway configured in my network settings? Tag: SendAs/ReceiveAs permissions Tag: 74256
  - 16
    - MAJOR Hacking Hi - have a big problem and unsure how to correct despite best efforts with router, personal firewalls, etc. Brand new computer worked well for 2 weeks until one day norton reported many programs (AIM, internet expplorer, svchost.exe etc) accessing the internet through unknown Modules. Since that point, it doesnt matter if i completely wipe out the system or not (which I have done x number of times now) it reverts back to accessing the internet through unknown modules. I am fairly confident that whatever is happening, it is forcing my internet information to be filtered through some other server whose IP seems to be masked to my firewall logs. My logs are filled with entries of only my internal ip address. Anyone have ANY ideas?: Tag: SendAs/ReceiveAs permissions Tag: 74249
  - 17
    - Searching tool for FULL disc encryption (not only volume files) I am searching a tool which allows to encrypt a whole harddisc and not only a volume file as the most of the offered tools. Yes, I know TrueCrypt. But this tool has problems with large external USB drives. I got permanent errors from the TrueCrypt driver in big operations like copying 20000 files onto a TC encrypted harddisc (Doing the same with the same USB hatrddisc unencrypted show no error). Yes, I know also PGPdisk. But this tool can only exist with a running PGP installation. I need a tool which can be launched easily on demand (when I plugged in the external USB drive) BestCrypt, DriveCrypt offer only encryption of volume files. Which tools exist otherwise? Thomas Tag: SendAs/ReceiveAs permissions Tag: 74248
  - 18
    - Bug in Kerberos SSP within SSPI?? We have been trying to gain a detailed understanding of what SSPI does when authentication fails. Unfortunately while much documentation exists for how ti works when it all works, the documentation on what happens when things go wrong is almost non-existent! For example, take the scenario where the client initializes a context for a service with the SPN of "userA@domain.com". However the service is actually running as "userB@domain.com". On the first call to AcceptSecurityContext, when the client's first blob is passed in, SSPI returns SEC_I_CONTINUE_NEEDED. Shouldn't it return a failure code since the ticket embedded in the security blob (token) is not encrypted with a key it can understand? We've also noticed the behaviour differs between an initial logon and once the workstation has been locked and unlocked. On an initial login: AcquireCredentialsHandle (client side) - SEC_E_OK AcquireCredentialsHandle (server side) - SEC_E_OK InitializeSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to server AcceptSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to client InitializeSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to server AcceptSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to client InitializeSecurityContext - SEC_E_WRONG_PRINCIPAL After locking/unlocking the workstation: AcquireCredentialsHandle (client side) - SEC_E_OK AcquireCredentialsHandle (server side) - SEC_E_OK InitializeSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to server AcceptSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to client InitializeSecurityContext - SEC_E_LOGON_DENIED Where is the behaviour different after the lock/unlock and why the extra roundtrip in the initial logon case? Any enlightment would be greatly appreciated given the black-box nature of SSPI :) We are running a W2K3 with SP1 running in W2K+ mode for the Domain controller and WinXP with SP2 for the workstations. Tag: SendAs/ReceiveAs permissions Tag: 74247
  - 19
    - Eractic Behaviour from Win2k Server Hi I hope someone can help me. I have three domains in my network environment - Network A, Network B and Network C. Two domains are running Windows 2000 Server and the last is Windows 2003 Server. Each domain has its own Domain Controller. Domain C has two domain controllers. DNS is running within each domain and the Dns server for each network is itself. Each domain communicates with the other via a trust relationship. There is one DHCP server in the network allocating IP addresses to the client machines running Windows XP. My problem is as follows- I have a 256/512Kbps wireless internet connection and I noticed that our internet bandwidth has reduced significantly over the last couple of days. I used Ethereal to pinpoint which machine was hogging the bandwith. Ethereal results showed that the computer is querying www.cheaptickets.com for DNS information along with some other wierd sites. It is one of the Domain Controllers in Network C. I installed Microsft Antispyware to scan the machine for spyware but nothing was found. The Norton Virus defintions are up to date and it found no viruses when a scan was done. When I take this machine off the network the internet bandwidth returns to its normail behaviour. This machine is currently running Norton, Exchange 5.5 and Print services. What should be my next course of action to rectify this problem. The task manager does not show any unregular behavour within the Processes nor Performance tab. What could be causing my problem and what should I do to rectify the issue. PLEASE HELP. Regards Tag: SendAs/ReceiveAs permissions Tag: 74241
  - 20
    - Windows XP/2000: Working without administrator rights Hoping some people can offer some advice. We have recently taken all users out of the Local Administrators group on their PCs (not our choice but the powers that be). All users are now either Users or Power Users. This has become a nightmare in that we now need to log users of and on in order to make any changes. I am after some tips to help make this easier. Here is what I am utilizing so far: - Remote Assistance (XP Only) - "Run As" from installing some programs Is there any way to do the following without having to log on as an administrator on their PC? - Modify the registry - Run System Tools (eg Disk Defragmenter) - Install programs - Modify the hosts file We have limited access to a single group policy for our OU but at this stage no rights to create additional ones. Happy to hear any scripting solutions as well. Tag: SendAs/ReceiveAs permissions Tag: 74239
  - 21
    - Guest account access Hello everyone, Please help Im getting the following application error message when logged on as a guest; could not create entry(""+speedtouch connection+"" ) I want my friends to access my PC using the guest account. With this error i can't connect to the internet. I think its something to do with guest access control permissions. How can i solve this? Many thanx Tag: SendAs/ReceiveAs permissions Tag: 74232
  - 22
    - Alternative for Norton Antivirus? I'm experiencing quite a lot of problems with Norton Antivirus and I was just wondering what virus scanner the members of this group were using (if any)? I used to be pretty happy with Norton but not anymore. Tag: SendAs/ReceiveAs permissions Tag: 74231
  - 23
    - Display users rights for auditors Hi, for our IT auditors we need to show them what user permissions everyone has got within AD 2003. Especially the Admins. We just showed them (auditors) the built in Admin groups, but they are not happy with this and asked for a report on all users and what control they have. It and admin accidently adds a user to a admin group how would we know? I just hope you guys know of a solution we can put in place from now on. Thanks S Tag: SendAs/ReceiveAs permissions Tag: 74228
  - 24
    - Patching Alpha NT Server Systems Hello, I have an old Alpha NT 4 Server box that is currently requiring patching. Will there be an issue installing the same patches for the Intel platform on this server? Do the exploits affect Alpha systems the same way as Intel systems? Finally, were there prior released updates for these Alpha NT systems before MS declared NT no longer supported? Thanks much, Paul Tag: SendAs/ReceiveAs permissions Tag: 74225
  - 25
    - LsaSrv Event 6033 I started getting the following error error message on my Windows 2003 Domain server: An anonymous session connected from LOCALMACHINENAME has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller. The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1. Can somebody suggest a way of figuring out what application/service is trying to access the LSA policy anonymously? Thanks, Irina Tag: SendAs/ReceiveAs permissions Tag: 74224

I'm running a Windows 2003 AD forest with Exchange 2003. Is there a way to
prevent Domain Admins from being able to send mail as other people, i.e.
remove the SendAs permission for the Domain Admins group from all user and
group objects in the domain? I don't want to set an explicit deny, because
some members of Domain Admins require this ability, but in general, the group
does not.

Thanks,

Don

Top

Re: SendAs/ReceiveAs permissions by Joe

Joe
Tue Aug 02 20:38:07 CDT 2005

As a general rule, domain admin IDs shouldn't be mailbox enabled. Domain admins
should have two IDs, one for domain admin work and one for normal work.

But no, you can't effectively block a domain admins from doing anything. If they
want the access, they can always get it. This is why you should have very very
few domain admins. I ran a Fortune 5 company with 2 other DAs. At most there
should have been maybe 4-5 for that size or even bigger company (250,000 users).

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Don wrote:
> I'm running a Windows 2003 AD forest with Exchange 2003. Is there a way to
> prevent Domain Admins from being able to send mail as other people, i.e.
> remove the SendAs permission for the Domain Admins group from all user and
> group objects in the domain? I don't want to set an explicit deny, because
> some members of Domain Admins require this ability, but in general, the group
> does not.
>
> Thanks,
>
> Don
>

Top