Terminal server security issue with screen cache?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - RPC UUID Hallo I would like to monitor RPC connections through my Windows NW. I developed a tool that is able to extract UUID from any Microsoft RPC Connections. The problem is that I need a lot of time to map every UUID because this activity have to be done manually throogh RPCDump. I would like to know if is there a complete list of all MICROSOFT RPC UUIDs and corrisponding RPC service so that the mapping can be done automatically? Thankyou for any help. Tag: Terminal server security issue with screen cache? Tag: 79291
  - 2
    - Backup and Restore local SAM Hi, I have a few large file servers running Windows 2000, each having a large number of local security groups on them. These are connected to a Storage Area Network, containing all data. If one of these servers crashes, I can easily create another server and map that server to the same volume used by the dead server. This saves the data, however, I am not sure how to restore the local groups so that their SIDs will correctly map to the data. Since these servers contain so much data, it would be difficult to re-create these groups, then re-assign the security to the data manually, assuming I could even remember each and every set of permissions in the first place. Do any of you know how to correctly restore these types of permissions or have you had a file server crash to where you needed to re-create local accounts? Tag: Terminal server security issue with screen cache? Tag: 79288
  - 3
    - Access with cached credentials Hi out there I have a simple question - how long is cached credentials pr. default valid in a windows environment ? The cause for the question is a small windows nt4 domain where the PDC (single and only) has gone forever - no backup neither - and the dealer is now pretty happy even though they no PDC - they can still logon to their workstations and have all vitale services local - the password is set to never expiere. If there is no need for them to add new users or change passwords etc will the cached credentiels ever expiere ? Tag: Terminal server security issue with screen cache? Tag: 79284
  - 4
    - Users with ADMIN profile Hi, We network at present is as follows: We have both a NT and 03 Domain. There is a two way trust between the NT4 and Windows 2003 server. The client machines are either Win2k or XP Pro with the latest service packs. The users logon to the 03 domain and are authenticated etc via this domain. The problem i have is that unless the users are a member of the Domain Admins group, certain programs on their pc will not work. Of course i dont want everyone playing about with the domain and have such a high security access. To setup a basic user on the windows xp or win2k, do they need to be a member of the local machine interms of security. Can i give everyone differnet access via the Group policy editor. Thanks for your help Mo Tag: Terminal server security issue with screen cache? Tag: 79283
  - 5
    - Running slow, know it's a virus but can't find it! My icons are slow to display, my generally fast up to date, newer computer is running too slow. I just know I've got a virus somewhere but McAfee and Stop Sign are not finding anything and showing clean. Any suggestions? Tag: Terminal server security issue with screen cache? Tag: 79270
  - 6
    - Registry key changes? Hello All, Should I be concerned about the registry log information below obtained using RegMon from http://www.sysinternals.com/Utilities/Regmon.html filtering on a beta version of an email program that I use? Notice I included the header of RegMon on the first line to provide what the information pertains too. "No","Time","Process","Request","Path","Result","Other" 2920,59.15,"Email_Program.exe:1844","CreateKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec23-6d09-11da-9254-806d6172696f}\","SUCCESS","Access: 0x2000000" 2921,59.15,"Email_Program.exe:1844","SetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec23-6d09-11da-9254-806d6172696f}\BaseClass","SUCCESS","""Drive""" 2923,59.15,"Email_Program.exe:1844","CreateKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec22-6d09-11da-9254-806d6172696f}\","SUCCESS","Access: 0x2000000" 2924,59.15,"Email_Program.exe:1844","SetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec22-6d09-11da-9254-806d6172696f}\BaseClass","SUCCESS","""Drive""" 2926,59.15,"Email_Program.exe:1844","CreateKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec24-6d09-11da-9254-806d6172696f}\","SUCCESS","Access: 0x2000000" 2927,59.15,"Email_Program.exe:1844","SetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec24-6d09-11da-9254-806d6172696f}\BaseClass","SUCCESS","""Drive""" 2929,59.15,"Email_Program.exe:1844","CreateKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec25-6d09-11da-9254-806d6172696f}\","SUCCESS","Access: 0x2000000" 2930,59.15,"Email_Program.exe:1844","SetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec25-6d09-11da-9254-806d6172696f}\BaseClass","SUCCESS","""Drive""" 3433,96.84,"Email_Program.exe:1844","CreateKey","HKLM\Software\Microsoft\Tracing","SUCCESS","Access: 0xF003F" If MountPoints is anything like Linux I would think a device is being mounted. Notice the log information is ends with BaseClass","SUCCESS","""Drive"" and followed with a "Tracing" key. Since I'm not very knowledgeable on the registry, I thought that I'd ask where someone with more knowledge could provide insight. TIA! -- Regards, Greg Strong Tag: Terminal server security issue with screen cache? Tag: 79268
  - 7
    - Locked out of p.c My Brother change the password for the admin patch on my p.c and then forgot it, i was wondering is there anyway to change the password to one i know? Also the only other patch i have is a limited account! :( -- Thank You for all your Help Mathew Wellington Tag: Terminal server security issue with screen cache? Tag: 79264
  - 8
    - McAffee virus upates How do I know where my virus defs are up to date. i run update (McAfee) and it says all is updated. Yet when I look at McAfee Virus Scan I see a dat date of 11/16/05. I formallay ran Norton AniVisus and that told me the date of my virus defs. -- woody162 Tag: Terminal server security issue with screen cache? Tag: 79263
  - 9
    - Admin password at startup I am setting up a friends computer to my network and they have Windows 2000 Professional and I seemed to have clicked something that now prompts me for admin password at startup. I now can't get windows up and running. Does anyone know how to disable or bypass the network startup password prompt? Tag: Terminal server security issue with screen cache? Tag: 79257
  - 10
    - Delivery Notification of spam I never sent I have received several delivery notifications of porn spam I never sent to a winger_65. I do not know this person. I ran antispyware and malware and nothing is found. How do I prevent this from reoccuring? I have contacted hotmail support but, nothing but, auto response that does not address this issue. Has my account been hacked and using me as a pigeon to distribute? Tag: Terminal server security issue with screen cache? Tag: 79251
  - 11
    - Security Alert Window Can't get rid of When I try to sign in to a web such as E Bay up pop this box that says the security certificate is not trusted. I have tried installing it, proceed anyway but it just keeps coming back. I have Windows XP Home. Anyone can help I would appreciate. -- Steve Tag: Terminal server security issue with screen cache? Tag: 79250
  - 12
    - block unwanted email address please walk me through the steps to block an email address. Tag: Terminal server security issue with screen cache? Tag: 79241
  - 13
    - novice question I have posted the following problem (pasted in next paragraph) in the small business server general questions because I believed my problem was configuration or something related. However, I'm curious to know, can someone possibly be working "behind me" and causing some mischief? No one else should have access to administrator. My virus defs are up to date. I don't see any unusual activity in log files, but then I'm not sure of what kind of stealth is available to a sophisticated hacker. If someone is toying with my network, is it possible to know for certain? Please read my scenario as follows: >I have a user that when I tried to remote to their machine this morning, the >first attempt was met with - "there are several users logged on, which user >would you like to assist?" There in fact was only one (that I know of). >Then after successfully logging in a moment later, the session was ended >with "the user has ended the session" - she didnt'. >Then when I try to go back in, the response is not repeatedly, "the user has >denied remote assistance" >The same thing happened moments later when I tried to log in to another users >session on another computer. - kicked out and then denied on repeated attempts Any help would be great. Tag: Terminal server security issue with screen cache? Tag: 79222
  - 14
    - Does anyone know how to see if NTLM is running on a web site? Does anyone know how to see if NTLM is running on a web site? Tag: Terminal server security issue with screen cache? Tag: 79219
  - 15
    - Spyware method of infection? And is it still present? Let me start by explaining that I am a software developer with a decade of experience in developing software for Windows. I have Windows Firewall, Windows Antispyware, Computer Associates Internet Security Suite and Symtanec Antivirus and a Symtantec router with hardware firewall and the popup blocker is on. So, you can imagine how suprised I was to find that I apparently acquired spyware while browsing using Internet Explorer on Windows XP Home Edition Service Pack 2. I did visit some sites that had heavy ads. I am at a loss to explain how I got spyware when I did not consent to downloading or executing any code. Could there be an undiscovered loophole? It is impossible to troubleshoot, because I think the first piece of spyware downloaded many more pieces of spyware before I had a chance to stop it. I deleted executable files with random or suspicious names from all over the place. According to Symtanec Antivirus, LavaSoft AdAware and SpyBot, there were about a dozen different pieces of spyware that had to be removed. And I still found pieces they all missed. Right now, I am not sure of the spyware is really gone. When I open most programs (including Notepad and Internet Explorer), it creates a subfolder of my Temp folder, then a small file inside of that folder, then deletes it. The file is NOT an executable. That can't be normal behaviour, can it? What kind of vulnerability can hook into the starting of most programs? I could not find any non-standard shell execute hooks or an AppInit_DLLs registry key. So, I have two big concerns now: 1. How did I get spyware when I did not consent to downloading or executing any code in Internet Explorer, and did not install any software of any kind for weeks? 2. Is the spyware still present? Can anyone offer any thoughts or advice? Paul Tag: Terminal server security issue with screen cache? Tag: 79218
  - 16
    - Securing or encrypting local ethernet? (howto) Hello, I would like to encrypt data on a local ethernet to prevent non-authorised user for 'sniffing' for confidential data. Using (secured) tunnels is not the solution due to the fact that the authorised workstations should communicate with each other. Does anyone know a way to secure or encrypt the network on WinXP-SP2? It should be straightforeward to implement (i.e. simple installation and simple password/certificate deployed) Thanks for your reactions Best regards Gert Jan Tag: Terminal server security issue with screen cache? Tag: 79213
  - 17
    - Can we "stored user names and passwords" in Windows XP Home Edition? Dear Friends, Can we stored the network user and password in Windows XP Home Edition? (this can be done in Professional Edition.) And how about in Windows 2000 Professional? Many thanks in advance. CC Tag: Terminal server security issue with screen cache? Tag: 79212
  - 18
    - DCOM + IIS + user credential Hi all, we have this intranet scenario: - Active Directory - A web application secured with Integrated Windows Authentication on IIS 5 - machine A WIN 2000 adv srv IIS 5 - machine B WIN 2000 adv srv Custom COM object - machine C Win2000 Professionale o WinXP Professionale IE 5.5 sp2 o IE6 sp1 How can we arrange the system in order to create from ASP on machine A a remote COM object on machine B? How can we ensure that user's credentials (from the browser on machine C) will be transmitted to the COM object on machine B? Best regards thx Tag: Terminal server security issue with screen cache? Tag: 79211
  - 19
    - Smart Card Login + Certificate Login to AD -> Lost smart card We have AD login using smart card + certificate working fine. We also know what needs to be done in the event the user forgets the smart card when they come to the office (let them temporarily login using a password and disable it the next day). However, what are people (companies who have implemented this MS solution, including MS) doing with the user who is a traveler with a laptop, has a good cached profile (from the last successful smart card login from the office before disconnecting), loses the smart card and needs to logon to the desktop at a foregin country (or anywhere where they are not connected to the corporate network and can't due to the inability to logon to the desktop in the first place?)? Does anyone have a solution for this? Is there no solution? Tag: Terminal server security issue with screen cache? Tag: 79208
  - 20
    - SmartCard Login+certificate to to AD & admins using Remote Control I have smart card login+ certificate to AD working, including W2K admins. The solution that I have allows me to use MS Terminal Service Client, Citrix and XP Remote Desktop with my smart card login+certificate to login to AD on a remote W2K server since these all virtualize the remote desktop sessions with the remote server (eg located at HK) while the admin resides at another location (SF). However, we also use Remote Control products such as RemotelyAnywhere, PCAnywhere, HP/Compaq RILO, WinVNC, MS SMS Remote Control and IP KVMs where it provides physical console access (as if you at are the actual console and many cases outside of the W2K OS itself) even though you are thousands of miles away. With the fact that smart card login to AD requires you to posess and insert the smart card at the server console but you are using a tool which gives you that conolse access/view from a remote distance creates a situation where you can't physically insert the smart card (my arm is not long enough to reach thousands of miles away :)). Again, we are talking about products that gives you actual console access remotely, NOT virtualized desktop sessions where you don't actually have physical console access so the issues are different. What are companies who have implemented this MS solution, including MS doing for this situation? Does anyone have a solution for this? Is there no solution? Tag: Terminal server security issue with screen cache? Tag: 79207
  - 21
    - Windows Firewall keeps turning off Each time I connect my computer to a new internet connection the firewall turns off (the red warning shield pops up) and I have to manually turn the firewall back on. Is there any way I can set the firewall to turn on automatically? It gets very tedious having to do this multiple times in a day. Tag: Terminal server security issue with screen cache? Tag: 79206
  - 22
    - Smart Card Login + Certificate Login to AD -> Lost smart card We have AD login using smart card + certificate working fine. We also know what needs to be done in the event the user forgets the smart card when they come to the office (let them temporarily login using a password and disable it the next day). However, what are people (companies who have implemented this MS solution, including MS) doing with the user who is a traveler with a laptop, has a good cached profile (from the last successful smart card login from the office before disconnecting), loses the smart card and needs to logon to the desktop at a foregin country (or anywhere where they are not connected to the corporate network and can't due to the inability to logon to the desktop in the first place?)? Does anyone have a solution for this? Is there no solution? Tag: Terminal server security issue with screen cache? Tag: 79205
  - 23
    - netchatspy my av found netchatspy on my system. i googled it and its supposed to be for puters on a network. im not on a net work. have no idea how i got it. i dont use msn or windows messenger. any opions would be appreciated. thanks -- xp-pro,sp2,ff1.0.6,40gb,380mb vig mobo,900gz, computer newbie Tag: Terminal server security issue with screen cache? Tag: 79193
  - 24
    - firewall going to get a adsl router with built in firewall. Do I still need zonealarm? Tag: Terminal server security issue with screen cache? Tag: 79192
  - 25
    - LDAP We're using several multfunction devices, e.g. copier/printer/scanner, and some have the ability to e-mail a scanned image, which requries a userid to retrieve a user's e-mail from Active Directory ... we're AD 2003 Interim. With respect to security, how should this userid be configured, e.g. minimal rights and/or possibly limiting the type of LDAP operations? Thank you in advance for your reply. Tag: Terminal server security issue with screen cache? Tag: 79188
- Next
  - 1
    - signing macros with selfcert.exe in office 11 First of all, is there MS forum for Office products? I am trying to create a security certificate to sign a couple of my pffice documents that I always use that contain macros. I want to avoid those pesky macro warnings at startup. I understand there is an easy way to create self signed certificate with selfcert.exe. The problem is I cannoft find this file in my office 2003 installation. The file should be in office11 folder but it is not there (I checked if f was hidden, but its not there). How do find the file? or is there a reputable place where I can get a free certificate I can have for personal use? or how else I can create a free certificate? Tag: Terminal server security issue with screen cache? Tag: 79186
  - 2
    - Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability http://www.securityfocus.com/bid/15827 Imhotep Tag: Terminal server security issue with screen cache? Tag: 79180
  - 3
    - Microsoft Windows Asynchronous Procedure Call Local Privilege Escalation Vulnerability http://www.securityfocus.com/bid/15826 Win2000 only Imhotep Tag: Terminal server security issue with screen cache? Tag: 79179
  - 4
    - Microsoft Internet Explorer Dialog Manipulation Vulnerability http://www.securityfocus.com/bid/15823 Imhotep Tag: Terminal server security issue with screen cache? Tag: 79178
  - 5
    - antivirus program stopped and will not restart my antivirus (mcafee) stopped and when I click on it in programs the hour glass comes on for a few seconds the goes off and the software does not start. When I tried to re download it from the website explorer will not go there. When I click on system restore it says system restore cannot restore and that i must restart and try again. I have gone to safe mode and tried to open the mcafee and it still will not open. when I try and install AVG antivirus since mcafee is stopped and will not start it says that it cannot install because rpc is not working. When I go to task manage and look at services it shows mcafee as stopped. I cannot download any scanning software from Internet explorer. When I try and open the security center in control panel it will not open and says that ipc is disabled. Any Ideas Tag: Terminal server security issue with screen cache? Tag: 79173
  - 6
    - User with unauthorized administrative rights I believe a user has obtained my administrative logon. How can I track them to find out for sure? - I have a win2003 domain. -- Thank you Tag: Terminal server security issue with screen cache? Tag: 79171
  - 7
    - Why does Explorer access the internet when searching hard drive? When I search my hard drive, windows explorer, Not Internet Explorer, tries to access the internet. I know this because EZ Firewall must be set to enable Internet access to Windows Explorer or I get the error message that the command was not sent to the program and the search wizard does not show up. My question is why does windows explorer go out to the eithernet, what information is it sending out? How can I get it to run a search without doing so? I've tried setting up EZ Firewall to only enable the trusted zone for Windows Explorer, but I get the same error message any time I block the internet. I've also enabled both, but locked the internet, and still get the same error message when I attempt to do a search. Do I need to pull the plug (Eithernet Cable) prior to searching my disks in order to successfully work off-line without risk? Tag: Terminal server security issue with screen cache? Tag: 79170
  - 8
    - Active X Plugins and Active Scripting I apologize if this has already been answered. I don't understand most of the security bulletins, so I download updates and hope for the best. My question is: There were several problems with Active X Plug ins and Controls and Active Scripting. The workarounds for these including setting the browser to "Promt". Have these issues been fixed? I would like to have a functional machine again. Thank you for any insigth you can provide. Kevin Tag: Terminal server security issue with screen cache? Tag: 79159
  - 9
    - Recovering EFS Files Hi When upgrading my email certs the cert regarding EFS was removed. Now I simply can't access the encrypted files. Imagining that the cert might have been deleted I recovered a deleted file from the \Documents and Settings\.....\SystemCertificates\My\Certificates. The file I recovered has the same name has the thumb print that is mentioned on the file properties efs details. I copied it to this location but still I can't access the files. Can anyone help me recover the files? Please don't tell me that I need to backup my certs after applying efs or anything like that. I'm aware of it and that's not the problem right now.=20 Hope you can help :)=20 Cl=E1udio Albuquerque Tag: Terminal server security issue with screen cache? Tag: 79155
  - 10
    - Where to find information on Internet Security I just started to read up on Internet security and had a few questions. When running a an ISA server with server pubishing, do I stil need to have an SSL (PKI) certificate? If no, can I still use the HTTPS protocal? Is there any other setup I could implement for secure Internet communications? Are there any books you could recommend on ISA, SSL, or S-HTTP? Tag: Terminal server security issue with screen cache? Tag: 79153
  - 11
    - BootExecute & Batch files Hi, all Is it possible to run batch files at boot time through referencing them in HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute ? And what about vbs files? Thanks in advance, rusga Tag: Terminal server security issue with screen cache? Tag: 79150
  - 12
    - Security Warning from IE When I send or submit something over the internet, it always pops up the security warning: "When you send information to the Internet, it might be possible for others to see that information. Do you want to continue? [ ] In the future, do not show this message." Even I check the checkbox and click Yes, next time this message is still shown up. I search the information in the Internet and found someone post to resolve this problem that: 1. Go to Tools -> Internet Options, click Security tab, go to Internet Zone, click Custom Level. 2. Scroll down to Miscellaneous section and select Enable for "Submit nonencrypted form data" I have already tried it but the warning is still shown up. When I check back the security setting, "Submit nonencryted form data" is back to Prompt. The questions are: 1. How to eliminate this warning? 2. Why isn't the security setting saved? Thanks for your help. Tag: Terminal server security issue with screen cache? Tag: 79145
  - 13
    - How do I know if Spy Sheriff has been removed? Hi, I removed Spy Sheriff following the instructions I have found on other posts. I am not too good with computers however, and want to make sure I got ever last bit of the darn thing. Is there any way to check this? I'm also curious what programs I should download to prevent me from getting spyware like this in the future. Thanks so much for your help! Thomas Tag: Terminal server security issue with screen cache? Tag: 79137
  - 14
    - Client can't reach SUS server I'm hoping that someone can help me out here! I have a SUS server set up, Windows Server 2003, non AD. It synced fine... all updates downloaded and I approved a couple as a test. Now, the client, I configured the registry according to the SUS "white pages", as follows: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "WUServer" = "http://horrace" "WUStatusServer" = "http://horrace" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "RescheduleWaitTime"=dword:0000001e (30) "NoAutoRebootWithLoggedOnUsers"=dword:00000001 (1) "NoAutoUpdate"=dword:00000000 (0) "AUOptions"=dword:00000003 (3) "ScheduledInstallDay"=dword:00000000 (0) "ScheduledInstallTime"=dword:0000000d (13) "UseWUSServer"=dword:00000001 (1) Problem is that the client is still looking at the Microsoft site for updates, not Horrace (the SUS server). I can reach http://horrace/susadmin fine. Any input would be great! Thanks! Tag: Terminal server security issue with screen cache? Tag: 79136
  - 15
    - Dropbox permissions Hi all, I have a Windows Server 2003 as file server, serving both Mac and PC platforms. I want to create a dropbox so that users can only drop files there but can change it or view anything in it. I set "Write" permission on the dropbox, the PC side works fine, however, the Mac users can't seem to do anything with it. Please help. Tag: Terminal server security issue with screen cache? Tag: 79135
  - 16
    - Unable to publish certificate to the GAL I have set up an internal Certificate Authority (CA) as an Enterprise Root on a Windows Server 2003 DC. All servers are Windows 2003 Server SP1 running in Native Mode. Setup went fine. I created a User certificate, installed it onto my PC and into Outlook 2003. I tried to use the Publish To GAL option but receive the following error: Microsoft Office Outlook was unable to publish your certificates. The server may be offline or your certificates may be invalid. Contact you administrator if the problem persists. If I elevate my account to Domain Admin it works, so I gather it's a permissions problem. I don't have the problem in my test environment. I've compared security rights in the Certificate Authority, Certificate Templates, ADUC and ADSIEdit. I can't find any differences. I've scoured the knowledge base, Google groups, Microsoft's groups, etc and have not been able to find an answer. Can anyone point me in the right direction? TIA, -- Kyle Plummer Tag: Terminal server security issue with screen cache? Tag: 79133
  - 17
    - disabling "Remember My Password" Is there any way to disable this "feature" ?? Thanks Villy Tag: Terminal server security issue with screen cache? Tag: 79128
  - 18
    - TASKLIST.EXE runs under alt credentials without password? Hi all: I'm guessing some caching of some sort is taking place, but I was trying to use the tasklist.exe comand line against a remote machine in my domain. When I ran it as such: tasklist /s workstation It fails with ERROR: Access denied. This is good, because my standard login is a low privilidge account. When I ran it again as: tasklist /s workstatation /u XYZ\PrivilidgedAccount it worked, without requesting a password! I'm guessing somewhere along the line, my PrivAccount credientials are cached. I tried clossing the command shell and re-opening a new one, but it still worked. I use RunAs regularly, but I'm always prompted for credentials. Can someone help me understand what is going on here and refer me to a MS reference? I'm concerned because there are times I will walk up to another users system to perform similar activities. Thanks, d. Tag: Terminal server security issue with screen cache? Tag: 79127
  - 19
    - Virus or Malware? Anybody ever heard of b57w2k? Is it a XP system thing or is this some sort of virus or malicious program/adware? Tag: Terminal server security issue with screen cache? Tag: 79126
  - 20
    - New MSSecure.XML Version 2005.12.13.0 Now Available MBSA 2.0 detection is based directly on Microsoft Update, so all inquiries regarding MBSA 2.0 patch detection for this month's release should by sent to the public microsoft.public.softwareupdatesvcs newsgroup. This announcement is specific to MBSA 1.2.1 and the underlying MSSecure.XML file that services the MBSA 1.2.1 tool. MSSECURE.XML Data Version 2005.12.13.0 (for use by MBSA 1.2 and SMS SUS Feature Pack) was last modified today, December 13, 2005, and is now available for all supported languages (English, French, German and Japanese). Today's release contains 2 new bulletins. These two bulletins are fully supported by MBSA 1.2 for detection. New December Bulletins 1) MS05-054 (IE Cumulative) - 905915. This patch affects all platforms where IE 5.01 or IE 6.0 SP1 can be installed - and replaces all previous instances of MS05-052 2) MS05-055 (Kernel) - 908523. This patch affects Windows 2000 SP4 only. -- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for support on the Microsoft Baseline Security Analyzer (MBSA). Information is available at the following link: http://support.microsoft.com/default.aspx This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: Terminal server security issue with screen cache? Tag: 79125
  - 21
    - Microsoft Security Bulletin(s) for 12/13/2005 December 13, 2005 Today Microsoft released the following Security Bulletin(s). Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details. Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided. Bulletin Summary: http://www.microsoft.com/technet/security/Bulletin/ms05-Dec.mspx Critical Bulletins: Cumulative Security Update for Internet Explorer (905915) http://www.microsoft.com/technet/security/Bulletin/ms05-054.mspx Important Bulletins: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523) http://www.microsoft.com/technet/security/Bulletin/ms05-055.mspx Re-Released Bulletins: Vulnerability in DirectShow Could Allow Remote Code Execution (904706) http://www.microsoft.com/technet/security/Bulletin/ms05-050.mspx This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so. If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. -- -- Melissa Travers, MCSE MVP Lead - Exchange Server, Security & Virtual Machine Please do not send email directly to this alias. This alias is for newsgroup purposes only. This posting is provided "AS IS" with no warranties, and confers no rights. Tag: Terminal server security issue with screen cache? Tag: 79124
  - 22
    - Culminis - IT Professionals Association If you are the leader of an IT oriented user group, or if you are a member of an IT user group, you should know about Culminis, a free non-profit user group support association. Founded only three years ago by 13 user groups in the United States and Canada, Culminis has been growing like wildfire and now supports 682,217 members in 455 IT user groups and user group associations world-wide. Here is an â??unsolicited testimonialâ?? from one of our member user group leaders that describes his feelings about Culminis. ==================================================== Subject: Big Orlando SQL Launch Ok, after about 6 months of being a member of Culminis I must pledge my allegiance to them. This is the second huge event they let the Florida SBS community participate in and we had the best table in the house. I had people from Tampa and Palm Beach groups helping and we totally kicked all the other vendors to the curb. Never put sales monkeys against it pro SBSers! Huge thanks to Tavis and Frank for the great advice, I had prepared over 1500 promo pieces and my table was clean by 10 AM. Also big thanks to John Paul and Culminis for arranging for the table. Vlad Mazek, Orlando IT Professional Association (Orlando IT Pro) www.orlandoitpro.com =================================================== If you are involved with, or know of, a user group that could benefit from what Culminis has to offer please let us know. There is no charge for groups to join, and the benefits are significant. For more details on Culminis see www.culminis.com Thanks Bill Zack United States Regional Director CulminisÂ®, Inc. Tag: Terminal server security issue with screen cache? Tag: 79117
  - 23
    - USB Authentication in TS We are looking to allow our clients access to a terminal server to use a custom application. We want to add security to the login process through the use of a USB key. I am leery about this solution because I am not exactly sure how the terminal services session will read the key prior to allowing the terminal session to begin. Could someone please help me understand if this is even possible and if so how it works? Also, any recommended companies to purchase the keys from would be a great additional help. Thank you for the clarification. Tag: Terminal server security issue with screen cache? Tag: 79115
  - 24
    - USB Authentication in TS We are looking to allow our clients access to a terminal server to use a custom application. We want to add security to the login process through the use of a USB key. I am leery about this solution because I am not exactly sure how the terminal services session will read the key prior to allowing the terminal session to begin. Could someone please help me understand if this is even possible and if so how it works? Also, any recommended companies to purchase the keys from would be a great additional help. Thank you for the clarification. Tag: Terminal server security issue with screen cache? Tag: 79114
  - 25
    - Certificate enroll with Windows Server 2003? Does anyone know how to make the certificate enroll application (enroll.exe) from Microsoft to work with Windows Server 2003? After some debugging, I found that the application failed with HttpQueryInfo() for "/certsrv/certfnsh.asp". The error code was 12150 (or ERROR_HTTP_HEADER_NOT_FOUND). I was running the application in a Pocket PC 2003 device. I use it to retrieve user certificates from the server. The same application worked fine with Windows Server 2000. From the MSDN web site, I find very little info on the issues. Has anyone encounter the same problem? Any help would be apprecited. Thanks. Lei Tag: Terminal server security issue with screen cache? Tag: 79113

Hi,
I've never seen this mentioned anywhere, but at the hospital I work for, we
use a lot of thin clients with Terminal Servers. We also have PC's that
connect to them. When the client PC screen locks with the default logon.scr
screen saver while the session is idle in the background, if you switch back
to the Terminal Server session screen, there is about a 1/2 second where the
previously viewed screen is visible, then it updates to show the new screen,
which is the login screen. The problem is, it's pretty trivial to just click
on the taskbar icon of the session, bring it to the foreground, and hit
print screen in that half second, then paste it into paint, or something
like that. I've done it many times just to demonstrate the method. If there
is patient information in that screen (or any other sensitive info) it's
easy to snap a shot of it, and walk away with the data. I have tried
DE-selecting using bitmap caching in the TS client, but that doesn't affect
it.
Has anyone ever heard of alleviating this gap using settings on the client?
Thanks,

Top

Re: Terminal server security issue with screen cache? by Steven

Steven
Mon Dec 19 20:01:11 CST 2005

If you feel that is a security risk then you may want to enable a logoff
screen saver in your environment being sure to train users because a logoff
screen saver will need to shut down open applications. Winexeit.scr is
available in the RK and there are many third party logoff screen
avers. --- Steve

"Gary" <phoneticallyitsgeemoonatsaratogacaredotorg> wrote in message
news:eOnD6BMBGHA.2896@TK2MSFTNGP10.phx.gbl...
> Hi,
> I've never seen this mentioned anywhere, but at the hospital I work for,
> we use a lot of thin clients with Terminal Servers. We also have PC's that
> connect to them. When the client PC screen locks with the default
> logon.scr screen saver while the session is idle in the background, if you
> switch back to the Terminal Server session screen, there is about a 1/2
> second where the previously viewed screen is visible, then it updates to
> show the new screen, which is the login screen. The problem is, it's
> pretty trivial to just click on the taskbar icon of the session, bring it
> to the foreground, and hit print screen in that half second, then paste it
> into paint, or something like that. I've done it many times just to
> demonstrate the method. If there is patient information in that screen (or
> any other sensitive info) it's easy to snap a shot of it, and walk away
> with the data. I have tried DE-selecting using bitmap caching in the TS
> client, but that doesn't affect it.
> Has anyone ever heard of alleviating this gap using settings on the
> client?
> Thanks,
>
>

Top