Any audit option to monitor who/when DNS records get deleted?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - patching w3k srv - sp1 Hello Newsgroup, can anybody tell me which patches (hotfixes!!) are included in sp1 of w3ksrv? which is the highest KB Nr? thx for help bernd Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91378
  - 2
    - Difficult password situation I have a problem with my Windows account and I'd be very, very happy if you could help me. Here's my problem: my Windows account is limited, it can't install any software which I'm looking a solution for. I don't know administrator password. I've thought to find or reset it. I've found several programs for this but they require booting from either floppy or cd-rom and my first boot device is set to hdd. I can't enter bios either, it's also password protected. I'm afraid to pull bios battery.. I only want to able to install software. Can you please give me any light on this? Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91377
  - 3
    - Eliminating data from hard disks;options Hi, We have to phase out and decomission several Compaq/HP servers and respective hard drives. I attempted to use a tool 'maxblast' (or something like that) in the past, and I didn't get that one to work on multiple hard disks with unconfigured RAID. Two questions: 1)If I use the vendor tool to 'delete' an array and 'recreate' an array, is the data on the hard drive wiped out? According to the message on the screen it says that is the case. I am wondering if security wise, the data on the hard drive has been destroyed for good and what it would take to recover it in case someone with bad intentions manages to explore data from those hard drives. 2)Imagine I run 'SmartStart CD' (it is just a vendor initialization software from HP) and I run the option 'Erase System Partition'. That respective option tells me that the whole data and system partition would be deleted from the hard drive. Upon running the tool I noticed that the LED on the hard drives flash very quickly and the message on the screen states that the data has been erased. Since that happens so fast, I am wondering whether the data has been wiped out? If I don't get an answer from people on this, I may ask HP, however I am trying here to get an unbiased feedback. Thanks much, Marlon Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91374
  - 4
    - Cannot access folder For some reason, some of the folders on our server cannot be accessed, even by Administrator. How can I set the owner, or security, so that adminstrator can access the folders and thus let me set correct ownership? As far as I know, I set a folder one level higher with full control by administrator and the file owner. Now the owner cannot access, nor can administrator. Is there an override facility to fix access? Regards -- Doug -- Doug Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91367
  - 5
    - Logon to account with different credentials How can I logon (with administrator credentials) using another users settings? Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91364
  - 6
    - Security Logging on Central Server Does any vendor make a product that would record not just the metainformation for each incoming and outgoing connection on each machine (source and target IP, ports, etc) but also Windows OS specific information like process name and PID, and record all of that in a central database using SQL Server? It would be extremely nice if I could then go to a management console and do complex queries and see certain traffic patterns (e.g., all attempts to connect to IP=x in the last 90 days). You might find as an answer that three machines on your network connection to that target IP and do so using a process whose name is namgr.exe, for example. Having this kind of information is an invaluable time saver over the old fashioned methods of sniffer and sysinternals tcpview. -- Will Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91359
  - 7
    - Hacked By ENjeXion // AYYILDIZ TEAM AYYILDIZ TEAM :) Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91354
  - 8
    - Microsoft's new project -> Vienna ? I am shocked! Your reaction and comments.Thanks http://news.yahoo.com/s/pcworld/20070209/tc_pcworld/128888 -- Panda_man Silver level Contributor Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91340
  - 9
    - 4 GIGS found by Chkdsk? I just set up my second laptop and plugged in my USB External HD. The laptop ran chkdsk at startup. I finally had to unplug the HD to get it to quit. Then it booted up. Now I see that there's a folder on the External HD called "FOUND.000". It has 4 GIGS worth of *.chk files in it. Can anybody explain what this is, how it happened, and what I should do about it? -- <*(((>< ~~~~~~~~~~~~ Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91330
  - 10
    - how to remove "worm"? Using Windows XP and Trend Micro Internet Security that came with a Dell Desktop I get the following security message. I can't seem to remove it. Any suggestions as to how I eliminate this worm? Trend Micro PC-cillin Internet Security Notification Real-time Scan Trend Micro PC-cillin Internet Security has detected a virus, spyware application, or other Internet threat, and performed the action specified. Infected file: C:\WINDOWS\WIN32UDT.EXE Virus name: WORM_SDBOT.CZD User name: Scan action result: The Quarantine action was unsuccessful. Manually delete the file if you are sure that it is not needed. Note: If Search for and clean Trojans is enabled and is executed after scanning, you can click Next to view final scan result information. Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91326
  - 11
    - Personal firewalls vs XP firewall Due to having many users on our computer, using Windows XP Pro, I will be purchasing an Internet Security Suite. Is it better to have the personal firewall in the suite turned on and the XP firewall turned off, is it better the other way around or is there very little difference? I have not decided which suite to purchase so I would appreciate any recommendations. Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91316
  - 12
    - Deny change of email address Is there a way to allow a group to change personal and public info concerning user objects, but deny them the right to change the email address, esp. the one listed on the General tab? Cannot seem to find a checkbox that does that. Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91315
  - 13
    - rfc-ignorant I just learned we have been on the rfc-ignorant.org list back since Nov '05. The site doesn't provide a "why" we are listed only a number of rfc's that are potential violations. I don't have the skill sets to trouble shoot these. I'm waiting for an explaination for the admin, but its been over 24 hours with no response. Is there a place I can go to get some help determining what to do? Thanks Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91308
  - 14
    - Traffic from Computers that are Powered off 1 I am an IT manager of a small company. We have a local domain server (Win2003, Exchange) on which we have ISA 2004 installed. Employees leave at 5:00pm and switch off their computers. The last few days, I have been looking at the ISA logs, and I noticed that there was traffic between some computers (on the internal network; and they are off !) and the server. This could be some weird worm/trojan that spoofs the IPs but I tried all kinds of anti-virus and I can't find anything. The protocols I see in the logs are mostly RPC, Microsoft CIFS (TCP), and NetBios. I can't see the raw IP header in the logs (which is another question I have even though I configured ISA to log this as well) Any ideas what that might be ? Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91305
  - 15
    - Audit the Creation of a Directory I have "Audit Object Access" turned on via group policy to audit success/failed events for my domain workstations. I also have have auditing turned on for the folder that I want to audit on one of these domain workstations. The two items I want to audit is: creating or deleting a file or folder. The deletion of a file/folder works fine and shows up in my security log. The creation of a "file" also shows up in my security log. The issue is: The creation of a "folder" does not show up in my security log. Why is this? What am I doing wrong? Can somebody try this and see if they receive the same results? These are the auditing entries I have for the particular folder that I am auditing on this domain workstation: Create Files/Write Data Create Folders/Append Data Delete Subfolders and Files Delete The above four auditing entries are enabled for success and failed events. Thanks, Niatross Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91292
  - 16
    - Restricted Sites Folder I have a cookies folder for a single user that is showing as belonging to the Restricted Sites Zone rather than the My Computer Zone. I have tried blowing away the user's profile and rebuilding, made them an administrator, disabled all web folder settings.. still no luck. This problem does not appear for any of the other users on the laptop. Of note the laptop is running IE 6.0 on W2K and is using securedocs. Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91290
  - 17
    - norton systemworks downloaded from symantec, but did not seem to download correctly. when i try to download again it tells me that another installer is running. any help to what program is doing this would be much appreciated. have tried to uninstall but it will not let me. also when i close internet explorer i get a software exception ( 0x0eedfade ) occurred in the application at location 0x7c812a5b. then a runtime error 217 at 02b3f1ca. i'm not a pc wizard so any advice would be most welcome . thanks brian Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91287
  - 18
    - Apple Commercials Mock Vista Security On target and very funny. IE7 is just as bad, I tried to send this on IE7 but Google claimed I was blocking cookies even though I have Google listed as trusted. 1 step forward, 2 steps back. It's simple, MS should include a firewall that is at least on par with ZA, and and stop inventing executable codecs and other virus friendly file formats. MS also hasn't learned that there is a fine line between malware and "marketing friendly" software. Root kits were invented by Sony (if I'm not mistaken), and I think it's time that someone creates an enforceable standard (a law) that no app can access the web or contact the manufacturer's servers without the express consent of the user. I don't need permanent "buy me now" buttons on every little app I use. Nor does ever app need internet access. I "validated" my software when I had to drag my ass down to the store and give the surly cashier my hard earned money. Yes, piracy is a problem, but it's not my problem--my problem is the continuing focus on marketing and not on customer satisfaction. That's the goal, customer satisfaction. A "free market" means if you can't hack it, you leave. If too many people are stealing your software, do something else, become a bus driver. That's what we were told, if your jobs get sent overseas, do something else, it's the free market! Automatic updates are the result of sloppy programming and greed. Here's an idea: test your f'ing software *before* you sell it. What about all the superior Indian programmers that took jobs from US programmers? Shouldn't the software be *better* than it was? Adobe reader wants an "update" almost every week. It's just a f'ing viewer, but it causes more than its fair share of browser crashes. It's Adobe, they can make Photoshop but they can't fix their own file viewer? Or is it marketing data they're collecting? And why are people using Adobe anyway, it's the web, the web is made for f'ing text! I say f--- pdf files! So, maybe it's time to get back to basics. Focus on making good software that is not spyware and maybe security will be as simple as watching 2 or 3 ports. As it stands now, every app wants to report back, or open a link to a web store. Adware is one thing, but poking holes in my security and cluttering my bandwidth with hacker friendly marketing data is another. Think about this, you've got a choice: a "B" class product that tries to send data to it's manufacturer or a cracked "A" class product that tries to send data to it's hacker or a "X" class open source product that just does what it's supposed to do. The more intrusive and disruptive a manufacturer's auto update/ marketing scams, the more appealing the cracked version becomes (to non-techs). People won't select the cracked version because it's free, they'll do it because the devil you know is better than the devil you don't know (or vice versa?). Of course that will cause a whole new cycle of malware infections (read: you shouldn't use cracked software). Repeating: I'm saying you should not steal software, you should not use cracked software. Lastly, Vista is proof that the versions of windows between 3.11 and Vista weren't really OS upgrades, just skins with gimmicks. I should really get a blog. Copyright 2007, Borg Vomit PS a news cast just said: Bootleg Vista on sale in Mexico... $9 !!! Sad. That means they'll add another 50 digits on the PID and make you call a 1800 everytime you boot up... time to switch to Linux. Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91286
  - 19
    - atomiclog adware removal is there a simple way of removing atomiclog adware how dangerous is it ta -- blowhorn Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91280
  - 20
    - Best Way to Share a Secret String Between Member Servers? I am looking at issues around having each computer do its own backups using the native Windows backup application to a file server. Rather than having a custodial domain account used by the computers, and with that all of the hassles of dealing with how to secure the password, I am wondering if there is a way to do the DACL permissions to the target share / file system based on just authentication by Windows domain system of the target computer itself. Could you put the machine object of the computer doing the backup into the DACL of the target share\folder-path, and then run the backup process as SYSTEM on the client computer? I did try this as an experiment and the scheduled task refused to run. That could be a problem with the implementation or with the theory, and that's why I am checking. -- Will Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91277
  - 21
    - question about removing enterprise CA We have an AD environment where other departments created Enterprise CA's for there own use. What has happened is that those servers got decomissioned without certificate services being remove properly. There is no backups of those machines since they have been decomissioned for some time now. I would like to clean up the mess left over in Active Directory. Since these machines have been removed and certificate services wasn't removed properly at that time what is the best way to clean up? Do I just go in and remove the AD objects related to those certificate services servers now? Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91272
  - 22
    - Documentary on spyware, adware, malware and other online parasites threats. Especially for newbie, at http://geekvideo.blogspot.com/2007/02/documentary-on-spyware-adware-viruses.html Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91268
  - 23
    - Removing unwanted bogus system alert from task bar Somehow someone managed to place a "system alert" on my computer. When I boot up it appears as a flashing question mark (?) on my task bar, and pops up indicating I have objectionable material on my computer and to click here to download "Antivermins" to eliminate these. When I click on the flashing alert symbol I get antivermins.com/? aff=334, and solicitation to buy and download their software. How do I remove this unwanted popup from my taskbar and computer? Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91256
  - 24
    - =?iso-8859-1?q?kerio_alert_me_when_installing_flashget_that_it=B4s_launching_a_shell_command?= Hello, I have installed the last version of flashget, which is 1.8.1.1002 and I get a message box telling that flashget has launched a shell command, previously I get a connection from localhost (127.0.0.1) from the port 80, and a connection attemp from this ip: 60.219.197.19 All this, before I begin to download anything anybody here is using this download manager and has received this same message? it=B4s the first time I get this message box, in previous versions I had never received Thank you and regards, Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91255
  - 25
    - How to removed cached credentials from Remote Desktop Client How does an Administrator remove cached credentials, user names and server names from the Remote Desktop Client? I've deleted the "default.rdp" file in the "My Documents" folder with no luck. I original posted this question in the Google Group; microsoft . public . windowsxp . general Bryan Smith Huntington, Indiana Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91253
- Next
  - 1
    - Write to registry problem Hi, guys! I need to write into HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies and that work without problem for user with admin rights , but not for Standard or Power User. I set permissions in administrator for such user but still can't write into ( just with regedit ). No problem to write into any other key of that branch HKCU\Software\Microsoft\Windows\CurrentVersion. What I need to do to allow to write ( create new key or add value ) TIA Arkady Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91249
  - 2
    - Tool for checking security on network folders - Win2K3 Hi, I am looking for an utility tool for helping me in obtaining a report with all share and security permissions for all folders, subfolders and files on a Win2K3 File server. I will have an IT audit and i need all these information in a common format in order to start checking it then. Thanks -- Bogdan Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91235
  - 3
    - How can I convert or import S/MIME to PGP ring? Hello everyone, A friend of my sent his public key as a smime.p7s file. I want to add it to the GPG ring. When I double clicked on the file, the certificate was added to the MS Outlook certificate store. However, I use GPG/Enigmail on Windows (mostly) and Linux. Is there any way to import this file to my GPG ring? Thank you in advance for any help. NJ Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91228
  - 4
    - spyware pop up This keeps on poping up tonight. It says I need to download something, cause my computer may be infected. I dont think its from MSN. Could you tell me if it is safe or not. Here is the link. http://www.usuc.us/2/popup/2.php?ref=john_p Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91218
  - 5
    - Security at risk at pc startuo When I start my pc, a red shield appears in my taskbar. The message says that security is not on and my computer is at risk. When I open Security Center, everything is on. Is there a way to fix this. -- lucky613 Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91212
  - 6
    - How did Google Know my System ws infected? I had been wondering how Google knew my System was infected from just trying to log on? Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91201
  - 7
    - Active Shield Components When I start my computer, I get a message from my Virus Software that says I have components of Active Shield missing or not properly installed. I've tried Registry Mechanic, but I can't get it fixed. Can anyone point me in the right direction? Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91197
  - 8
    - Microsoft Access Issue Had to recently lock down our wksta's tighter and part of that was the internet lockdown zones. I have a end-user who has a access database file they need to access. The file is stored both in their home directory and in their profile. Both of these are on network drives that are mapped to the user account. When she tries to open the file the exact message she receives is: Microsft Access cannot open this file. This file is located outside your intranet or on an untrusted site. Microsoft Access will not open the file due to potential security problems. To open the file, copy it to your machine or an accessible network location. I should also mention users do not have write access to the system volume. Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91186
  - 9
    - Norton Antivirus is a scam My parents got a new computer, and I apparently damaged the Norton (symantec) antivirus program. While trying to reinstall I spoke with their Indian call center three times, and I was unable to enter the key code they had in a new downloaded program. So I had to get the new updated version for year 2007. My advice: Do NOT buy Norton, there is NO competent customer support. Management doesn't return emails. Try AVG antivirus http://www.grisoft.com/ They even have a free version. A Pissed Off Customer Gitmo is a war crime. Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91185
  - 10
    - Unable to download and save files to a PC I have a PC that is somewhat locked down with a GPO. The GPO is set to allow file dowloads but whenever the user trys to download and Save a file from the internet it say the Administrator has blocked this. I have gone through the GPO with a fine tooth comb and as best I can tell file downloads are enabled for all zones. The user has access to the C:\ drive but for some reason he can not download or save. Any ideas what I am missing? Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91184
  - 11
    - Problem connecting to RPC server + related ASP and DCOM issues Hi, This is a Citrix question, but maybe Windows is the cause of the problem. I'm getting the following errors on my WI (web interface) server : Some Web Interface configuration servers could not be contacted. The RPC server cannot be contacted on server BETESSEN080P This is how the WI server is configured: * I've installed Web Interface 4.0 on win2000 server. (= BE-TES34) * ASP v1.1.4322 installed with the .net framework 1.1 * MS J# installed from the citrix cd-rom I've created a site in the Access Suite console for PNAgent * WI configuration server defined is my primary PS server * Added my primary PS server as PS server configuration server * In the "Manage server farms" I've included my 2 PS servers * My primary PS server = BETESSEN080P Here's some extra info I found in the eventlog of the WI server (BE-TES34) : DCOM got error "General access denied error " from the computer BETESSEN080P when attempting to activate the server: {EC141AA5-2FCB-4A70-BBA0-025B6A2A626E} aspnet_wp.exe could not be started. The error code for the failure is 80004005. This error can be caused when the worker process account has insufficient rights to read the .NET Framework files. Please ensure that the .NET Framework is correctly installed and that the ACLs on the installation directory allow access to the configured account. Although it says that it cannot start the aspnet_wp.exe service, it can be started with no problem in the services.msc. ASPNET account is used. It also appears in the process tab as aspnet_we.ex (without e) I've tried everything I've found on google (at least I think...) and can't get it to work. I can ping the PS servers. Please help, because this is getting frustrating. Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91182
  - 12
    - Computer History Does anyone know if there is a way to see every program accessed, every file viewed, every website visited, etc. on your computer even after clearing history and without some type of key logger? Is there a file folder somewhere with all of your PC's history? Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91160
  - 13
    - Is Outlook auto responder security problem? I am using Outlook 2003 SP2 for inter office mail as well as outside contacts with trusted clients. When I post an "out of office" auto response is there anyway to prevent that from sending spammers and phishers my contact info (MAC, IP, e-mail addresses) so that they now have a valid target and info to spread to others like them? Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91157
  - 14
    - Exec.exe requesting operation. Want to block it. Hello, Windows Security Center keeps telling me about a program called Exec.exe (which, according to a brief Google search, turns out to be a Trojan). Whenever I travel to the source location of the file, it isn't there, in spite of turning off all hidden files and folder options. Is there a way, using Windows Security Center, to block Exec.exe so I'm not pestered with its persistent attempts to install? Thanks, Oliver Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91155
  - 15
    - rdriv.sys unable to delete keep coming back I have got this damn rdriv.sys trojan in my pc and I keep deleting it and its keep popping up can some one please help to delete completly thanks Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91153
  - 16
    - NTFS file/folder permission to a computer... Hi. Is it possible to assign security permission to a computer instead of to a users or groups. I tried to put a computer name into file ACL and give it "full permissions" but it doesn't work I get an error like this: "impossible to access to a file in read-only mode". I need to permit access to a file or folder for those users that only logon to that computer. Thank you a lot. Bye, Luca Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91152
  - 17
    - Good and Bad scanner SW Does anyone know of a relable application to rid my System of Downloader.small and other trojans? I have searched to find so many false claims that it seems I just need some first hand recommendations on which application to use. The last one I tried actaully didn't even detect this Trojan as the add said it would. Instead it indicated several others and in order to remove them I must pay. I don't mind paying but how can I even trust these people that don't deliver what they promise. How can I really know for sure of what Trojans their application detects? I used Ad-Aware SE Personal that caught this but AVG-Anti-Spyware and others did not. There was a claim that AVG Anti-Virus could be used but that showed nothing. I won't ask which is the best application to use but I was wondering if there is a list of the ones that don't even work or are rally scams. Should I use the manual method of removing Downloader.small Thanks for any tips. CW Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91142
  - 18
    - Blinking cursor on black screen All I am getting when I turn on our family PC is a blinking cursor on a black screen (right after the dos boot prompts appear then disappear.) Right before this problem occurred we lost connectivity to the internet through our wireless card. I don't know if the two have anything to do with each other. The PC hung up like this for the first time yesterday and I powered off with the power button and powered back on and it worked. Today alas, the luck has run out. I tried powering off the PC and all peripherals on the power strip and it didn't work. The PC ran fine for one year since we got it, before this happened. Here are our PC specs: EMachines T6412 Desktop PC AMD Athlon Processor 2.20 GHz 512 MB DDR SDRAM D-Link wireless card Windows XP Home Edition Norton AV Spy Sweeper Netgear wireless home network Thank you! Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91139
  - 19
    - keystrokes register Is it true that when we type a password the keystrokes are egistered in the computer memmory and can be stilled by a hacker? If it is how can we protect that? Thanks for help Pedro Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91138
  - 20
    - wow.exec I found a file called " wow.exe" in my running services. Actually, the filename was longer than that, but it had "wow" in it. And it started with a space -- at least that's how it looked in Task Manager. I recall a long time ago there was some danger from some kind of wow file. On XP MCE, are there supposed to be any wow files running? -- <*(((>< ~~~~~~~~~~~~ Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91128
  - 21
    - Web Page w-suspicious cookies Someone sent me an MS webpage. I clicked on it, and my cookie permissions came up. There were 5-6 cookies requested, and at least two of them were from foreign countries -- one ended with *.RU. I blocked them. Then I shut off the modem, and opened the htm file in Word to see if I could find the cookies. I couldn't. All the hyperlinks pointed to MS sites. What happened here? -- <*(((>< ~~~~~~~~~~~~ Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91126
  - 22
    - Tips to protect yourself at wireless hot spots Wi-Fi hot spots are now almost everywhere, in airports, restaurants, cafes etc.. Unfortunately, that also means ubiquitous security risks. Connecting to a hot spot can be an open invitation to danger.But there are somethings that you can do to keep yourself safe.... http://askwiki.blogspot.com/2007/01/tips-to-protect-yourself-at- wireless.html Good Day! Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91124
  - 23
    - GPO assignment over VPN connection Is there a way to ensure all GPO settings are applied to a domain member machine that uses a remote VPN connection to access network resources? I have a VPN connection configured on an XPProSP2 laptop that connects to a Win2003SP1 DC that is also the RAS server (VPN Endpoint). Routing is not enabled for this connection - only RAS. If a GPO setting that requires a reboot/logoff-logon to refresh (i.e., will not be refreshed with gpupdate/force) is changed, how can the remote machine receive this change? Policy processing applies to the machine on start-up, before the user policies apply on login-in. But if the machine must first be started, before the user logs in with cached domain credentials to establish the VPN, how will GPO settings (I guess they are foreground settings) ever be updated? Non-reboot settings will be applied in the background upon normal periodic refresh, or with gpupdate/force, but what about those that won't??? -- JCB\1059 Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91121
  - 24
    - Cheap Easy Smartcard Solution for DC Logins? I'm looking for a quick, cheap, easy smartcard implementation to secure Domain Administrator logins to a Domain Controller. Do I have any options? We will eventually implement a two factor authentication system probably based on Cryptocard. Does this completely do away with any need for the smartcards, or does that have added advantages for Domain Controller protection given how Microsoft has integrated it into Active Directory and you can require certain accounts to use them? -- Will Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91119
  - 25
    - Is this the place to post a Q regarding OneCare? I'm running OneCare 1.5 final with Vista RTM 32bit and I have a question relating to OneCare; is this the place to post it? I was going to post in the Vista NG but I didn't think it was appropriate there. And I couldn't find a NG that specifically deals with OneCare. Tag: Any audit option to monitor who/when DNS records get deleted? Tag: 91116

Win2003 AD, DNS-ADI servers.

For the second time, I a certain A host 'disappears' from the DNS server. No
administrator took responsibilities for the deletion.

Is there any way to track when and how DNS entries are deleted from the DNS
servers? In my case I have only two DNS-ADI servers. I have total of 6
administrators with rights for deleting DNS records.

Re: Any audit option to monitor who/when DNS records get deleted? by Mark

Mark
Mon Feb 12 11:46:18 CST 2007

From the DNS management console, using the DNS server properties, you can
use the advanced security options to set auditing. That way you will get an
event log entry when someone changes a setting.

You might also be able to set ntfs auditing on the dns zone file or auditing
on the zone registry keys, depending on how you have it set up. In fact, you
could even set file auditing on the icon shortcut itself to see who is
clicking on it.

Mark Burnett
http://xato.net

"Marlon Brown" <MarlonBrown@discussions.microsoft.com> wrote in message
news:O$RAdrsTHHA.3980@TK2MSFTNGP02.phx.gbl...
> Win2003 AD, DNS-ADI servers.
>
> For the second time, I a certain A host 'disappears' from the DNS server.
> No administrator took responsibilities for the deletion.
>
> Is there any way to track when and how DNS entries are deleted from the
> DNS servers? In my case I have only two DNS-ADI servers. I have total of 6
> administrators with rights for deleting DNS records.
>

Re: Any audit option to monitor who/when DNS records get deleted? by Roger

Roger
Wed Feb 14 06:34:46 CST 2007

Note that further considerations would apply if the DNS
zone is AD integrated, in which case the auditing would
need to be set on the DNS objects in AD.

"Marlon Brown" <MarlonBrown@discussions.microsoft.com> wrote in message
news:O$RAdrsTHHA.3980@TK2MSFTNGP02.phx.gbl...
> Win2003 AD, DNS-ADI servers.
>
> For the second time, I a certain A host 'disappears' from the DNS server.
> No administrator took responsibilities for the deletion.
>
> Is there any way to track when and how DNS entries are deleted from the
> DNS servers? In my case I have only two DNS-ADI servers. I have total of 6
> administrators with rights for deleting DNS records.
>