centralized event logging? centralized syslog... dumping event log?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - open port 4567 When I run the online Symantec Security Check it shows an open port. It says, "Security Status: At Risk! You are vulnerable to at least one form of security threat." The details show all ports Stealth except for Port 4567. It shows that one open. How do I close this port? Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91489
  - 2
    - Where's my private key? Hi, 1) I used makecert -n CN=AADI_SERVER -sk AADI_PK_CONT -sr LocalMachine -ss AADI_TEST_STORE D:/aadi_cert1.cer to create a certificate. Now in the console root, i can see the AADI_TEST_STORE containing certificate. But i cant seem to locate the private key or the AADI_PK_CONT container. Where can i find it. 2) Also, can you give me some idea as to how to load a private key from a .pvk file? Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91486
  - 3
    - ppcleandeleteatreboot??? i found this in my program files and was wondering if this is a program from microsoft or from one of the many anti viras/spyware i downloaded and if it is is it safe and is it going to remove spyware???? Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91482
  - 4
    - File Checksum Integrity Verifier (FCIV) utility - Exceptions List I'm trying to create an exceptions list when using the fciv utility but it's not working. I have 3 directories on my d drive - A, B, C and I want to exclude C from the file check. My initial command looks like this: fciv d:\ -r -exc exceptions.txt -md5 -xml test.xml My exception list (exceptions.txt) is in the same directory as my fciv utility and contains 1 line: d:\C I run the following command to verify: fciv -v -xml test.xml > testResult.txt The testResult.txt file includes all 3 directories but should exclude changes to the C directory based on my exceptions.txt. Thanks for any help you can provide. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91477
  - 5
    - =?Utf-8?Q?User=E2=80=99s_rights_and_Daylight_savin?= Microsoft documents recommend using a login script to apply the Day Light Saving time patches. I have not found any notes on the userâ??s inability to make changes to the registry. If anyone can be of help on this I would be appreciative. I need to update NT4, W2K and XP workstations. Thanks DonP Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91476
  - 6
    - Uninstalling McAfee Privacy HELP!!! I previously had McAfee Privacy and McAfee Security on my computer. Cancelled it. Now, I am trying to download Norton Virus, and it will not download. I get communication error messages. I have gone into my Control Panel, add/remove programs, and tried to delete McAfee Privacy first. I get a message that says that the uninstallation failed! INF file missing. I have contacted McAfee Support, and Dell Support. No one knows what to do. Any suggestions? Thanks!! Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91470
  - 7
    - window defender/date setting I have windows defender. My date seems to be showing 3/8/07 for the last scan and does not change now with each scan like it used to. What is wrong? Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91467
  - 8
    - How Change Router Password? I have a Linksys BEFSR41 Router. I need a step-by-step procedure for changing its password. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91465
  - 9
    - What port does IKE use? What port does IKE use? -- Spin Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91462
  - 10
    - Adware I recently switched isp mand they have a free antivirus andspyware software (e-trust pest patrol) well it came up with a adawre in ma microsoft folder. the pest was " bookmark express " is this really a adware and can i let the software delete it because the removal tool alerted that this could have an adverse affect on software in the same directory that the "adware was in??????? Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91456
  - 11
    - smart cards - two readers Hi ! I'm trying to create enrollment station and designate one administrator as enrollment agent. A typical enrollment station is a computer that has two smart card readers attached - so I did it. I use one smart card to log on to the enrollment station. I open the Web page for certificate services (http://server/certsrv/) --> request certificate --> advanced request --> request for smart card. Then I use SmartCard User template, my CA, "Advanced Setec SetCSP", enrolment agent certificate. I choose user from AD and I put second (fresh-empty) smart card. When I try to enroll smart card I get error like !!! : "Too many smart cards the same type. Plug only one smart card for user and try again". I have GPO that is locking station when I remove my (administrator) smart card from the reader. When I change GPO I can remove card (also then I can login using username and password) and then I can enroll new cards on both my readers but that's not the point. I must use very restricted policy even for myself. If anyone know something about it - HELP, pleassssseee. Best Regards Dominik. -- Dominik WÄ?glarz domibik@o2.pl Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91449
  - 12
    - Searching aescipher.exe or similar command line tool with AES encryption I am searching for a command line (!) tool which en- and decrypts files and folders with the well known AES algorithm. I should be able either to pass the password as parameter resp. the program should ask the user for a password at the command line. Can someone recommend me such a tool for WinXP ? Again, it should not (only) be a GUI based encryption utility but a small, ressource friendly command line based tool. Marcus Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91448
  - 13
    - Service Accounts & Account Lock out Policy Hi, I want to enable an account lock-out policy to restrict up to 5 bad logons. I don't want to this policy to apply to the Service accounts used by the applications as it will lock-out the service account and will stop it. Is there is any way to accomplish this?? Note: the Policy I am trying to use is the Default Domain policy as I want the same policy to be applied to all users across the domain. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91446
  - 14
    - error message "Unable to display the user selection dialog" Hi On a Windows Server 2003 I'm having the problem where if I go to the properties of any folder on any local drive and then go to the security tab, and then select "add" I get the following error message appear with only the option to select ok. "Unable to display the user selection dialog - (null)" The server has sp1 installed and is acting as a terminal server. The server is connected to a local small business server which is looking after the domain and active directory, etc. At first I thought the problem maybe active directory on the small business server but the sbs box is not having the same problem. All users can log in fine to the terminal server and there are no errors in the event log related to this. How I discovered this problem is that I need to change the permissions of a folder on the terminal server to get a program working but just by clicking on add I get the error and can't get any futher. I've found a few ms kb articles but nothing that end up being the same situation. I've also found alot of people posting on forms the exct same problem but they haven't been on servers and/or with a domain. Any help anyone can provide would be great thanks in advance Matt Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91445
  - 15
    - error message "Unable to display the user selection dialog" Hi On a Windows Server 2003 I'm having the problem where if I go to the properties of any folder on any local drive and then go to the security tab, and then select "add" I get the following error message appear with only the option to select ok. "Unable to display the user selection dialog - (null)" The server has sp1 installed and is acting as a terminal server. The server is connected to a local small business server which is looking after the domain and active directory, etc. At first I thought the problem maybe active directory on the small business server but the sbs box is not having the same problem. All users can log in fine to the terminal server and there are no errors in the event log related to this. How I discovered this problem is that I need to change the permissions of a folder on the terminal server to get a program working but just by clicking on add I get the error and can't get any futher. I've found a few ms kb articles but nothing that end up being the same situation. I've also found alot of people posting on forms the exct same problem but they haven't been on servers and/or with a domain. Any help anyone can provide would be great thanks in advance Matt Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91444
  - 16
    - Freeware (on-access) antivirus scanner... Hi, i am working in a youth center (honorary) as a administrator and we are higly dependent on donations. Now we have seven pc's running with windows 2000 and open office, but the best is, that we have a internet connection. But as i said, we are dependent on donations and this is why we cant buy (expensive) antivirus software licenses.Who has experience with scanners that are free for commercial use? because we are considered "commercial", but in fact we are not. Thanks in advance... Best Regards Joe Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91441
  - 17
    - windowsupdate.microsoft.com doesn't offer KB913446 - MS06-007 I am trying to secure a Windows Server 2003 machine. I have been told to make sure KB913446 is installed. It is not currently installed on this machine. I went to windowsupdate.microsoft.com to get updates but was not offered KB913446. I can download it manually, but I expected that windows update would give it to me. Does anyone know if it has been superseded by something, or the reason it is not offered? KB913446 is also called MS06-007. Thank you very much. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91433
  - 18
    - Password Storage in Windows 2003 hi there, I was hoping someone could clarify a few questions for me regarding Windows 2003, NTLMv2, and Kerberos. 1) What hash is used in Windows2003 Server to store passwords in the SAM file? > My understanding is that each password will be stored by default using both a LM Hash (for older compatibility) and using a MD5 hash for NTLMv2. Is this correct? 2) Win2003 uses Kerberos as the default authentication protocol. Now does using Kerberos store the password differently than the answer above? or is Kerberos only the authentication protocol and it uses the NTLMv2 password hash to authenticate a user before it kicks in to do authentication between servers. 3) Does Kerberos completely replace NTLMv2? Thank you Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91429
  - 19
    - tracking cookies spy ware??? i filled a form online one day i gave my name and address and now every time i got to the wrong site it has an advertisment with a location near my house i was told it was a tracking cookie and that it it a type of spy ware and i ran a few anti spyware programs (adaware ashampoo and i tryer tweak now the regestry cleaner and nothing seems to work my homepage will change on its own and popups come up when im not an line anyone got any thing for me to try??? please help...lol Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91418
  - 20
    - New MSSECURE.XML/EST Version 2007.02.13 Available MSSECURE.XML Data Version 2007.02.13.0 for use with MBSA 1.2.1 (SMS 2.0 or 2003 with Software Update Inventory Tool (SUIT)) was last modified today, January 9th, 2007, and is now available for all supported languages (English, French, German and Japanese). Today's release contains 12 new bulletins, 8 of which are supported by MBSA 1.2.1, 2 of which are partially supported by MBSA 1.2.1, 1 fully supported by EST, 2 partially supported by EST and 1 not supported by EST or MBSA 1.2.1 scan tools (see bulletins for further details). The standalone EST tool is required to support detection for MS07-005, MS07-009, and MS07-012. More information on each of the bulletins listed below can be found at http://www.microsoft.com/technet/security/bulletin/ms07-feb.mspx Critical Updates: Microsoft Security Bulletin MS07-008 Supported by MBSA 1.2.1 Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) Microsoft Security Bulletin MS07-009 Supported by MBSA 1.2.1 and EST Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) Microsoft Security Bulletin MS07-010 (Content release not supported by EST or MBSA) Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135) Microsoft Security Bulletin MS07-014 Supported by MBSA 1.2.1 (ODT local scans only) Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) Microsoft Security Bulletin MS07-015 Supported by MBSA 1.2.1 (ODT local scans only) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) Microsoft Security Bulletin MS07-016 Supported by MBSA 1.2.1 Cumulative Security Update for Internet Explorer (928090) Important Updates: Microsoft Security Bulletin MS07-005 Supported by EST Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) Microsoft Security Bulletin MS07-006 Supported by MBSA 1.2.1 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) Microsoft Security Bulletin MS07-007 Supported by MBSA 1.2.1 Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) Microsoft Security Bulletin MS07-011 Supported by MBSA 1.2.1 Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) Microsoft Security Bulletin MS07-012 Supported by MBSA 1.2.1 and EST Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) Microsoft Security Bulletin MS07-013 Supported by MBSA 1.2.1 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) What is the Enterprise Update Scanning Tool (EST)? As part of an ongoing commitment to provide detection tools for complex updates for bulletin-class issues that are not supported by MBSA 1.2, a stand-alone tool may be provided for certain bulletins. Microsoft will evaluate the detection and deployment complexity of each bulletin, and provide detection support based on the specifics of each release. When a detection tool is created for a specific bulletin, customers will be able to script running the tool from a command line interface, and process the results using an XML output file. Detailed documentation will be provided with the tool to ensure customers can leverage it quickly. See the following link for details http://support.microsoft.com/default.aspx?id=894193 NOTE: The EST tool is only for use with MBSA 1.2 to support limitations in the MBSA 1.2 scan tool to ensure complete security update detection support for all bulletins released this month. Note: This is announcement is not for MBSA 2.0/MBSA 2.0.1 since it is based on Microsoft Update technology and has the same product and platform support as Microsoft Update and WSUS Server (see TechNet for details). Charles Weidner [MSFT] cweidner@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for support on the Microsoft Baseline Security Analyzer (MBSA). Information is available at the following link: http://support.microsoft.com/default.aspx This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91414
  - 21
    - PC Security Device Is it possible to configure a Win XP Pro PC with leading antivirus and antispyware products, configure it as a router and have any expectation it will stop a reasonable percentage of viruses or spyware from entering the network? Best Regards, John Kraus Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91412
  - 22
    - CRL Checking.... I am working in a Windows 2003 server environment with Windows XP SP2 clients. We are using Smart Card Login (or trying to) and we keep getting an error that states: "The revocation function was unable to check revocation for the certificate" Now the root CA is offline. We have loaded all the CRL's on the Domain Controller and the client. However we continue to get this error. Is there a way to disable CRL checking for Smart Card logon so that we can verify that all other settings are correct? Thanks for any pointers. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91409
  - 23
    - Event ID 537 - Windows Server 2003 Hi there, We have Domain Controller (Windows Server 2003 SP1). In the event log we have many many events 537: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 537 Date: 12-2-2007 Time: 17:32:58 User: NT AUTHORITY\SYSTEM Computer: ###### Description: Logon Failure: Reason: An error occurred during logon User Name: XP-WS-38$ Domain: ########.LOCAL Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: - Status code: 0xC0000133 Substatus code: 0x0 Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.1.1.179 Source Port: 0 The events are comming from several workstations. Does anyone have a idea? Best Regards, Ferdi Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91401
  - 24
    - for nealson: exciting long retention - pajfu sapke - (1/1) Hi everyone Great prices and support await you as you travel into the beautiful world of premium nntp access. They give you access to some of the best groups others may not carry. Take a look, I know you'll love it as much as I do. Take a look at all the great features below and imagine! You'll LOVE it. They offer some of the best premium newsgroup access anywhere. You can find almost anything you are looking for. With some of the fastest connections around it's no wonder people love it and keep coming back. One thing I love about them, they don't keep log files of the news I read or files I download. Images, video, mp3 music, the real news from around the world... it's all inside waiting for you. 800 GIGS of new multimedia content each day 2,000,000 new posts each day Keyword searchable Streaming audio and video Just go to http://www.newsdude.net and see why I love them so much. See you there! Faz dom si ... Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91394
  - 25
    - Real Time Spyware Detection I'd like to use a real-time screener, but Spysweeper for MSN seems to be a real drag. Looking for advice - would Windows Defender be a good approach? Would Defender be a good replacement for, or minimize the value of Spysweeper, Spybot Search & Destroy and Ad Aware? Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91382
- Next
  - 1
    - Any audit option to monitor who/when DNS records get deleted? Win2003 AD, DNS-ADI servers. For the second time, I a certain A host 'disappears' from the DNS server. No administrator took responsibilities for the deletion. Is there any way to track when and how DNS entries are deleted from the DNS servers? In my case I have only two DNS-ADI servers. I have total of 6 administrators with rights for deleting DNS records. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91380
  - 2
    - patching w3k srv - sp1 Hello Newsgroup, can anybody tell me which patches (hotfixes!!) are included in sp1 of w3ksrv? which is the highest KB Nr? thx for help bernd Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91378
  - 3
    - Difficult password situation I have a problem with my Windows account and I'd be very, very happy if you could help me. Here's my problem: my Windows account is limited, it can't install any software which I'm looking a solution for. I don't know administrator password. I've thought to find or reset it. I've found several programs for this but they require booting from either floppy or cd-rom and my first boot device is set to hdd. I can't enter bios either, it's also password protected. I'm afraid to pull bios battery.. I only want to able to install software. Can you please give me any light on this? Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91377
  - 4
    - Eliminating data from hard disks;options Hi, We have to phase out and decomission several Compaq/HP servers and respective hard drives. I attempted to use a tool 'maxblast' (or something like that) in the past, and I didn't get that one to work on multiple hard disks with unconfigured RAID. Two questions: 1)If I use the vendor tool to 'delete' an array and 'recreate' an array, is the data on the hard drive wiped out? According to the message on the screen it says that is the case. I am wondering if security wise, the data on the hard drive has been destroyed for good and what it would take to recover it in case someone with bad intentions manages to explore data from those hard drives. 2)Imagine I run 'SmartStart CD' (it is just a vendor initialization software from HP) and I run the option 'Erase System Partition'. That respective option tells me that the whole data and system partition would be deleted from the hard drive. Upon running the tool I noticed that the LED on the hard drives flash very quickly and the message on the screen states that the data has been erased. Since that happens so fast, I am wondering whether the data has been wiped out? If I don't get an answer from people on this, I may ask HP, however I am trying here to get an unbiased feedback. Thanks much, Marlon Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91374
  - 5
    - Cannot access folder For some reason, some of the folders on our server cannot be accessed, even by Administrator. How can I set the owner, or security, so that adminstrator can access the folders and thus let me set correct ownership? As far as I know, I set a folder one level higher with full control by administrator and the file owner. Now the owner cannot access, nor can administrator. Is there an override facility to fix access? Regards -- Doug -- Doug Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91367
  - 6
    - Logon to account with different credentials How can I logon (with administrator credentials) using another users settings? Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91364
  - 7
    - Security Logging on Central Server Does any vendor make a product that would record not just the metainformation for each incoming and outgoing connection on each machine (source and target IP, ports, etc) but also Windows OS specific information like process name and PID, and record all of that in a central database using SQL Server? It would be extremely nice if I could then go to a management console and do complex queries and see certain traffic patterns (e.g., all attempts to connect to IP=x in the last 90 days). You might find as an answer that three machines on your network connection to that target IP and do so using a process whose name is namgr.exe, for example. Having this kind of information is an invaluable time saver over the old fashioned methods of sniffer and sysinternals tcpview. -- Will Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91359
  - 8
    - Hacked By ENjeXion // AYYILDIZ TEAM AYYILDIZ TEAM :) Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91354
  - 9
    - Microsoft's new project -> Vienna ? I am shocked! Your reaction and comments.Thanks http://news.yahoo.com/s/pcworld/20070209/tc_pcworld/128888 -- Panda_man Silver level Contributor Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91340
  - 10
    - 4 GIGS found by Chkdsk? I just set up my second laptop and plugged in my USB External HD. The laptop ran chkdsk at startup. I finally had to unplug the HD to get it to quit. Then it booted up. Now I see that there's a folder on the External HD called "FOUND.000". It has 4 GIGS worth of *.chk files in it. Can anybody explain what this is, how it happened, and what I should do about it? -- <*(((>< ~~~~~~~~~~~~ Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91330
  - 11
    - how to remove "worm"? Using Windows XP and Trend Micro Internet Security that came with a Dell Desktop I get the following security message. I can't seem to remove it. Any suggestions as to how I eliminate this worm? Trend Micro PC-cillin Internet Security Notification Real-time Scan Trend Micro PC-cillin Internet Security has detected a virus, spyware application, or other Internet threat, and performed the action specified. Infected file: C:\WINDOWS\WIN32UDT.EXE Virus name: WORM_SDBOT.CZD User name: Scan action result: The Quarantine action was unsuccessful. Manually delete the file if you are sure that it is not needed. Note: If Search for and clean Trojans is enabled and is executed after scanning, you can click Next to view final scan result information. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91326
  - 12
    - Personal firewalls vs XP firewall Due to having many users on our computer, using Windows XP Pro, I will be purchasing an Internet Security Suite. Is it better to have the personal firewall in the suite turned on and the XP firewall turned off, is it better the other way around or is there very little difference? I have not decided which suite to purchase so I would appreciate any recommendations. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91316
  - 13
    - Deny change of email address Is there a way to allow a group to change personal and public info concerning user objects, but deny them the right to change the email address, esp. the one listed on the General tab? Cannot seem to find a checkbox that does that. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91315
  - 14
    - rfc-ignorant I just learned we have been on the rfc-ignorant.org list back since Nov '05. The site doesn't provide a "why" we are listed only a number of rfc's that are potential violations. I don't have the skill sets to trouble shoot these. I'm waiting for an explaination for the admin, but its been over 24 hours with no response. Is there a place I can go to get some help determining what to do? Thanks Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91308
  - 15
    - Traffic from Computers that are Powered off 1 I am an IT manager of a small company. We have a local domain server (Win2003, Exchange) on which we have ISA 2004 installed. Employees leave at 5:00pm and switch off their computers. The last few days, I have been looking at the ISA logs, and I noticed that there was traffic between some computers (on the internal network; and they are off !) and the server. This could be some weird worm/trojan that spoofs the IPs but I tried all kinds of anti-virus and I can't find anything. The protocols I see in the logs are mostly RPC, Microsoft CIFS (TCP), and NetBios. I can't see the raw IP header in the logs (which is another question I have even though I configured ISA to log this as well) Any ideas what that might be ? Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91305
  - 16
    - Audit the Creation of a Directory I have "Audit Object Access" turned on via group policy to audit success/failed events for my domain workstations. I also have have auditing turned on for the folder that I want to audit on one of these domain workstations. The two items I want to audit is: creating or deleting a file or folder. The deletion of a file/folder works fine and shows up in my security log. The creation of a "file" also shows up in my security log. The issue is: The creation of a "folder" does not show up in my security log. Why is this? What am I doing wrong? Can somebody try this and see if they receive the same results? These are the auditing entries I have for the particular folder that I am auditing on this domain workstation: Create Files/Write Data Create Folders/Append Data Delete Subfolders and Files Delete The above four auditing entries are enabled for success and failed events. Thanks, Niatross Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91292
  - 17
    - Restricted Sites Folder I have a cookies folder for a single user that is showing as belonging to the Restricted Sites Zone rather than the My Computer Zone. I have tried blowing away the user's profile and rebuilding, made them an administrator, disabled all web folder settings.. still no luck. This problem does not appear for any of the other users on the laptop. Of note the laptop is running IE 6.0 on W2K and is using securedocs. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91290
  - 18
    - norton systemworks downloaded from symantec, but did not seem to download correctly. when i try to download again it tells me that another installer is running. any help to what program is doing this would be much appreciated. have tried to uninstall but it will not let me. also when i close internet explorer i get a software exception ( 0x0eedfade ) occurred in the application at location 0x7c812a5b. then a runtime error 217 at 02b3f1ca. i'm not a pc wizard so any advice would be most welcome . thanks brian Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91287
  - 19
    - Apple Commercials Mock Vista Security On target and very funny. IE7 is just as bad, I tried to send this on IE7 but Google claimed I was blocking cookies even though I have Google listed as trusted. 1 step forward, 2 steps back. It's simple, MS should include a firewall that is at least on par with ZA, and and stop inventing executable codecs and other virus friendly file formats. MS also hasn't learned that there is a fine line between malware and "marketing friendly" software. Root kits were invented by Sony (if I'm not mistaken), and I think it's time that someone creates an enforceable standard (a law) that no app can access the web or contact the manufacturer's servers without the express consent of the user. I don't need permanent "buy me now" buttons on every little app I use. Nor does ever app need internet access. I "validated" my software when I had to drag my ass down to the store and give the surly cashier my hard earned money. Yes, piracy is a problem, but it's not my problem--my problem is the continuing focus on marketing and not on customer satisfaction. That's the goal, customer satisfaction. A "free market" means if you can't hack it, you leave. If too many people are stealing your software, do something else, become a bus driver. That's what we were told, if your jobs get sent overseas, do something else, it's the free market! Automatic updates are the result of sloppy programming and greed. Here's an idea: test your f'ing software *before* you sell it. What about all the superior Indian programmers that took jobs from US programmers? Shouldn't the software be *better* than it was? Adobe reader wants an "update" almost every week. It's just a f'ing viewer, but it causes more than its fair share of browser crashes. It's Adobe, they can make Photoshop but they can't fix their own file viewer? Or is it marketing data they're collecting? And why are people using Adobe anyway, it's the web, the web is made for f'ing text! I say f--- pdf files! So, maybe it's time to get back to basics. Focus on making good software that is not spyware and maybe security will be as simple as watching 2 or 3 ports. As it stands now, every app wants to report back, or open a link to a web store. Adware is one thing, but poking holes in my security and cluttering my bandwidth with hacker friendly marketing data is another. Think about this, you've got a choice: a "B" class product that tries to send data to it's manufacturer or a cracked "A" class product that tries to send data to it's hacker or a "X" class open source product that just does what it's supposed to do. The more intrusive and disruptive a manufacturer's auto update/ marketing scams, the more appealing the cracked version becomes (to non-techs). People won't select the cracked version because it's free, they'll do it because the devil you know is better than the devil you don't know (or vice versa?). Of course that will cause a whole new cycle of malware infections (read: you shouldn't use cracked software). Repeating: I'm saying you should not steal software, you should not use cracked software. Lastly, Vista is proof that the versions of windows between 3.11 and Vista weren't really OS upgrades, just skins with gimmicks. I should really get a blog. Copyright 2007, Borg Vomit PS a news cast just said: Bootleg Vista on sale in Mexico... $9 !!! Sad. That means they'll add another 50 digits on the PID and make you call a 1800 everytime you boot up... time to switch to Linux. Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91286
  - 20
    - atomiclog adware removal is there a simple way of removing atomiclog adware how dangerous is it ta -- blowhorn Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91280
  - 21
    - Best Way to Share a Secret String Between Member Servers? I am looking at issues around having each computer do its own backups using the native Windows backup application to a file server. Rather than having a custodial domain account used by the computers, and with that all of the hassles of dealing with how to secure the password, I am wondering if there is a way to do the DACL permissions to the target share / file system based on just authentication by Windows domain system of the target computer itself. Could you put the machine object of the computer doing the backup into the DACL of the target share\folder-path, and then run the backup process as SYSTEM on the client computer? I did try this as an experiment and the scheduled task refused to run. That could be a problem with the implementation or with the theory, and that's why I am checking. -- Will Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91277
  - 22
    - question about removing enterprise CA We have an AD environment where other departments created Enterprise CA's for there own use. What has happened is that those servers got decomissioned without certificate services being remove properly. There is no backups of those machines since they have been decomissioned for some time now. I would like to clean up the mess left over in Active Directory. Since these machines have been removed and certificate services wasn't removed properly at that time what is the best way to clean up? Do I just go in and remove the AD objects related to those certificate services servers now? Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91272
  - 23
    - Documentary on spyware, adware, malware and other online parasites threats. Especially for newbie, at http://geekvideo.blogspot.com/2007/02/documentary-on-spyware-adware-viruses.html Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91268
  - 24
    - Removing unwanted bogus system alert from task bar Somehow someone managed to place a "system alert" on my computer. When I boot up it appears as a flashing question mark (?) on my task bar, and pops up indicating I have objectionable material on my computer and to click here to download "Antivermins" to eliminate these. When I click on the flashing alert symbol I get antivermins.com/? aff=334, and solicitation to buy and download their software. How do I remove this unwanted popup from my taskbar and computer? Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91256
  - 25
    - =?iso-8859-1?q?kerio_alert_me_when_installing_flashget_that_it=B4s_launching_a_shell_command?= Hello, I have installed the last version of flashget, which is 1.8.1.1002 and I get a message box telling that flashget has launched a shell command, previously I get a connection from localhost (127.0.0.1) from the port 80, and a connection attemp from this ip: 60.219.197.19 All this, before I begin to download anything anybody here is using this download manager and has received this same message? it=B4s the first time I get this message box, in previous versions I had never received Thank you and regards, Tag: centralized event logging? centralized syslog... dumping event log? Tag: 91255

I've read through a few whitepapers from SANS about centralizing log
files. One way was to install a syslog agent and forward it to a
centralized syslog server. Another was to dump the event log to a file,
and download it to a central box.

Both those papers are not ancient, but also not very recent.

Has anyone used splunk? I figure that would be a big time saver so i
don't have to create my own frontend.

Top

Re: centralized event logging? centralized syslog... dumping event by Joe

Joe
Sat Feb 17 15:51:10 CST 2007

I've never used splunk but I understand it to just be a data miner, it
will still require centralizing the logs.

Once you do that you also can look at logparser from MSFT.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

Unsettled wrote:
> I've read through a few whitepapers from SANS about centralizing log
> files. One way was to install a syslog agent and forward it to a
> centralized syslog server. Another was to dump the event log to a file,
> and download it to a central box.
>
> Both those papers are not ancient, but also not very recent.
>
> Has anyone used splunk? I figure that would be a big time saver so i
> don't have to create my own frontend.

Top