Stopping folder owners from changing permissions

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - ad-aware and spy bot Heeelllp I have both of these programs and used them last night but I got a little zealous and deleted everything that both the systems had found. Now I can't get into hotmail if I click on the icon on the lower right hand side of my screen. Also I can't get to some of the other message boards that I have been able to go to on a regular basis Ad-aware told me that there was a hijack attempt...does this mean that it was only an attempt or because now that my puter is acting wonky was the HJ successful..When I did got the report on ad-aware..it had said it's own system was malware If I do system will it help I am running windows XP...am a newbie but I have learnt a whole lot from this group I also have norton antivirus.And windows firewall enable I hope someone knows what I am talking about and can help me Thank you in advance Tag: Stopping folder owners from changing permissions Tag: 53273
  - 2
    - a problem with my replace gina after setup sp4 on windows 2000 i made a full replace gina according to msdn .it works,on win2000. but there are some problems after i setup sp4. the start Menu doesn't respond. the "C++ Runtime Library" error appears when i run many programs, such as VC, UltraEdit... what's more ,on XP,the Start Menus disappeared, any dialog boxs of program don't show as if they are transparent. How can i do? when an application occured the "Visual C++ Runtime Library"error,i debug it and found the "SetWindowsHookEx" function return error code of 0x00000005. Tag: Stopping folder owners from changing permissions Tag: 53272
  - 3
    - Deleting search bar history Could someone please tell me how to remove the record of the searches I've made on the search bar? Thank you Tag: Stopping folder owners from changing permissions Tag: 53265
  - 4
    - Removing "Messenger popup" ads Does anyone have advice as to get rid of annoying "Messenger popup" ads that frustratingly appear at random?? I already have anti-popup software which blocks "standard" popups but not the "Messenger" ones which appear even if u are not online. I have Steganos firewall installed; plus regularly run Ad-Aware to disinfect my system, registry etc. too. I am running Windows XP, and have already done the Administrative Services/Services/Messenger - then "Disabled" route. Still no joy. Would blocking any spare ports on my PC, would that solve the problem?? Help anyone!! Tag: Stopping folder owners from changing permissions Tag: 53262
  - 5
    - Pop ups and "Parasites" Hello I have recently had messages stating that there is a Parasite on my system and that "this company" (I cant remember the name of this) can remove it for X amount of Dollars, I havent heard of this company before so am a little wary. Since this however, I have noticed that I have about treble the amount of Pop-ups I used to and every time I open a new web page another internet explorer window open and says on the task bar ~Close then disappears. This has obviouslly effected the speed of my connection. I have Norton Virus checker and reguarlly update virus definitions and do full system scans I have even tried deleting all off line temp files and cookies and looked for "strange" new files or directory created in the last month to no avail?? Can any one help or point me in the right direction? Any help appreciated. Regards George Tag: Stopping folder owners from changing permissions Tag: 53255
  - 6
    - Weird Entries in System and Security Logs, With Sygate PF Failures Hi everyone I've been having troubles recently (the past 2 weeks or so) with Sygate personal firewall crashing unexpectedly, and no error message is given. At first I thought it was a software conflict of some kind. But now I'm thinking that there is a exploit out there that will bring down Sygate. I am finding that SPF is crashing only when this bad inbound traffic is occuring. Many times it blocks incoming stuff, but fairly often my firewall will die without warning. These bad packets are hitting me on a variety of ports, but 5000 seems to be the most commonly used. 0, 80, and 113 are also used fairly often. The remote ports from which the connection attepts originate are high-numbered I have seen .dll requesters pop up, asking for permission, and within seconds of their appearance, they disappear again, and the Sygate program is no longer running. The icon for SPF remains in the lower right, but it goes away if I move the mouse pointer over it. Yesterday this happened twice in a row, in rapid succession. (The request was something about a remote initiated connection attempt to load .dll files relating to Windows help) Here is some info from my event log. Most of this I don't really understand, but perhaps it has something to do with SPF crashing all the time. Maybe there isn't an exploit out there, but I have a misconfiguration on my machine In the System log, there is an entry from today saying the Service Control Manager is giving me an Error, and the Event ID is 7034. It says "The Sygate Personal FIrewall service terminated unexpectedly. It has done this 2 time(s)." I've tried looking around a bit, but I haven't found anything that explains what Event ID 7034 is, and WHY Sygate is crashing. The Event Viewer for this System log entry says a file named netevent.dll is involved, version 5.1.2600. In my Security log, there are a few entries I also don't understand. These entries were created shortly after I logged on, before connecting to the net. Event Type: Failure Audi Event Source: Securit Event Category: Policy Change Event ID: 61 Date: 5/19/200 Time: 5:56:00 P User: NT AUTHORITY\NETWORK SERVIC Computer: POOP Description IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp Event Type: Failure Audi Event Source: Securit Event Category: Policy Change Event ID: 61 Date: 5/19/200 Time: 5:56:01 P User: NT AUTHORITY\NETWORK SERVIC Computer: POOP Description IPSec Services: IPSec Services failed to initialize RPC server with error code: The authentication service is unknown . IPSec Services could not be started For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp Event Type: Failure Audi Event Source: Securit Event Category: Account Logon Event ID: 68 Date: 5/19/200 Time: 5:56:01 P User: NT AUTHORITY\SYSTE Computer: POOP Description Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_ Logon account: (***myname*** Source Workstation: POOP Error Code: 0xC000006 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp Event Type: Failure Audi Event Source: Securit Event Category: Logon/Logoff Event ID: 52 Date: 5/19/200 Time: 5:56:01 P User: NT AUTHORITY\SYSTE Computer: POOP Description Logon Failure Reason: Unknown user name or bad passwor User Name: (***myname*** Domain: POOP Logon Type: Logon Process: Advapi Authentication Package: Negotiat Workstation Name: POOP For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp (Why the heck is this appearing I didn't make a mistake when I typed in my password, I just typed it once and logged right in.... Event Type: Failure Audi Event Source: Security Event Category: Account Logon Event ID: 680 Date: 5/19/2004 Time: 5:56:01 PM User: NT AUTHORITY\SYSTEM Computer: POOP1 Description: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: (***myname***) Source Workstation: POOP1 Error Code: 0xC000006A For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. And finally, we have my successful logon entry... Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 528 Date: 5/19/2004 Time: 5:56:11 PM User: POOP1\(***myname***) Computer: POOP1 Description: Successful Logon: User Name: (***myname***) Domain: POOP1 Logon ID: (0x0,0xDB75) Logon Type: 2 Logon Process: User32 Authentication Package: Negotiate Workstation Name: POOP1 Logon GUID: {00000000-0000-0000-0000-000000000000} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. I don't have other computers or routers involved at home. I am connecting to the 'net through a dialup. I am also running TDS-3, PG, port explorer, AntiVir, and Opera 7.50 when I'm online. Tag: Stopping folder owners from changing permissions Tag: 53250
  - 7
    - xp firewall I have 2 dial-up isp's; I had no trouble setting up the built in firewall on one of these using the suggested control panel route. When I tried to repeat this for my compuserve account nothing happens when I right click or go to the task panel. Any ideas? Thanks Tag: Stopping folder owners from changing permissions Tag: 53247
  - 8
    - Limiting access to our network We would like to allow certain users to access their e- mail and the Internet (via our server), without being allowed to access the rest of our network. The problem being, to allow the users to get their e-mails, we are authenticating them on the network. The server is Windows 2002. Workstations are Windows XP. Is there a quick way of limiting access without having to change the properties of every folder on our network? Tag: Stopping folder owners from changing permissions Tag: 53246
  - 9
    - HELP Ok here is my problem I keep getting my home page (Yahoo) changed to some internet search pag. I have purchased spywear and run in and removed this page numerious times as well as changing it in my internet option home page. I for the life of me can not figure out where it is coming from and how do I keep it away. Any advice out there would be greatly appreciated. John Tag: Stopping folder owners from changing permissions Tag: 53245
  - 10
    - LOST SECURITY NUMBER My don was given rise of nations cd for xmas last. we loaded onto our low powered computer 64mb. We then lost packaging for disc and subsequently the security nuber required to install the disc on our new computer. Does anybody have any idea how I can obtain this number and keep my son happy. ? Tag: Stopping folder owners from changing permissions Tag: 53243
  - 11
    - where to put SQL Server ? hi i have a LAN and a WEB App in a separated sub-nets my question is : where should i put SQL Server ? 1) in the LAN sub-net ? 2) in the WEB sub-net ? 3) in another sub-net ? what type of connection do i need ? could i use IPSec ? thanks Tag: Stopping folder owners from changing permissions Tag: 53240
  - 12
    - SecTemps and Special Permissions I'm working with a security template that assigns new permissions to files and folders on my XP Pro system. On most of the folders the Administrators group is given Full Control via Special Permissions (the Advanced button on the Security tab), but the general permissions are left blank. When I try to access any of those folders (after applying the template) as an Administrator, I'm denied. Why is this happening? What is the difference between Special and regular permissions? Why won't special permissions work without regular permissions? I can correct this by adding in Full control for Administrators under the general permission settings in the template, but I'm curious as to why this is the way it is. I guess it's time to start writing a script to change 'em in the sectemp. -James Tag: Stopping folder owners from changing permissions Tag: 53238
  - 13
    - Secure page I am having trouble with my browser. Regular sites load just fine but whenever I try to go to a secure site or link I get the "page cannot load" and I am at a loss on what to do. Any ideas? Tag: Stopping folder owners from changing permissions Tag: 53237
  - 14
    - My GINA have some problem when I install sp4 I have written a GINA DLL to full instead of msgina.dll. It work well on windows2000 which is not been installed any service pack. But there are some problem after I install sp4,and the same on windows XP. The problem is:when I open star menu, the current menu isn't change when I move mouse. And when I start some programs, for example UltraEdit, the "C++ Runtime Library error " appearance. I found the programs which appearance this error will load the msvcrt.dll. In my GINA dll, there are some dlg which is write by MFC. In the project I use static link with MFCDLL option. Tag: Stopping folder owners from changing permissions Tag: 53235
  - 15
    - lsass.exe my system shuts as i go online. error message displays as system shutdown lsass.exe something like that. & i've scanned for virus threat. there is no such things. i need help to rectify this error please help thanking yo kiran Tag: Stopping folder owners from changing permissions Tag: 53231
  - 16
    - has someone hacked in to my computer? Whenever I attempt to shut down my computer, I get a pop- up message that says "Someone is logged on to your machine. Are you sure you want to log off?" I'm running WinXP Pro as administrator and I'm wondering if this is just me logged in or if in fact I have a vulnerability that is being exploited which would allow others to hack in. How can I tell if it is the latter? I have an allways- on DSL internet connection. Tag: Stopping folder owners from changing permissions Tag: 53219
  - 17
    - download security patch Hi, has anyone else received a download from Microsoft called "installation48.exe" May 2004 Cumulative patch? I am leary of this , fear of virus with a 'exe' extention. The website looks like Microsoft, but like with e-bay, it also looked legit and was bogus and carrying a virus.Thanks,Eleonore Tag: Stopping folder owners from changing permissions Tag: 53209
  - 18
    - Download Options I accidentally clicked a box on the download pop-up so now all of my crap saves to a temp folder instead of asking me whether or not i want to open it, save it, or cancel. Any help on how to fix what i did. Tag: Stopping folder owners from changing permissions Tag: 53205
  - 19
    - allowing READ only, no printing, no saving to desktop and no ability to attach On our Network we have many "shared" folders. These are usually word doc's, excel, sometimes PDF files. The problem is even if I give a user READ only access they still have the ability to copy the file to thier desktop, print it or burn it to a CD orcopy floppy OR even browse to it on the network and attach it in an email. How do I create a TRUE "READ ONLY" access where 98% of the users can actually ONLY READ the documents and do not have ANY ability to copy it print it save it anywhere and certainly not browse to it on the Network and attach it in an email and send it out of the company. More appreciation than I can say if someone would be kind enough to help me out here, or point me in the correct direction. PLEASE email to: Beaniesway@aol.com Tag: Stopping folder owners from changing permissions Tag: 53204
  - 20
    - Disabling Local Security Policy Hi folks; I've been reading up on Local Security Policy. However, in a blight of pure genuis, I've locked myself out of being able to add printers and device drivers, as well as disabling the ability for me to change the time. The latter I can deal with, however, for some odd reason, I can't add device drivers or local printers. I'm logged in as an administrator, however, that still doesn't help. When I look in the Local Security Policy area, they've got no user names in the area that shows who or what is allowed to Load/Unload Device Drivers, and who is allowed to change the system time. I've heard that you can add a registry key to disable the Local Security Policy on a Temp. basis, however, I've not been able to find it. Any help would be greatly appreciated. Ian --- Ian W. ian <at> iwcg <dot> net If it's not Tip and Ring, I really don't guarantee it'll work right after I'm done with it. Tag: Stopping folder owners from changing permissions Tag: 53202
  - 21
    - Microsoft Security Response Center Contact Information Follow up set to microsoft.public.security. We just want to make sure this information is well known in the security community. Thanks! Hello! The Microsoft Security Response Center investigates all reports of security vulnerabilities sent to us that affect Microsoft products. If you believe you have found a security vulnerability affecting a Microsoft product, we would like to work with you to investigate it. We are concerned that people might not know the best way to report security vulnerabilities to Microsoft. You can contact the Microsoft Security Response Center to report a vulnerability by emailing secure@microsoft.com directly, or you can submit your report via our web-based vulnerability reporting form located at: https://www.microsoft.com/technet/security/bulletin/alertus.aspx Sincerely, Microsoft Security Response Center -- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Tag: Stopping folder owners from changing permissions Tag: 53197
  - 22
    - CACLS - Assistance I am using CACLS to script many many rights changes on a Windows 2003 Cluster. After changing rights I get an error that states the permissions are not orderd properly. I saw a couple of KB articles on MS Support relating to this problem and Windows 2000 but nothing on 2003 Has anyone else experienced this issue and have you found a resolution Thanks john Tag: Stopping folder owners from changing permissions Tag: 53194
  - 23
    - M/S Vitual Machine Hi Can anyone tell me what is Microsoft Virtual Machine and how do I determine if I really need to use the security update Microsoft Virtual Machine #816093? Tag: Stopping folder owners from changing permissions Tag: 53185
  - 24
    - Virus checkers A simple question. Can anyone tell me if it is possible to run BOTH a Norton Antivirus AND a Mc'afee Antivirus on the SAME PC at the same time?? I have always been told that you can only run ONE at a time because they conflict. Would appreciate any advice on this subject. Many thanks Jan Tag: Stopping folder owners from changing permissions Tag: 53181
  - 25
    - spyware set default web page I've had some spyware set a default web page on my browser that I now cannot change. I've located the file in which It's located, but can't seem to uninstall. Any suggestions? thanks. Tag: Stopping folder owners from changing permissions Tag: 53176
- Next
  - 1
    - User password auditing Do you know of any good NT user audit utility? One that can show password information such as: Expiration date/interval Password length Password required Unique passwords NDS can be reported like: Container, Name, Password Expiration Interval, Password Expiration Time, Password Minimum Length, Password Required, Password Unique Required, Passwords Used SERVERS.OU.O, Chey Vsvr Us99ngw01, , , , , , IS.OU.O, USER1, 40 days, , 6/23/2004 8:54:46 PM, 6, TRUE, TRUE, IS.OU.O, USER2, 90 days, , 5/18/2004 11:30:30 AM, 5, TRUE, TRUE, IS.OU.O, HelpDesk, 90 days, , 1/2/1992, 6, TRUE, FALSE, Tag: Stopping folder owners from changing permissions Tag: 53175
  - 2
    - security about .Net Passport My hotmail account has been followed by some malicious cracker for a long time though he didn't really control it. I want to abandon it. If the hotmail is not used by me for three months,the Net Passport will be cancelled and so as the msn messenger account,right? but I can't delete all the net pals' accounts from my messenger list because they have added to their lists. If the cracker registers the same account of hotmail, and will he see all the net pals from the messenger account and talk to them? And will he received all the emails from my previous hotmail account? Tag: Stopping folder owners from changing permissions Tag: 53166
  - 3
    - FORBIDDEN-can't get access. I am trying to go to a website and I keep getting the following message: what can I do ?? Forbidden You were denied access because: Access denied by SmartFilter content category. The requested URL belongs to the following category: Dating. Tag: Stopping folder owners from changing permissions Tag: 53160
  - 4
    - Can't uninstall MS Office Standard The problem began a couple of days ago when (1) the system response time slowed considerably (2) my IE home page defaulted to the ISearch web site and (3) pop-up ads started appearing. I hadn't seen a pop-up for quite some time after installing the Google tool bar. I noticed that there was a new tool bar called ISearch but, when I went to the tool bar tab to get rid of it, all the selections were grey and I couldn't toggle any of them on or off. So I searched for, and found, all files containing "ISearch", then deleted them. When I re-booted, Windows locked up on me. I tried re- installing and, after several unsuccessful attempts, I finally succeeded. However, MS Office can not be accessed. When I went to Control Panel to delete my MS Office Standard, the system locked up. I was able to cancel the application, but my MS Office does not work. Is there some way to delete MS Office Standard without losing my Outlook e-mails, calendar, contacts or tasks? Tag: Stopping folder owners from changing permissions Tag: 53159
  - 5
    - Firewall and VPN resources Can someone direct me to white papers / other resources for a firewall and VPN beginner? Tag: Stopping folder owners from changing permissions Tag: 53158
  - 6
    - MSN Messenger and firewall Hi, What ports to open to get the video conference to work behind a firewall using MSN Messenger 6.2? Regards, Christer Johansson Tag: Stopping folder owners from changing permissions Tag: 53157
  - 7
    - Digitally Signing files We're looking to improve security on our webserver by checking each website directory perdically for files that have not been digitally signed by us The decission to do this has come from someone above me but I need to go back with the following How can you digitally signs files A website can potentially have thousands of files - can you batch sign all of them before uploading to the server Is this a practical approach or are their other methods we could employ to make sure no files have been uploaded without being digitally signed Thank Tag: Stopping folder owners from changing permissions Tag: 53154
  - 8
    - hotmail.com I've added an email address to my Outlook Express that is only used for family and close friends. Internet shopping, etc. I use another one. My questions is, twice in the last couple of weeks I hve rec'd email from "tom@hotmail.com". I don't know who this is and he/she is attaching either a worm or viurs which Road Runner has "cleaned" and deleted for me. My question is...who is "tom@hotmail.com"? I doubt that I know him/her. My husband's name is Tom, it is not him. Thank you for your time and help. Tag: Stopping folder owners from changing permissions Tag: 53146
  - 9
    - Information right management Hi, Can anybody give me some sample exmple to progrmatically implement Information right management (IRM) thorugh C#. THis is in prioirty need. Thanks in advance. Regards Robin Tag: Stopping folder owners from changing permissions Tag: 53142
  - 10
    - deleted e-mail by mistake Can any one help I deleted an e-mail by mistake, it was permanently deleted from deleted items is there any way to recover the mail. I have windows XP and am using outlook express 6. Thanks Lynnette Tag: Stopping folder owners from changing permissions Tag: 53140
  - 11
    - outlook express outlook express will not allow me to view attachments (photos) it seems to be a security issue...what can i do? Tag: Stopping folder owners from changing permissions Tag: 53130
  - 12
    - User Names and Password Windows is storing my User name and Password. I do not like it. Where can I find what is stored and how can I delete these entries Tag: Stopping folder owners from changing permissions Tag: 53129
  - 13
    - Good intentions but ultimately ineffective? Calif. Bill Requires 'Spyware' Notice May 18, 10:16 PM (ET) SACRAMENTO, Calif. (AP) - Consumers would have to be told before information-reporting "spyware" was added to their computers if legislation approved Tuesday by the California Senate becomes law. The measure by Sen. Kevin Murray, a Democrat, was sent to the Assembly by a 36-2 vote. Murray said consumers can unknowingly add the spyware to their computer systems when they buy software. "These programs track what Web sites you visit, may steal your passwords, access your financial information, log your keystrokes, bombard you with pop-ups, track your purchases and remotely report your activity and personal information to a third party," Murray said. Republican Sen. Jim Battin said the spyware problem needed to be addressed on a national level, but action by California lawmakers would be a "good start." ___________________________________________________________ Good intentions but ultimately ineffective, right? How does this put an end to the really bad malware out there, like hijack browsers, keyloggers, etc.? A good start indeed, but I compare this to only putting a Band-Aid on a severe bullet wound. Tag: Stopping folder owners from changing permissions Tag: 53128
  - 14
    - Pass word protection after boot up I have windows XP. I want to set a password so that a password is required as soon as the boot up process is complete. I have a set password protection when the screen saver comes on I tried using the instructions in Support, but the instructions seems to be wrong - there are appears to be steps missing. You help is greatly appreciated. Tag: Stopping folder owners from changing permissions Tag: 53126
  - 15
    - LOCAL NYC UNIGROUP MEETING: 20-MAY-2004 (Thurs): Kerberos This is a multi-part message in MIME format. --------------97F144D251EB458E36F234A8 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------97F144D251EB458E36F234A8 Content-Type: text/plain; charset=us-ascii; name="0announcement" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="0announcement" LOCAL NYC UNIGROUP MEETING: 20-MAY-2004 (Thurs): Kerberos Interoperability IMPORTANT: Please note our new location: 104 Washingon Street Between Rector St and Carlisle St In the Wall Street area. ========================================================== UNIGROUP OF NEW YORK - UNIX USERS GROUP - MAY 2004 MEETING ========================================================== ------------------------------------------------ 1. UNIGROUP'S MAY 2004 GENERAL MEETING ANNOUNCEMENT ------------------------------------------------ When: THURSDAY, May 20th, 2004 (3rd Thursday) Where: <<<< OUR NEW MEETING LOCATION >>>> Alliance for Downtown NY Conference Facility 104 Washington Street Downtown, New York City ** RSVP Will No Longer Be Required for Entry! ** Time: 6:15 PM - 6:25 PM Registration 6:25 PM - 6:45 PM Ask the Wizard, Questions, Answers and Current Events 6:45 PM - 7:00 PM Unigroup Business and Announcements 7:00 PM - 9:30 PM Main Presentation -------------------------------------------------- Topic: MIT KERBEROS 5: Introduction to Authentication and Cross-platform Interoperability -------------------------------------------------- Speaker: Jeff Altman, President, Secure Endpoints Inc. <http://www.secure-endpoints.com> INTRODUCTIONS: -------------- Kerberos provides secure login facilities for Unix, Linux and Windows. Our speaker for this month's Kerberos meeting (and the planned OpenAFS meeting) will be Jeff Altman. Unigroup members will remember that Jeff is a past Unigroup speaker (of Kermit95 and Telnet Security Working Group fame). Jeff has been working with a series of well known security related projects for many years. Unigroup has the following meetings planned over the next few months: - Solaris 10 Launch Event - Field Trip to Sun Microsystems - OpenAFS - Jeff Altman (followup presentation) - Zope / Web Development - Zope Corporation ................................................................. MIT Kerberos Version 5 is the basis for the Kerberos distributed with Solaris, AIX, HP-UX, Red Hat Linux, Debian, MacOS X, OpenVMS, and just about every other Kerberos distribution other than the Heimdal distribution and the implementation built into Microsoft Windows 2000 and subsequent releases. MIT is directly responsible for three Kerberos products: - MIT Kerberos 5 for Unix/Linux - MIT Kerberos for Macintosh which is bundled with MacOS X - MIT Kerberos for Windows The current releases of MIT Kerberos 5 for Unix/Linux (1.3.3) and KfW (2.6.1) are available from the MIT Kerberos web site: http://web.mit.edu/kerberos/ The MIT Kerberos 5 release 1.3.3 release fixes bugs and adds one major feature: - Support for AES in GSSAPI has been implemented. This corresponds to the in-progress work in the IETF (CFX). MIT Kerberos for Windows 2.6 release includes krb5 release 1.3.3 and provides enhanced integration with the Microsoft Windows Kerberos implementation as well as OpenAFS for Windows. In addition to developing the leading open source implementation of Kerberos, the MIT Kerberos Development Group contributes more than half of the document authors within the IETF Kerberos Working Group. MIT's participation has been crucial to ensuring that all of the major implementations of Kerberos (including Microsoft's) adhere to the published standards to facilitate interoperability. This talk will provide an introduction to the Kerberos 5 authentication protocol; a detailed overview of the MIT Kerberos implementation; a discussion of interoperability concerns which developers and administrators face when implementing and deploying a multi-platform Kerberos infrastructure; and some demonstrations utilizing the GSS on Linux, Windows, and Java. Note: If your organization would be interested in providing a grant to further Kerberos development at MIT. Please contact Marshall Vale, Team Leader, of The MIT Kerberos Team, at <krbcore@mit.edu>. ------------------------------------------------------------------- SPECIAL INSTRUCTIONS: --------------------- While RSVPs will _NOT_ be required for this location, please RSVP if you know you are attending, or if there is a high probability that you will be attending. This will help us determine the correct amount of food and refreshments. Please RSVP by two days prior to the meeting day (the food must be ordered in advance). To REGISTER for this event, please RSVP by using the Unigroup Registration Page: http://www.unigroup.org/unigroup-rsvp.html This will allow us to automate the registration process. (Registration will also add you to our mailing list.) Please continue to check the Unigroup web site and meeting page, for any last minute updates concerning this meeting. If you registered for this meeting, please check your email for any last minute announcements as the meeting approaches. ------------------------------------------------------------------- Outline of the Main Presentation: --------------------------------- In this talk, Jeffrey Altman, from Secure Endpoints Inc., will discuss the Kerberos 5 trusted third party implementation. The topics will include: - Introduction to the Kerberos 5 Protocol and Why It Works. - Overview of the MIT Kerberos 5 Implementation for Unix/Linux/MacOS X and Microsoft Windows. - Discussion of Cross Implementation Interoperability and Single Sign-On (SSO). - GSS API bindings (C, Java, and Microsoft's SSPI). - IETF Kerberos Working Group Status Report. ------------------------------------------------------------------- Web Resources: -------------- Kerberos: The Network Authentication Protocol http://web.mit.edu/kerberos/ The MIT Kerberos Team http://web.mit.edu/kerberos/www/krbdev.html The Kerberos Network Authentication Service http://gost.isi.edu/info/kerberos/ Kerberos FAQ http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html Step-by-Step Guide to Kerberos 5 Interoperability http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp (other Kerberos links are also on this page) ------------------------------------------------------------------- Speaker Biography: ------------------ Jeffrey Altman, is the President of Secure Endpoints Inc., and is a long time open source developer and participant in the Internet Engineering Task Force. Jeffrey's current projects and roles include: * MIT Kerberos. Core team member. http;//web.mit.edu/kerberos/ Contributor to the Kerberos 5 library and applications; and lead developer of the Kerberos for Windows product. * OpenAFS. Gatekeeper. http://www.openafs.org Lead developer for the Windows port of OpenAFS client and server. * C-Kermit and Kermit 95. Contributing developer. http://www.kermit-project.org Kermit 95 Program author. Responsible for all security and network protocol stack components. * OpenSSL. Contributing developer. http://www.openssl.org * Project JXTA. Director. http://www.jxta.org ------------------------------------------------------------------- Company Biography: ------------------ Secure Endpoints Inc. specializes in providing support and new development for open source products on the Microsoft Windows 2000/XP/2003 family of products. ------------------------------------------------------------------- Giveaways: ---------- O'Reilly has been kind enough to provide us with some of their books, which we will continue to raffle off as giveaways at our meetings. Addison-Wesley Professional/Prentice Hall PTR has been kind enough to provide us with some of their books, which we will continue to raffle off as giveaways at our meetings. Addison-Wesley also has a new end-user discount, available through their User Group program. We will be announcing the details at our next meeting! Unigroup would like to thank both companies for the support provided by their User Group programs. Note: The chances tend to be about 1 in 5, that any attendee of our meeting will walk away with a fairly valuable giveaway (ie. many of these books are valued between $30 and $60)! Novell has provided us with some SuSE Linux Distributions. IBM has provided us with some IBM Tote Bags and Linux Penguins. ------------------------------------------------------------------- Fee Schedule: Yearly Membership (includes all meetings): $ 50.00 Non-Member Single Meeting: $ 20.00 Student Yearly Membership: $ 20.00 Non-Member Student Single Meeting (with ID): $ 5.00 Payment Methods: Cash, Check, American Express. ------------------------------------------------------------------- Complimentary Food and Refreshments will be served. This includes sandwiches such as turkey, roast beef, chicken, tuna and grilled vegetables as well as cookies, bottled water and assorted beverages. ------------------------------------------------------------------- Directions: Alliance for Downtown NY Conference Facility 104 Washington Street Wall Street Area Downtown, New York City This building is located on the West side of the street. Cross Streets: Between Rector (South) and Carlisle (North) Streets. Our meeting location is in the Lower West Corner of Downtown, North of the Battery Tunnel, South of the Downtown Hotel, East of West Street, and West of Greenwich Street. Walking West on Rector Street from Broadway, you pass Church, Greenwich then Washington Streets. There are multiple blocks of parking lots right there, between Washington and Greenwich Streets, starting at the Battery Tunnel and extending North for a number of blocks. Nearest mass transit stations, in order, are the '1/9' (Rector Street), 'R/W' (Rector Street) and the '4/5' (Wall Street). ----- Please mark this meeting on your calendar and join us! Please tell your friends about Unigroup! ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ----------------- 2. UPCOMING MEETINGS ----------------- We have a series of meetings in the works: - Kerberos - Jeff Altman - May 2004 - OpenAFS - Jeff Altman - Planned - Solaris 10 - Launch Event - Field Trip to Sun Microsystems - Zope / Web Page Development - Zope Corporation - Planned - Unix/Linux/BSD and Wireless Communications/Security - IPsec - DNS - Unix 30th Birthday Celebration - iSCSI, Serial ATA, and other new peripheral technologies - Unix Clusters and Clustered Databases - Linux Clustering Part 3: Beowulf version 2 - Building a Firewall using FreeBSD and Linux - High Performance Internet Servers / Web Acceleration - Unix Office Tools: Word Processors, Spreadsheets, Accounting Packages. - PKI - GNU Development Environments - Meetings on a variety of Sun/Solaris/Java topics Please let us know about any other meeting topics that you may be interested in. Potential speakers on Unix related technology topics should contact the Unigroup board at ugny-0504@unigroup.org. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ -------------- 3. PRIOR MEETINGS -------------- Unigroup would like to thank IBM, and our speaker Bill Sandve, for his presentation on "AIX / AIX5L Overview and Futures". Bill flew in from Texas for this meeting and presented a broad history of AIX, past, present and future. Unigroup members were briefed on various IBM proprietary initiatives with AIX, which are not generally known to the public. We also learned about specific areas where IBM is focusing future AIX development, and various features in AIX which will support the next generation of IBM Unix/Linux systems. We also discussed the ways in which multiple instances of AIX and Linux can co-exist together on a single hardware system. We would also like to thank Dan Dantzic of the IBM Linux Center of Competence, for hosting our Field trip to IBM, and Jim Gleason of the IBM Linux Cluster Group (and NYLUG), for finding us this Field Trip meeting location at IBM. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ -------------------- 4. UNIGROUP INFORMATION -------------------- Unigroup is one of the oldest and largest Unix User's Groups serving the Greater New York City Regional Area since the early 1980s. Unigroup is a not-for-profit, vendor-neutral and member funded volunteer organization. Unigroup holds regular and special event meetings throughout the year on technical topics relating to Unix and the Unix User Community. Unigroup is also the Greater NYC Regional Area Affiliate of UniForum - an International Unix Users Group. Unigroup holds regular meetings planned for (at a minimum) the Third THURSDAY of Odd Months. We generally try to hold Field Trip Meetings on the Even Months, although we will have the ability to hold monthly meetings at our new downtown meeting location. Planned meeting dates are: 5/20/2004, 6/17/2004, 7/15/2004... Watch for our Special Event meetings at the various trade shows in NYC as well as "Field Trips" to the facilities of local hardware and software vendors. ========================================================================= = For Unigroup Information, Events and Meeting Announcements be sure to = = visit our World Wide Web Home Page: = = http://www.unigroup.org = ========================================================================= For further information or to get on the Unigroup Electronic Mail Mailing List send an EMail message to: ugny-0504@unigroup.org To contact the Board of Directors of Unigroup, send an EMail message to: ugny-0504@unigroup.org To contact the Newsletter Editor, send an EMail message to: ugny-0504@unigroup.org If you have recently attended a meeting and you are not receiving Email announcements, please send us an Email and we will make corrections to our lists. Please Email the Board with any suggestions, especially potential meeting topics and speakers. Unigroup welcomes contributions and content suggestions for our newsletter. Unigroup is a volunteer organization and we need your assistance! Please let us know if you can help! ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ----------- 5. TRADE SHOWS ----------- CeBit 2004 ---------- The CeBit Show is coming to the Javits Center in NYC on these dates: Tue May 25 10:00 AM - 5:00 PM Wed May 26 10:00 AM - 5:00 PM Thu May 27 10:00 AM - 3:00 PM For more information, or for complimentary online registration, visit: http://www.cebit-america.com SIA Show - TMC2004 - Securities Industry Technology Management Conference ------------------------------------------------------------------------- The SIA Show is coming to the Hilton New York in NYC on these dates: Tue Jun 8 12:00 PM - 6:00 PM Wed Jun 9 9:00 AM - 6:00 PM Thu Jun 10 9:00 AM - 12:00 PM For more information, or for complimentary online registration, visit: http://www.sia.com/tmc2004 *Please let us know about any local trade shows which may be of interest to our membership, and are not listed above. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ I hope to see you all at our next meeting! -Rob Weiner Unigroup Executive Director ugny-0504@unigroup.org http://www.unigroup.org --------------97F144D251EB458E36F234A8-- Tag: Stopping folder owners from changing permissions Tag: 53123
  - 16
    - Encrypted Email Does anyone have any starter tips on how to set up encrypted email for a company? I've done some reserch & only know the bare basics of Digital ID's...I could really use some tips on how to actually implement them We have 42 PC's - all are using Win XP PRO. 23 are in 1 building running under a Novell network & sharing a DSL line. The rest are working as "stand-alone's" & home offices throughout 1/3 of our state, using various dial-up connections. All email is a POP3 through our web hoster using Outlook Express Boss gives ME this great "idea" that all our mail should be encrypted. That's the extent of management help here, other than, can I implement it by Thurs. at 10am??? (as in 2 days from now! I do not have a "team", it's just me trying to figure out how to do this, or at least, trying to figure out a plan Any assistance will be greatly appreciated! Thank you so much Patt ASNI IS Tag: Stopping folder owners from changing permissions Tag: 53122
  - 17
    - Microsoft Redistributables trying to download Norton Internet Security and it says "the feature you are trying to use is on a cd-rom that is not available" Insert MSRedist disk. Can someone help please. Tag: Stopping folder owners from changing permissions Tag: 53120
  - 18
    - IE 6 Security flaw When using digest authentication the browser does not seem to return the opaque string, is this deliberate, or do you have to specify and different auth type. example GET /top.htm HTTP/1.1 Accept: */* Accept-Language: en-gb Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: localhost:87 Connection: Keep-Alive REQ : Authorization: Digest username="fred", realm="Internal@server.test", qop="auth ", algorithm="MD5", uri="/top.htm", nonce="3b14f0b2188d8c91e33ee7f2a84a1040", nc=0000003e, cnonce="d4fcf375b60c595a53c752af40b08640", response="ee58ca2a70377d87 37975fd379858f34" see no opaque, this would allow replay attacks see rfc 2617 HTTP/1.1 401 Unauthorized WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" Authorization: Digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" Tag: Stopping folder owners from changing permissions Tag: 53119
  - 19
    - win32 application I recently downloaded the sasser worm removal tool from Microsofts website, but when I try to open it to run it, I get the following error message c:\documents and settings\default\desktop\windows-KB841720-ENU-V4.exe is not a valid Win32 application What do I need to do to fix this Tag: Stopping folder owners from changing permissions Tag: 53118
  - 20
    - Mutliple IEXPLORE.EXE opening.. Hi I would like to know what the heck is going on!!! When I turn on my computer everything loads normal... then it gets insanely laggy. I hit ctrl+alt+del to bring up task manager and there are multiple IEXPLORE.EXE open?!? 2 and sometimes 3 of them are taking up 100% of my cpu in equal shares... arggghh I cant do anything on this PC now it happens everytime i restart.. Can somebody please help me? I would much appreciate it.. thanks :) PS Im able to post this because I've had my task manager open this whole time and just been ending any IEXPLORE.EXE that pops up.. other than this one of course ;) Tag: Stopping folder owners from changing permissions Tag: 53117
  - 21
    - Norton AntiVirus Rescue Disk Won't Scan Error 35 General protection fault in NAVDX.OVL When running NAVDX.EXE, it quits the scan and gives the above error message whether it's run from my booted DOS Rescue disk or from the Norton AntiVirus folder on drive C in a DOS Prompt window. However, when run from Windows by right clicking a folder in the Windows Explorer tree and selecting the option to "Scan with Norton AntiVirus" or simply running a scan from the AntiVirus user interface, it runs ok and does the scan without producing an Error 35 message. But, don't they use the same Norton AntiVirus folder NAVDX files as used when running from a DOS Prompt window? If so, why the different results? I'm running Norton SystemWorks 2003 in Windows'ME and have been doing Live Updates, testing my Rescue disk, and running system scans weekly now for many months without a problem until this past week-end. Below is a sample run of my Rescue disk from a DOS Prompt window: D:\Rescue> NAVDX.EXE C: /prompt Loading NAVDX, please wait... Using virus definitions from C:\...~1\COMMON~1\SYMANT~1\VIRUSD~1\20040514.033 Using options from D:\RESCUE Scanning Memory... OK Scanning Master Boot Records... OK Scanning Boot Record... OK Scanning file: C:\MSDOS.SYS Error [35]: General protection fault in D:\RESCUE\NAVDX.OVL at 059F:00F8 code 0000 SS=15AF DS=15AF ES=0000 load base=0157 AX=9BCE BX=DFF2 CX=DFF2 DX=0000 SP=CF6C BP=CF8C SI=002A DI=0000 C:\> -randau Oregon, USA ================================ I read and post from the Google Groups web site using a Spam collecting email address that I don't use for anything else. So if someone wants to contact me, cleanup the Spam resistant Email address below. randau2...(at)...proaxis.com by replacing ...(at)... with @ Tag: Stopping folder owners from changing permissions Tag: 53109
  - 22
    - What is the difference between a worm and a trojan ? Ok, I know the difference between a virus and a trojan. But what is the difference between a worm and a trojan? Is the one a subset of the other type or are they completele different ? Peter Tag: Stopping folder owners from changing permissions Tag: 53105
  - 23
    - Server security audit cleared by strange computer name When I logon to a server today I noticed a messenger server pop up kind of "Message from <kioskmachineonmynetwork> to "MyServer". As a curiosity I checked the security audit all logs entried were cleared at 7:00AM, today. The audit log was cleared: Primary User Name:SYSTEM Primary Domain: NT Authority Primary logon ID:(0x0,0x3E7) Client UserName: Administrator Client Domain:DBDCH621 Client Logon ID: (0x0,0x656A) At this time I already changed local admin password and rebooted the server, ran AV scan. Am I able to get any relevant information from the log description above ? DBDCH621 client is totally unknown to me. Tag: Stopping folder owners from changing permissions Tag: 53104
  - 24
    - Logon Process: Advapi - Causing blue screen. The following login event occurs twice everynight (Usually ~20:30), and then the server bluescreens and reboots. Login: (user: "creative" does not exist btw) Event ID : 529 Event Importance : Critical importance event Date & Time : 18/05/2004 - 9:58:21 PM Rule Triggered : Logon Failure : ANY reason (inform on any failed logon event) Computer : IIS02 Event Log : Security Event Source : Security Event Category : Logon/Logoff Event Type : Failure Audit S.E.L.M. Event ID : 1084881498_000000000000465 User Name : NT AUTHORITY\SYSTEM Operating System : Windows 2000 Domain Controller Logon Failure: Reason: Unknown user name or bad password User Name: creative Domain: IISFARM Logon Type: 2 Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: IIS02 Caller User Name: N/A Caller Domain: N/A Caller Logon ID: N/A Caller Process ID: N/A Transited Services: N/A Source Network Address: N/A Source Port: N/A Then immediately we get: Event ID : 1001 Event Importance : Critical importance event Date & Time : 16/05/2004 - 8:32:09 PM Rule Triggered : Save Dump: Memory Dump occured Computer : IIS02 Event Log : System Event Source : Save Dump Event Category : Unused message ID Event Type : S.E.L.M. Event ID : 1084703649_000000000000625 User Name : N/A Operating System : Windows 2000 Domain Controller The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00bb21d0, 0x00000002, 0x00000001, 0xbfc13ce2). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\MEMORY.DMP. Regards, MB Tag: Stopping folder owners from changing permissions Tag: 53095
  - 25
    - Pop up porn sites I am currently running Xp but when I am surfing the net from time to time a porn site window pops up uninvited can any one help me on how to stop this from happening. Cheers Chris. Tag: Stopping folder owners from changing permissions Tag: 53094

In an existing folder a user with modify access can create a folder. That user becomes the owner of the new folder, which inturn means that they are granted full control of that folder. This means that a user has the ability to change permissions for the folder, which is not ideal because the user can then remove the Administrators access to the folder, stopping it from being backed up to tape due to the Administrator not having the permission to access the file. I know that the Admin can take back ownership but I would prefer that this situation didnâ??t happen in the first place.

Also we are trying to move toward using permission groups and by allowing the user to change permissions they are able to go around this and add individuals. Is there any ways to stop the creator of a folder from gaining the ability to change permissions? I tried denying this special permission but it didnâ??t seem to work, maybe I wasnâ??t doing it right. Has anyone got any ideas on this? Thankyou

Top

Re: Stopping folder owners from changing permissions by Lionel

Lionel
Fri May 21 03:37:46 CDT 2004

"TG" <anonymous@discussions.microsoft.com> a Ã©crit dans le message de
news:32CF18FD-7EEB-49FD-B701-F48AE1327168@microsoft.com...
> In an existing folder a user with modify access can create a folder. That
user becomes the owner of the new folder, which inturn means that they are
granted full control of that folder. This means that a user has the ability
to change permissions for the folder, which is not ideal because the user
can then remove the Administrators access to the folder, stopping it from
being backed up to tape due to the Administrator not having the permission
to access the file. I know that the Admin can take back ownership but I
would prefer that this situation didnâ??t happen in the first place.

Since backup operators and administrators have the backup privilege,
a well-written backup application will bypass the permissions.

> Also we are trying to move toward using permission groups and by allowing
the user to change permissions they are able to go around this and add
individuals. Is there any ways to stop the creator of a folder from gaining
the ability to change permissions? I tried denying this special permission
but it didnâ??t seem to work, maybe I wasnâ??t doing it right. Has anyone got
any ideas on this? Thankyou.
>

Change the ACL so they can only modify the file _data_, not the metadata.
(The "Advanced" button in the security dialog box will give you access to
these settings).

Top