AD accounts and wireless, VPN, Cisco ACS

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - AcquireCredentials problem running inside iis I have a website in IIS which has been configured to run with Windows Authentication and I have <identity impersonate="true" /> in my web.config. I know that my configuration works correctly as when I look at the identity under which the thread is running I can see that it is the user's account. My aim is to generate a security token to authenticate the user against one of our single-sign-on(SSO) servers(written in-house). I am using the SSPI samples (Microsoft Security SSPI Classes) which I downloaded from your website to generate tokens in order to perform an sspi authentication with our SSO server. The problem I have is that when a user logs on although the thread in iis seems to run under the user's account, the SSPI call seems to generate credentials for 'anonymous user'. When I log on from the machine where iis is running (and I am the interactive user), the token is generated with my details. Which is the correct behaviour. When I log on from another machine where I am the interactive user ( and iis is still running on the original machine where I am the interactive user ) the token seems to be generated for 'anonymous user'. Is there a way I can get the call to AcquireCredentials and subsequently to InitializeSecurityContext to yield a token relating to the currently logged on user. This is the signature for acquireCredentials: SECURITY_STATUS sResult = AcquireCredentialsHandle( NULL, // [in] name of principal. NULL = principal of current security context pszPackageName, // [in] name of package fCredentialUse, // [in] flags indicating use. pszLogonID, // [in] pointer to logon identifier. NULL = we're not specifying the id of another logon session NULL, // [in] package-specific data. NULL = default credentials for security package NULL, // [in] pointer to GetKey function. NULL = we're not using a callback to retrieve the credentials NULL, // [in] value to pass to GetKey this->credentialHandle, // [out] credential handle (this must be already allocated) &tsExpiry // [out] lifetime of the returned credentials ); Initially (for the above described symptoms), instead of pszlogonid there was a null being passed in. I have tried to pass in an SID and even the logoin session id (luid) but this causes the function to return -2146893050 which i'm pretty sure is SEC_E_NOT_OWNER. I get this error now, on the iis machine as well as the remote machine. Is there something i am missing here? Can anyone help? Who shot J.R? I hope Keith Brown is reading im sure he'd sort this out in a flash. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84284
  - 2
    - Password dialog window popping up Beginning yesterday, I've got a dialog window popping up whenever I browse to a new web page. It's happening with both Mozilla Firefox and Nestcape browsers (sorry MS). This window requests username and password for random odd web addresses. As an example, when I browsed to this newsgroup starting with the Microsoft home page, every page I clicked through to get here popped up with the following: 'Please enter username and password for [empty quotation marks] at http://global.msads.net' . Trying to play it safe, I've been closing the windows using alt-F4 rather than clicking on their cancel buttons to avoid the ol' button switcheroo trick. As I said, I've never seen these before yesterday, it's been forever since I've seen a popup window at all. As for my sys config, I'm running XP SP2, Zone Labs ZoneAlarm firewall, AVG free edition anti-virus, Spybot S&D with the IE resident and TeaTimer resident activated, AdAware SE, Spysweeper with all shields activated, CWShredder and HijackThis. I scan my sys regularly with Spysweeper, AdAware, CWShredder and HijackThis, along with the spyware scanner built into Netscape browser. All these apps, along with XP, are current and updated. Scans today with AdAware, Spybot S&D, CWShredder and HijackThis came up empty. Any info or assistance with this shucking fullbit would be immensely appreciated. Thanx/gracias/merci. -- What are they infected with? Rage.... Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84283
  - 3
    - log on When I try to log on after the computer is sleeping it will not accept any keystrokes. Therefore I have to hard shut down the computer just to get back in. Can anyone help Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84271
  - 4
    - Rdp over VPN I just want to know if I need to open port 3389 if I using rdp over vpn. In theory I think that it's enough to open the vpn port, because the rdp is encapsylated in the IP-sec packet. But is this the case in the reality? Another question is how is the helpassistant account activated when using only unsolicited remote assistance? In which phase. I have read that when using solicited remote assistant it is activated when the invitationen is created. Can someone recommend a book or article that in depth describes the connection phase for unsolicited remote assistance? ( I have find other links for solicited) Thanks Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84269
  - 5
    - Any danger by opening WMV files? Is there a danger opening WMV files in XP? I sem to recall something about being taken to dangerous web sites or getting unwanted code on my system or something like that. I am running XP Pro/SP2. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84265
  - 6
    - Text message spam on my cell phone? I thought this was not possible with Verizon. Within the past month I've had several text message spams come in on my Verizon cell phone -- I have to pay for these -- can't believe this is legal? I've had the phone for a year now so I have no idea why within the last month I've started getting spam on my phone. We need some enforceable laws against spam, this is getting ridiculous. I can't believe I have no right to prevent solicitation, spam on my door step, spam in my Email, spam on web sites, spam on my car, and now spam on my phone. Why is it Monty Python comes to mind....spam spam spam spam spam... What is this world coming to? People still buy crap they don't need with or without spam. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84251
  - 7
    - Possible to hide a service from users? Anyone know of a way to either hide a service from users on a server or prevent them from being able to start a service? Windows 2003... I installed a server app that needs to remain on the system but I need to make sure it does not run. The problem is, sys admins out in the field have access to the server and they will know its not supposed to run but some, out of curiosity, may do it anyway. Any thoughts? Thanks. Carl -- Carl Wilson Security Engineer Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84248
  - 8
    - Uable to save changes to Group Policy I have posted in this in several groups, no responses. Trying again! See previous posts below. Since I posted the last time, I have done a "repair" install of Server 2k3 complete with all updates etc. Recreated the domain, same issue. On a second server, i created a new/different domain, same issue. I have repeatedly tried resetting permissions/ownership/etc, no effect on the problem I am certain this issue is related to the Symantec AV V10.0.2 as I have another new out of the box unit with R2 which has never had SAV installed, no issues there. I am sure this is an early detection of a problem that will be plaguing R2 users as I see it posted through out the newsgroups and have yet to see a resolution. So any suggestions/fixes would be greatly appreciated. I am on my way to formatting and reinstalling on three brand new servers as a result. While I have that luxery in the lab I am sure there are many in a production environment who dont. ORIGINAL POSTS: I have seen numerous posts regarding this issue, no real answers. My scenero: Three new Windows 2003 Servers Standard Edition R2. Lab environment, everything fresh. the only setups done are basic domain and active directory and entering users. Symantec Antivirus Corporate 10.0 installed but disabled. One server is PDC, others are BDC and connected by VPN (again, lab environment with VPN up and running.) All seems to work well. Settings replicate properly, licenses replicate properly. No real issues other than when trying to set GPO, the following error occurs: "group policy snapin was unable to save your changes due to the following error: the process cannot access the file because it is being used by another process". I have read post after post and tried all the suggestions given (which were few) but none has helped. I thought perhaps replication between the servers was the issue, but shutting down the BDCs does not effect the situation. If i go to D:\WINDOWS\SYSVOL\sysvol\mydomain.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf and edit the file manually, it still does not let me save returning an error saying it cannot create the file followed by the full path. I have reset permissions, ownership, all to no avail. Any responses greatly appreciated! UPDATE: I spoke with Symantec support today, found v10.0.2 of SAV Corp. is not compatible and is problematic when used with Windows server 2003 R2. I removed SAV from all three servers, removed the domain controller roll from all three and recreated the domain on the primary server. I still have the above error when trying to change GPO. In removing the rolls, it seems there are numerous problems created by installing the SAV V10.0.2 BEWARE!! At this point it looks as if I will have to start from scratch, format and reninstall. Any suggestions guys?? I really do not want to go through the process of reloading 3 servers! THANKS~~!! Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84242
  - 9
    - is this allowed???? http://www.msncheck.net/ just thought to let you know because you have to give youre email and password to a 3th party Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84238
  - 10
    - Filtering the auditing of file access Hi, I have enabled the auditing of object access on our file-server (2003) through the Group Policy Object Editor. After that i added some groups for auditing on a folder on our data-disk. This works fine. There is only one problem, the eventlog is filling up very fast with events of object access of files like c:\windows\system32\lsass.exe. Does anyone know an option to disable auditing on the system-files?? Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84223
  - 11
    - Tools for analyze all PC in a network Dear All, I have one big issue about sharing folder policy in my company. Many users doesn't understand how to make a proper sharing. That is why i need tools to analyze automatically all PC in the network, what kind of the share folder they have and the sharing permission. Can someone help me here? Thx Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84222
  - 12
    - Network Discovery | BSR 64000 on Internal IP? I recently did a network discovery of our small network. We have SBS2003 with ISA2004 hosted on the same server with 2 NICS. From the WAN side NIC it goes to a DSL modem/router and from there to the ISP. >From the modem/router is also a WPA wireless network. From the LAN NIC side is a single client computer. I found all my devices just find but seemed to have found one I didn't expect. It's sitting on a private IP or 192.168.0.49 and is called CMTS RiverDeltaNetworks. Looking up the SNMP info shows that it is a BSR 64000 and is registered to my ISP. Why would this IP be on my private network? I have DSL and not cable as well. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84220
  - 13
    - Virus or not? My avast labels it as a Virus/worm. Win32:VB-IE [Wrm] The avast has been removing the infection one piece at a time.. I am suspecting that the infection piggy backed on an update from Microsoft, that is not an absolute. It does not seem to be doing any thing now. It messed up my HP All-In-One Program and Microsoft OneNotein the beginning. I removed the damaged programs,hacked at the virus then reinstalled. Everything doing good now. I still get an alert and delet it now and then. I am not sure where it is coming from. I go to where it is supposed to be. I find three files. (Ntf7.tmp., Ntf8.tmp, Perflib-Perfd...). I open the hiidden files and find nothing else. I am thinking that whatever is left is slowly being found and deleted (time will tell). If not ... ??? Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84212
  - 14
    - Windows XP Firewall I have XP Pro & have an issue on the general tab of the xp firewall is greyed out & it was turned off for some reason. My services are started & group policy is set to not configured. I did find some info on the net that if I goto into the registry to here HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft WindowsFirewall This is what showed up in DomainProfile & StandardProfile folders. EnableFirewall REG_DWORD 0x00000000 (0) I changed the value to 1 in the StandardProfile folder it got the firewall set to on again but it's still greyed out on the General tab. The restore defaults button on the firewall did squat for me. I can't use system restore because there are no restore points before this happened. I would like to restore the ability to turn on or off the XP firewall myself. Can I delete those 2 registry entries in the DomainProfile & StandardProfile folders without causing my computer to crash or worse reformat? Would it restore the normal operation of XP Firewall? If anybody has XP Pro or knows anything about XP Pro it would be helpfull. Thanks in advance! Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84210
  - 15
    - Microsoft Security Bulletin(s) for 5/9/2006 Note: There may be latency issues due to replication, if the page does not display keep refreshing May 9, 2006 Today Microsoft released the following Security Bulletin(s). Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details. Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided. Bulletin Summary: http://www.microsoft.com/technet/security/Bulletin/ms06-May.mspx Critical Bulletins: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803) http://www.microsoft.com/technet/security/Bulletin/ms06-019.mspx Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) http://www.microsoft.com/technet/security/Bulletin/ms06-020.mspx Moderate Bulletins: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) http://www.microsoft.com/technet/security/Bulletin/ms06-018.mspx This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so. If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. -- -- Melissa Travers, MCSE MVP Lead - Exchange Server, Windows Security, ISA Server, Virtual Machine & Microsoft Dynamics Please do not send email directly to this alias. This alias is for newsgroup purposes only. This posting is provided "AS IS" with no warranties, and confers no rights. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84207
  - 16
    - ANN: C# Online.NET FOR IMMEDIATE RELEASE First Wiki-based Online C# and .NET Reference at C# Online.NET Dallas, TX ? A new concept in online references for Microsoft .NET programming languages is being pioneered by C# Online.NET?a new wiki-based, online C# and .NET reference. C# Online.NET offers documentation, tutorials, and C# source code examples for .NET languages beginning with the C# language. ?Compared to Java,? says Will Wagers, founder of C# Online.NET, ?there is a dearth of online C# help.? C# Online.NET is enlisting the aid of volunteer contributors to write articles, tutorials, and C# code snippets (ready-to-use fragments of C# source code). Offerings will target all C# programmers and developers from beginner to architect. Wiki software allows virtually anyone with an Internet connection to edit, view, and write documentation using their Web browser. ?The advantage of using open source wiki software is that we can harness the energies of C# developers worldwide to create a mega-resource for the C# community.? Contact: C# Online.NET Volunteer: editor@csharp-online.net Press: press@csharp-online.net Web site: http://wiki.csharp-online.net/ [ ANN: C# Online.NET ] Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84202
  - 17
    - I cannot use flash drive in my laptop I got a new tosiba laptop recently, I have accessed to net without proper anti-virus software. I got a virus in my computer, so I intstall lavasoft, mcafee, and panda anti-virus. I still suspect that I got some kind of spyware / virus - possible that someone is accessing go my information. (another topic) Somehow, I found out that I cannot use flash drive, though I can use in another computer. Whenever, I insert flash drive mesage pop up in right corner - USB device not recognized: one of the USB devices attached to this computer has malfunctioned, and windows does not recognise it. the location of the device is show in bold type - USB Root Hub (8 ports) - - unknown device Please help and advice! Rock UK Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84199
  - 18
    - Enabling Some Others Language in Windows 2003 Lite Version (Or XP Lite) Has anyone know how can we enable some other unicoded language in windows 2003 enterprise R2 (lite version)? In "Regional And Language Option" When I select another language like "Farsi" it says to me "Windows Unable to install choosen local. Please Contact your Administrator" If anyone know how can I solv this problem please tell me Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84194
  - 19
    - eWeek article - Microsoft give up on Malware... http://www.eweek.com/article2/0,1895,1945808,00.asp I'm having a hard time coming to grips with this statement from Microsoft -- that's like saying we give up on the other 80% of the potential market (yes still only 1 in 5 people use the internet with primary concern being security fears). I'm hoping this article is not accurate because Microsoft have sealed their fate with statements like this -- limiting the market and squeezing as much as they can out of the existing market does NOT present a stable future. I've also read other articles reporting very high level Microsoft execs moving the blame of the security flaws over to the consumer for not having proper third party protection?? I've been infected with Malware a couple of times and really have NO idea how it made it's way in when I have a host of tools to prevent such activity. Is Redmond really saying "we can't do anything about it"? Rob. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84192
  - 20
    - Security Acknoledgemnet I want to be able to temporarily change an person's homepage when they connect to my network and show an "Acknowledgement of internet use" page prior to them being able to access the internet, and if they don't agree to the terms I've set forward they can't access the internet. Is there any way this can be done? Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84182
  - 21
    - Security -- "Message Alerts" Hello â?? Background: I have an Intel-based desktop PC (2.6GHz) and I am running my applications on a Windows XP Home Edition platform. Problem: I keep on getting these "messages" every 10 minutes 24/7 that say my registry is corrupt, I have viruses, blah blah blah. This happens every day (again 24/7) and has been happening since the last two (2) months. If I am away from my PC for a few hours, then the message windows INUNDATE the screen interface. When I am using my PC to get my work done, these messages cause an enormous amount of interruption. The Alert Messages point mention a web address and say that if I download a program, that is the way to remove the viruses/registry corruption, etc. Then, it will charge $20-$30 for the program! Clearly, it appears as a sales gimmick. I only have ONE question as I am not even concerned for the contents within those messages, and that question is HOW do I get rid of the Alert Messages? Troubleshooting I have done: (1) Ran virus and spyware detection scans . . . and removed all infected files. There were only two. (2) I have gone to the My Computer icon and from one of the menus, disabled Remote Connection (3) Deleted temporary internet files within my Internet Explorer browser, etc. (4) Deleted Windows messenger using one of the features from the Control Panel (5) Rebooted my PC (warm and cold) But what can I do so that I do not get any such programmed messages. Again, I feel it is a sales gimmick. Please help ASAP!!! My email address is n2006@cox.net Thanks very much!!! Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84179
  - 22
    - Benefits of PKI - 5,000 nodes organization Hi, In practical terms, are many or most medium-large organizations using PKI ? We have 3,000 Win2000/XP machines, 2,000 macintosh clients. Exch2003 servers with 3,000 mailboxes. Win2003 AD deployed. In my organization we are planning to start a pilot and distribute smart cards first to our IT staff, then later deploy it for students. Besides smart cards, what are the common and practical use of the PKI infrastructure ? I mean, obviously you can secure internal e-mail with that. I would like to know how practical and common that it is. For internal server management I am using certificates provided by Dell, for example, and that is working OK. Also, for internal servers I can generate an internal certificate manually. For our commercial and extranet servers/sites, I am buying the certs from Verisign and it should continue that way even if I deploy our internal PKI. Please advise on how you have seen PKI deployment (especially the one in AD) bringing practical benefits to organizations. Thanks, M Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84173
  - 23
    - Virus Alert Malware I got stuck with a package that included atmclk.exe, dcomcfg.exe, regpertf.exex, and trojans stole3.tlb and another one with a similar name that I can't remember. Following instructions at Trend Micro I was able to get rid of all of them but am now left with an icon in the notification area (I have Win XP) that keeps producing popups saying my computer is infected and directing me to the SpyFalcon website. I've run assorted scanners but nothing detects where it is hiding. Any help appreciated; it's driving me crazy. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84170
  - 24
    - RUNDLL I have another post regarding my PC crashing on this site this morning. The HD I'm using now is a backup, new clean install. I reverted to this HD after the crash. Anyway................ I went to use System Restore, and got this dandy. RUNDLL An exception occurred while trying to run "C:\WINDOWS\system32\shell32.dll,Control_RunDLL "C:\WINDOWS\system32\sysdm.cpl",SYSTEM" My Event viewer shows: faulting application rstrui.exe, version 5.1.2600.2180, faulting module ssrstr.dll version 5.1.2600.2180 I checked system32, and all these files are there. Help Thanks. HazydayXP Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84162
  - 25
    - Black,Blue,andBlack again I was on this site this morning to checking a reply, I went to move my cursor and got 3 or 4 bold lines next to the cursor and my system froze. I rebooted, signed in and my screen went black, then a quick flash of a blue screen with text,and back to balck in a blink, then rebooted on it's own, so I tried to boot into safe mode on both mine and administrator accounts with the same result. I just finished a clean install of XP Home with SP2 on that drive Thursday! To say that i am fit to be tied is an utter understatement. Since purchasing the XP Home with Sp2, I have had to do repair and clean installs at least 6 times! That's since Dec. 2005. fortunately, I have 2 HD's, so I'm using the backup now. I haven't done anything with the primary (crashed) drive, just praying that I don't have to do yet another install. Any suggestions? I have spent the last 4 days trying to keep this system running. I have an AMD Sempron 3100+ with a gig of ddr sdram pc2700, a gigabyte motherboard with award bios from 2005. -- HazydayXP Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84161
- Next
  - 1
    - Microsoft Fingerprint Reader To edit or remove a log-on from the Quick Links list you choose a quick link then click on the Hand Icon displayed in Internet Explorer and then edit or remove from the quick links list. My problem is that the page/site where I had a quick link established for the fingerprint reader no longer exists, so there is no hand icon to click on to edit or remove the quick link. My question is how do you go about removing a quick link to a page/site that no longer exists? Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84141
  - 2
    - New site dedicated to security conferences : www.security-briefings.com Hello all, We proud to announce the release of a new site dedicated to security conferences : http://www.security-briefings.com Our goal is to highlight major information provided during the most popular and interesting conferences such as (but not limited to) : Blackhat, Shmoocon, Defcon, Recon, Cansecwest,... We will update regularly the site content with what we think being important for security people. Hope we can participate to the community effort to spread knowledge about security. Regards newslist [at] security-briefings.com Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84136
  - 3
    - Norton vs. Mcaffe Which is the better, I have Panda and never again, gave so many problems with DSL modem and router. Need a new anti-viris program. I did like Panda 2005 because it stopped spyware and adware, 2006 no way. Please help me if you can, would like to thank everyone in advance. -- cherriepit Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84128
  - 4
    - KB 896358 microsoft Updates wants me to download KB 896358. I have XP Home. I have tried to install the update AT LEAST 8 times, and each time I try , it gets 1/2 way tgroughand states there is a problem and fails. Any help? This thing is driving me craxy. I have had to change the Automatic Update settings so that it quits bugging me 'til I find a solution. -- HazydayXP Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84127
  - 5
    - UNWANTED PROGRAMMS Dear all, when i open the internet explorer a website is running automatically . i have changed the internet settings. but still the problem exists. i have got a symbol for the above website on my tool bar aswell . when i click the icon on the tool bar it automatically. and the above icon always showing a message your computer is infected with virus.( the web site is spywarequake.com). i have scanned the system for virus and malwares .but its is all perfect.please help me out from this problem thank you all Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84125
  - 6
    - Removal of Norton - Can run Windows Installer CleanUp Utility I recently submitted a query concerning the removal of residual elements of Norton Anti-virus software (Norton 2004 and maybe some earlier versions) which Windows Security Centre was say was still installed on my PC despite the fact that it is not. This is causing a conflict which is stopping my other Ant-Virus Software (PC Tools AV) from loading up - effectively providing me with no virus protection! I received helpful replies from both Engel and PA Bear. They both suggested using the following tool:- http://basconotw.mvps.org/SymRem.htm Within this document it provides a series of actions to fully remove Norton. However an additional issue has arisen when I try to install the Windows Installer Clean-up utility. When I try to run the file â??msicuu2.exeâ?? (which I downloaded to my desktop from MS) I get the following error message. â??The Windows Installer service could not be accessed. This can occur is you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact you support personnel for assistance.â?? Please also note that now have no way of re-installing any of my old Norton products. Is there anything I can do to get rid of these residual elements of Norton? How can I run the clean up facility? Will I ever have Virus protection again? Please helpâ?¦ Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84119
  - 7
    - "The expected version of your software is not detected?!?" Hi. Just discovered that I had some vulnerabilities (MS00-34 & MS00-28) on my pc. Found the patch on Microsoft's site, d/loaded it only to get the message above. (Sigh) What now? Please help. I do have MS Office 2000 so I am confused. Thanks. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84111
  - 8
    - Yahoo is spreading spyware! Yahoo is spreading spyware! Source: http://www.eweek.com Yahoo has routinely breached agreements with advertisers and placed advertising in spyware programs that serve annoying pop-up ads. Instead of "highly targeted" ads being placed on "high-quality" sites, Edelman alleged, ads are actually routed to low-quality sites without bona fide content, constituting syndication fraud. Link: http://ttcom.blogspot.com/2006/05/yahoo-is-spreading-spyware-source.html Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84110
  - 9
    - Got this message from Microsoft That popped up when I turned on the computer saying that I might have counterfeit software (I assume they mean Windows XP which I am running). I had someone upgrade this a few years ago and if it is counterfeit why would they take so long to notify me? Should I assume this is really coming from Mirrosoft? That had two options of "resolve this" and "resolve later". What exactly is their method to resolve this? I assume buying the correct software or ?. They say that with the counterfeit software that I won't be able to get the automatic security updates. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84107
  - 10
    - ANN: Windows Defender Support & Questions Another in a series of such Announcements Microsoft has established separate, private newsgroups for Windows Defender Beta2 support and comments. This is not one of them. See http://www.microsoft.com/athome/security/spyware/software/newsgroups/default.mspx The Defender-specific newsgroups include: - microsoft.private.security.spyware.announcements - microsoft.private.security.spyware.appcompat - microsoft.private.security.spyware.general - microsoft.private.security.spyware.install - microsoft.private.security.spyware.networking - microsoft.private.security.spyware.signatures - microsoft.private.security.spyware.onlinecommunity These newsgroups can be accessed via your browser or your newsreader. To access these newsgroups using your browser, start here: http://www.microsoft.com/athome/security/spyware/software/newsgroups/reader/default.mspx?dg=microsoft.private.security.spyware.general To access these newsgroups in your newsreader, please use the following information to set up your account: - NNTP Server: privatenews.microsoft.com - Account name: privatenews\spyware - Password: spyware NOTE: No password will be required via the HTTP link. -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84106
  - 11
    - Enterprise PKI. I have the following scenario to deal with : windows 2003 domain, installed in Jan 2005. Enterprise Pki installed in Jan 2005 and then uninstalled in jan 2005. There are kdc errors on the domain controllers : Source : KDC Event id 20 Description: The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain's public key infrastructure. The chain status is in the error data. Now the CRL is no longer available by any means, nor is the backup of the servers with the PKI in place. The dc's have certificates that were issued by this CA the certificates are valid until Dec 2006. Now my question is: can I use the instructions in the following article to clean out all remains of this CA even though the CRL's will never be available?: http://support.microsoft.com/kb/889250/en-us Hope there is someone there who can assist me with this! Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84104
  - 12
    - Multiple firewalls show in security center I had NIS professional (Norton) installed, subsequently, I have removed NIS - I used Symantec removal tool and I have work with symantec for the past 3 days. I have searched the registry and looked uner every stone. I have run the MSI cleanup tool and still are unable to find what is causing NIS still showing in windows security center. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84102
  - 13
    - S/MIME messages to a group Hi group Is it possible with Exchange 2003 to create a S/MIME certificate for a group ? The idea is to send an encrypted message to a group of users from outside of Exchange so that each one could encrypt and read it automatically. With PGP it worked fine, so I hope Exchange S/MIME supports it too ? Thanks in advance, Igor Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84099
  - 14
    - Net censorship spreads worldwide... "Repressive regimes are taking full advantage of the net's ability to censor and stifle reform and debate, reveals a report. Written by the Reporters Without Borders (RSF) pressure group the report highlights the ways governments threaten the freedom of the press. The report has a section dedicated to the internet and the growing roster of nations censoring online life. This censorship is practised on every continent on Earth, said the report." Not so shocking is it? --Im http://news.bbc.co.uk/2/hi/technology/4973114.stm Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84096
  - 15
    - OWA/ISA Flaw? Below is an old post that is exactly the issue I ran into when publishing OWA on an ISA 2K4 server caused other users to login to someone else's mailbox. Has there been any fix for this? I can't seem to find much on the internet about this issue and MS doesn't seem to have anything on there site (at least from my searching). Thanks, -- Jeremy Lawrence MCP, MCSA, MCSE+S, CEH Has there been any movement on this issue? I've got the same problem on my network and it is just too big a security hole to allow to continue. I've seen a lot of scuttlebutt on the UseNet about the problem, but nobody seems to have a real solution. Thanks in advance for your help. Al Blake wrote: > OK > I have found out what is happening and a work around - but it is not a real > fix. > I spent 3 days testing OWA access from the Outside (through ISA) using a > win98 'problem' machine and a WinXP 'new' machine. > It seems that the are problems with the caching of incoming web requests. > This means that the ISA box is caching all the incoming OWA stuff. When it > receives a request to http://mailserver.ourdns.domain/exchange/ from a > different user it > simply hands back all the info it already has to the client, which starts to > build the inbox OF THE LAST LOGGED ON USER! > > It is only when it encounters something that needs 'authentication' that it > prompts the user for username and password. This is AFTER it has built > 'Inbox - UserA' and displayed on UserBs browser but (usually) before it > actually displays any messages. If there are problems with the > authentication mechnism - like the win98 box outlined below it may build the > whole thing. > > I knew that caching might be an issue so I already had a rule in my ISA box > to PREVENT caching of requests to the mail server. It doesnt work. My rule > is: > > Destination set: mailserver > Action: Retrieve directly from specified destination. > > This should prevent ANY caching of content for that server. It doesnt. If I > connect to the OWA server after another user I get their mailbox constructed > on my browser BEFORE I get authenticated. > > I have confirmed that this is the problem by dropping the incoming web > listener and publishing the mail server via a server publishing rule on port > 443 (SSL). Since doing this I have not encountered that 'wrong mailbox' > problem - which is a relief. I now get prompted to authenticate BEFORE > anything gets to my browser. However, this is not ideal as by going down > this route I have lost the functionality of the web proxy (ie setting up > different rules for different host names). > Can anyone confirm whether it is possible to TOTALLY disable caching on > incoming web requests for a listener? > > The problem above was coupled with a second problem applicable only to > specific browser/OS combinations. Its seems that the win98/IE6 machine I was > using to test with CANNOT cope if integrated authentication is enabled on > the mail server. Netscape on the same machine is quite happy and connects to > OWA without problems - but it uses Basic authentication. IE will not connect > and reports 'server not found or dns error' unless integrated authentication > is disabled at the server . > As soon as I disabled Integrated Auth on the OWA server IE quite happily > connects and prompts for credentials. I only allow connectivity by SSL this > is not too much of a drama - except that I now have to create a separate > virtual server under IIS to support my internal LAN users who DO want > integrated auithentication. > > So, two weird problems contributed to the scenario we encountered. The > 'inbound caching' one is really worrying because it means that any user > could be shown any other users mailbox. Has anyone got a sure fire way to > diable this (other than by publishing the port directly which is what I have > just done). > > Regards > Al Blake Australia > > > "Al Blake" <alblake@iprimus.com.au> wrote in message > news:#Gy2pQF5BHA.2296@tkmsftngp05... > > Please dont tell me this cant happen. It has. I watched it myself this > > afternoon with two other experienced engineers: > > > > - OWA2k published through ISA server to internet. We allow basic and > > integrated authentication at the ISA server and on the ex2k virtual > servers > > - SSL access only allowed (443). > > - SOME clients (100+ out of 1200+) cannot connect to OWA from their home > > pcs. When they attempt to connect to OWA mailbox URL they NEVER get > prompted > > for authentication but get a "Server or dns error" displayed. > > - If the SAME clients try to connect to a public folder published for > > anonymous access, still using SSL they connect without difficutlties. (so > > the certificate and the 128 bit browser stuff is ok) > > - OCCASIONALLY (we saw it today) they will get connected to an OWA mailbox > > that IS NOT THEIR OWN! > > > > This is very scary and real. I really have no idea what is going on but > our > > hypothesis is that the message back to the client from the Ex2k server is > > getting corrupted by ISA in such a way that some clients cant understand > it? > > Instead of 'please authenticate' they just get 'server problem'. Even > > worse - sometimes ISA gets the credentials of one authenticated connection > > (current or previous) and applies them to a DIFFERENT connection...or at > > least this is what we think is happening. > > > > Has any one got any ideas on this? The clients are all running late model > > browsers (we just upgraded the one we were testing today from IE5.5 to IE > > 6.0 but get the same result). Why dont the users get an authentication > > prompt? > > Getting an unauthenticated user connected to a random mailbox completely > > blows any OWA security out of the water. > > > > Al Blake, Australia > > Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84091
  - 16
    - Are all VPN Clients compatible to all VPN servers ? Can I use every (at least the most popular) VPN Client to connect to every VPN network ? In other words is the VPN protocol standardized? Or must the VPN Client fit to the VPN server ? If client must fit to the server: How do I find out the server product name (without asking the admin) ? Martin Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84087
  - 17
    - Secure ForestDNSZones We have a root domain and a few child domains. The ForestDNSZones is replicated to all domains. This ensures the _msdcs and forest wide pertinent zone info is available. However, the default security permissions for the zone allows child domain "Administrators" rights to modify objects on sensitve forest zones. After reviewing the ACL, it appears that this permission is Inherited. Has anyone removed this right? Is there a document out there that addresses this? Thanks, Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84084
  - 18
    - Office Passwords Is it possible to retrieve a password protected document (Excel, Word). A user quit the company and had a very important doc, but we can't access it. Thank you in advance for your suggestions / comments. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84083
  - 19
    - local administrator. power user or users.....thanks. i have a windows 2000 server plus 40 workstation. do i have to make the local user part of the administrator group or power user. or i need to created a special user for this local computers. all this to prevent users to damage computers. thanks for any help here. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84079
  - 20
    - Unasked files opening When starting the computor the programfile is opening without me asking for it. What has happened? Do I have visitors on the computor that I haven't invited myself? Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84075
  - 21
    - Windows Security Center When I open the Windows Security Center, it displays the following message: "The Security Center is currently unavaliable because the "Security Center" service has not started or was stopped. Please close this window, restart the computer (or start the "Security Center" service), and then open the Security Center again." I tried restarting, didn't work. How do you go about restoring the Security Center service. It was working initially when I first installed SP2, but now it's not working and I don't remember disabling it. Not quite sure how it got disabled. Anyone know how I go about restoring it or what the deal is? Thanks. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84074
  - 22
    - SUS/Windows update problems Windows 2003 Standard SUS (NOT WSUS) server is configured via Group Policy to automatically download and install updates to client PCs at 9AM daily (the settings are correctly grayed out and show 9AM); however, when you login as administrator to a Windows Pro client workstations configured to pull updates from the SUS (NOT WSUS) server shows a long list of updates that were not automatically installed (KB899589, KB913446, etc). Anyone know how to fix this? Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84068
  - 23
    - winmm.dll errors I have a friend that had problems with his computer. I got I think all the viruses removed using avast av. I also used search & destroy and ad-ware remover. But when we start his computer I get a message. it has explorer.exe, then the message says the application or c:\windows\system32\winmm.dll is not a valid image. Then it says to compare with the windows cd. I hit enter and it keeps loading and then we get one for soundman.exe with the same message. Then everytime we open windows explorer we get the message. I hit ok and it opens. Any idea what could be causing this? I can open internet explorer and don't get that message. Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84064
  - 24
    - events 529;539;644 Can anyone tell me why i can have hundreds of event 539s but no 644 or 529. Its set up after 3 failed logon attempts the account is automatically locked out. I get maybe 3 529s to 300 539s how is this possible? Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84061
  - 25
    - email spam software..help please .thanks. i have a windows 2000 server with exchange 2000, we are using symantec product to filter all spam , this product is 1 year old , i know symantec have new version of this product , i do not like this product to much because once i while stop a good bussiness email , which of course couse lots of problems do you guy have experience with any other products ? please give an advice here thanks. now, it is ok to have another spam software on the workstaiton computer to detect all spam that the server can not filter or we are waste our money by paying to software to control spam thanks in advance. RM Tag: AD accounts and wireless, VPN, Cisco ACS Tag: 84060

I have students and staff AD accounts.

Students should be allowed to access wireless (Cisco LEAP).

Staff accounts should be allowed to access VPN and wireless.

Both Student and Staff Active Directory accounts have the option "Dial-in"
tab set to "Allow".

Problem:
Since that option "Allow" is enabled, students could install and launch VPN
client and get connected thru VPN. I don't want that.

Question:
What would be the best way to create a policy to allow the access to
wireless, not VPN ?
Note that I am using Cisco ACS to control the authentication between the VPN
system, Wireless and Active Directory. VPN concentrator is Cisco 3000.

Top