Can we default to a trusted domain in IIS prompt?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Internet explorer infected problem My internet explorer has some kind of program infecting it. My home page regardless of what i changed it to has some program which redirects me to http://www.systemwarning.com/. Also it creates an icon on my start menu which claims my computer is infected, and attempts to download spyaxe on my computer. Tried to remove using microsoft antispyware,mcafee... it removed certain files such as search for free and spy axe, but i cant seem to get the interenet explorer homepage chaning and the start menu icon, plus the reattempt of spyaxe to go away. anyone know how to get rid of these? Tag: Can we default to a trusted domain in IIS prompt? Tag: 79478
  - 2
    - Windows system restore I am running windows 2000 pro. Started up my pc and it seems to be restored back to the day I first ran the pc. All of my documents are gone, in internet explorer everytime I restart the pc everything starts back to fresh settings. Everything seems to work fine, but after every restart it goes back to day one. Tag: Can we default to a trusted domain in IIS prompt? Tag: 79477
  - 3
    - Windows Firewall Please help this message pops up. Due to unidentified problem, Windows cannot display Windows Firewall settings. -- thank you joe Tag: Can we default to a trusted domain in IIS prompt? Tag: 79474
  - 4
    - EFS and laptops This is a newbie laptop EFS question. So please bear with me. EFS is seemingly weak from what I know and am experiencing. The DRA component is excellent since the priv key can be exported and only imported as needed; thereby making the DRA pub key on a laptop useless. When encrypting a file, a pub/priv key pair is automatically created within my user profile and used/needed for encrypt/decrypt respectively. Logging on as admin is not enough to read the data if encrypted with my Sammy account. To decrypt the Sammy-encrypted data, one need only crack into the Sammy account to utilize its keys. Therefore, I see EFS to be only as strong as the WinXP logon credentials. On a stolen laptop, one can easily boot via CD/floppy to run brute force attacks and other cracking software against the SAM to get Sammy's passwd. Once obtained, a hacker and thief as well, logs on as Sammy to utilize the keys within his profile for decryption. Where is the strength in that? To overcome the aforementioned, I've simply exported Sammy's key pair onto a floppy and deleting the priv key on the system afterward, upon logging off. Should anyone, including **myself**, log on as Sammy either legitimately or not afterwards, they cannot decrypt. So as a legit user, I just import the key pair from the floppy, but this is so cumbersome to export/import after each log off to avoid my aforementioned weakness in EFS on a laptop. Can someone please show me what I am missing about EFS? Thank you. //S.U. Tag: Can we default to a trusted domain in IIS prompt? Tag: 79472
  - 5
    - MS Money I need to gain access to my Money 2001 that I have on an old computer but have forgotten the password that I used back then. Is there any way I can find out what my password was? Does anyone know what file the password is kept in and if it's readable? Any help will be appreciated since it's very important that I retrieve some information from that year which I did not carry forward to the more current years. Thank you! Tag: Can we default to a trusted domain in IIS prompt? Tag: 79467
  - 6
    - MS Money I need to gain access to my Money 2001 that I have on an old computer but have forgotten the password that I used back then. Is there any way I can find out what my password was? Does anyone know what file the password is kept in and if it's readable? Any help will be appreciated since it's very important that I retrieve some information from that year which I did not carry forward to the more current years. Thank you! Tag: Can we default to a trusted domain in IIS prompt? Tag: 79466
  - 7
    - Access and roles in DCOM technology Hi everybody, I have a system consists of 4 servers. On each server there are services and COM+ components installed. The services and components run under applicative user. The 4 servers interact via DCOM technology. If the applicative user is a regular user in the Domain, the DCOM operations fail because of "Access denied". If this user is local administrator on 4 servers everything works fine. Does anyone know, what are the minimal roles needed for the applicative user so the DCOM technology will work between the servers? Must he be an administrator? The operation system is Windows 2003. Thank you in advance for any help Efrat Tag: Can we default to a trusted domain in IIS prompt? Tag: 79460
  - 8
    - Give administrators access to users MY Documents Hi there- I want to give administrators access to all the users my documents folders. I have my documents redirected via GP to the usersw directory. How do I do this? Thanks Tag: Can we default to a trusted domain in IIS prompt? Tag: 79456
  - 9
    - MSN Money I need to gain access to my Money 2001 that I have on an old computer but have forgotten the password that I used back then. Is there any way I can find out what my password was? Does anyone know what file the password is kept in and if it's readable? Any help will be appreciated since it's very important that I retrieve some information from that year which I did not carry forward to the more current years. Thank you! Tag: Can we default to a trusted domain in IIS prompt? Tag: 79455
  - 10
    - Mrxpriumpstc service can't be found Has anyone come across this service? It doesn't turn up on Google or on a search of my computer. Doing a Find in Regedit doesn't turn up anything either. Anyone know what this is? Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 12/26/2005 Time: 10:44:10 PM User: N/A Computer: IBM-A0DC4189602 Description: The Mrxpriumpstc service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Tag: Can we default to a trusted domain in IIS prompt? Tag: 79454
  - 11
    - Isa 2004 and the Dpm 2006 agent On the member server with Isa server 2004 (single nic template), I would like to install the Dpm 2006 agent but I'm always receiving the "RPC unavailable" error message. An idea ? Thank you for your response Tag: Can we default to a trusted domain in IIS prompt? Tag: 79450
  - 12
    - Italian Rogue Dialler and Italian popups First time in 10 years on internet. Yesterday ended up with a rogue dialler trying to dial out to 7020102463 and the following between &&&&&&&s, abbreviated from Symantec site , removed that. Then today some more Italian intrusions placing files through different directories etc , keywords : e1xplorer , archiviosex , exsplorer , redfunny , skymasters , xbeta69 and the main one sgrunt. Since removing the sgrunt directory and repeating the process below it has disappeared but we assume only temporarily, as don't know where keep picking it up from , certainly not visiting porn sites , or where else its lurking. It has also disabled the modem speaker , as distinct from , apparently setting the volume high in Modem options. We'd like to get the dial and beep/chime acknowledgement back again. In rasphone.pbk does Speaker=1 and Dialmode=1 mean speaker on or off? Checked not modem malfunction by trying another modem &&&&&&&& Windows 95/98/Me/NT/2000 Click Start, point to Find or Search, and then click Files or Folders. Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked. In the "Named" or "Search for..." box, type: rasphone.pbk Click Find Now or Search Now. If you find rasphone.pbk, right-click the file, and then click Open With. Deselect the Always use this program to open this program check box. Scroll through the list of programs and double-click Notepad. When the file opens, search for the section named: [Connessione Predefinita] Check if the connection number was changed by the dialer, looking at the following entry: PhoneNumber=7020102463 If the telephone number does not match with your ISP telephone number, remove all the entries of this section. Close Notepad and save your changes when prompted. Create a new dial-up connection with the right ISP number and parameters. ***** snipped ******* 5. To delete the links added by the risk Click Start > Programs > Accessories > Windows Explorer. Navigate to and delete the following files: %UserProfile%\Desktop\WinMoviePlugIn.lnk %UserProfile%\Desktop\explorer.lnk %UserProfile%\Start Menu\Programs\WinMoviePlugIn.lnk %UserProfile%\Start Menu\Programs\explorer.lnk %UserProfile%\Start Menu\WinMoviePlugIn.lnk %UserProfile%\Start Menu\explorer.lnk %UserProfile%\My Documents\WinMoviePlugIn.lnk %UserProfile%\My Documents\explorer.lnk %UserProfile%\Favorites\WinMoviePlugIn.lnk %UserProfile%\Favorites\explorer.lnk Exit Windows Explorer. &&&&&&&&&& Tag: Can we default to a trusted domain in IIS prompt? Tag: 79447
  - 13
    - IPSEC and Windows Security Center I often go to Events viewer to see if there are errors showing in system events or application events. I am seeing a system error at every launch: "The IPSEC Services service terminated with the following error: The attempted operation is not supported for the type of object referenced." Event type: Error Event source: Service control manager Event ID: 7023 If I go over to look at Application Errors for the exact hour-minute-second time equivalent, what is happening looks like there is some competition in the loading process: "The Windows Security Center Service has started" Event type: Information Event source: Security Center Event ID: 1800 ........................... These two events happen at the same time as each other at every computer launch. I have ICF turned off and am using McAfee's VS, Firewall, Spam Killer, new program with newest updates, and all windows updates. 1. Should IPSEC Services be on or off? In Services it is set as Automatic, but does not say it is started. In opening the dialog, it says it is stopped. 2. Do I need to set something different? The TCP/IP NetBios Helper is "started" and "automatic" Windows XP Pro SP2 Advanced computer user (install programs and do successful troubleshooting, etc.) Tag: Can we default to a trusted domain in IIS prompt? Tag: 79446
  - 14
    - Terminal Server on the DMZ Hi All, I need to install terminal server on my DMZ. My license server is seating on the LAN What port I need to open to let the new server on the DMZ to communicate with the License server on the LAN? Did the port need to be open all the times or only on the activation phase? Thanks In Advanced! Nir Tag: Can we default to a trusted domain in IIS prompt? Tag: 79445
  - 15
    - How (not) to create malware (TSPY-Agent.EA) with VC++ .Net? Hello, I scanned my pc with a lot of tools and now I can't find anything left like malware etc.. Also I'm running a firewall. But after build a simple vc++ project (with visual studio 2003 .net) with release-build-configuration, the tool from trendmicro finds in the created exe-file the virus pattern from TSPY-Agent.EA. When I build the same project with debug-build-configuration, the exe-file seams to be clean. McAfee, Sophos, and Kaspersky do not find any malware both in the release as in the debug exe-file. (I'm using the tools from http://www.elephantboycomputers.com/page2.html#Removing_Malware with the newest definitions.) Here the configuration for the debug-version: ================================================= <Configuration Name="Debug|Win32" OutputDirectory="Debug" IntermediateDirectory="Debug" ConfigurationType="1" CharacterSet="2"> <Tool Name="VCCLCompilerTool" Optimization="0" AdditionalIncludeDirectories="E:\Projects\tool\src\tool" PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS" MinimalRebuild="TRUE" BasicRuntimeChecks="3" RuntimeLibrary="5" UsePrecompiledHeader="3" WarningLevel="3" Detect64BitPortabilityProblems="TRUE" DebugInformationFormat="4"/> <Tool Name="VCCustomBuildTool"/> <Tool Name="VCLinkerTool" OutputFile="$(OutDir)/tool.exe" LinkIncremental="2" GenerateDebugInformation="TRUE" ProgramDatabaseFile="$(OutDir)/tool.pdb" SubSystem="2" ImportLibrary="" TargetMachine="1"/> <Tool Name="VCMIDLTool"/> <Tool Name="VCPostBuildEventTool"/> <Tool Name="VCPreBuildEventTool"/> <Tool Name="VCPreLinkEventTool"/> <Tool Name="VCResourceCompilerTool"/> <Tool Name="VCWebServiceProxyGeneratorTool"/> <Tool Name="VCXMLDataGeneratorTool"/> <Tool Name="VCWebDeploymentTool"/> <Tool Name="VCManagedWrapperGeneratorTool"/> <Tool Name="VCAuxiliaryManagedWrapperGeneratorTool"/> </Configuration> ======================================== and here for the release-version: ======================================== <Configuration Name="Release|Win32" OutputDirectory="Release" IntermediateDirectory="Release" ConfigurationType="1" CharacterSet="2"> <Tool Name="VCCLCompilerTool" Optimization="2" InlineFunctionExpansion="1" OmitFramePointers="TRUE" PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS" StringPooling="TRUE" RuntimeLibrary="4" EnableFunctionLevelLinking="TRUE" UsePrecompiledHeader="3" WarningLevel="3" Detect64BitPortabilityProblems="TRUE" DebugInformationFormat="3"/> <Tool Name="VCCustomBuildTool"/> <Tool Name="VCLinkerTool" OutputFile="$(OutDir)/tool.exe" LinkIncremental="1" GenerateDebugInformation="TRUE" SubSystem="2" OptimizeReferences="2" EnableCOMDATFolding="2" TargetMachine="1"/> <Tool Name="VCMIDLTool"/> <Tool Name="VCPostBuildEventTool"/> <Tool Name="VCPreBuildEventTool"/> <Tool Name="VCPreLinkEventTool"/> <Tool Name="VCResourceCompilerTool"/> <Tool Name="VCWebServiceProxyGeneratorTool"/> <Tool Name="VCXMLDataGeneratorTool"/> <Tool Name="VCWebDeploymentTool"/> <Tool Name="VCManagedWrapperGeneratorTool"/> <Tool Name="VCAuxiliaryManagedWrapperGeneratorTool"/> </Configuration> ========================================= So the best will be to reinstall all, but now I'm interesting in what is going on in my pc. Thanks for your help! Axel Tag: Can we default to a trusted domain in IIS prompt? Tag: 79440
  - 16
    - Windows XP - Can McAfee Privacy Security and WinAmp run together? After installing Privacy Service 7 I have been getting freezes in Windows XP shortly after WinAmp starts. In the restart there is the message "GDWH is not responding". After a lot of searching and finding many false leads, I found a post in WinAmp forums suggesting uninstalling McAfee Privacy Service. I found that disabling Privacy Service allowed WinAmp to run. Any ideas on getting these to run together? Tag: Can we default to a trusted domain in IIS prompt? Tag: 79435
  - 17
    - IE, Powerpoint, tribalfusion? Recently when visiting certain websites a message came up to insert the Powerpoint disk. I resisted this for awhile, but finally gave up and inserted the Powerpoint installation CD, and voila, tribalfusion popups are back. Has tribalfusion found some kind of way to defeat IE's popup blocker using Powerpoint? Tag: Can we default to a trusted domain in IIS prompt? Tag: 79433
  - 18
    - SSPI client to ldap Server - Error at last stage of n-way authentication check Hi all, I'm using Microsoft=AE Platform SDK 2003 and my client program is using SSPI calls. I'm able to get 4 octet string token from TGT server just before the final step of handshaking mechanism in SASL connection. i=2Ee. my final step of three way handshaking is broken in the final step where i'm calling EncryptMessage(..) [enquivant to gss_wrap( .. ) in GSSAPI]. It is returning some garbage value (-122346..34) instead of SEC_E_OK; ------------------------------------- SAME WAY I'VE TRIED THE HANDSHAKING MECHANISM USING GSSAPI CALLS AND .=2E...EVERYTHING IS WORKING FINE... WHILE USING SSPI CALLS.....I'M GETTING PROBLEMS...............!! Here is code snippet ---- --------- this step succeeded err =3D pSecurityInterface->InitializeSecurityContext ( &hcredClient, pClientCtxHandleIn, TEXT("LDAP/ps2345.intranet.xyz....@INTRANET.XYZ.COM"), grfRequiredCtxAttrsClient, 0, SECURITY_NATIVE_DREP, pClientInput, 0, pClientCtxHandleOut, pClientOutput, &grfCtxAttrsClient, &expiryClientCtx); cbv.bv_len =3D pClientOutput->pBuffers[0].cbBuffer; cbv.bv_val =3D (char*)pClientOutput->pBuffers[0].pvBuffer; // successful call verified..... retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if ((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCE= SS)) { cbv.bv_len =3D 0; cbv.bv_val =3D NULL; if (sbv) { ber_bvfree(sbv); sbv =3D NULL; } //replying the challenge will NULL value retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCES= S)) { inSecBufDesc.ulVersion =3D SECBUFFER_VERSION; inSecBufDesc.cBuffers =3D 2; inSecBufDesc.pBuffers =3D &inSecBuf[0]; inSecBuf[0].BufferType =3D SECBUFFER_STREAM; inSecBuf[0].cbBuffer =3D sbv->bv_len; inSecBuf[0].pvBuffer =3D sbv->bv_val; inSecBuf[1].BufferType =3D SECBUFFER_DATA; inSecBuf[1].cbBuffer =3D 0; inSecBuf[1].pvBuffer =3D NULL; ULONG mylongVal=3D0; //Decrypting the Response. err =3D pSecurityInterface->DecryptMessage(pClientCtxHandleIn, &inSecBufDesc, 0,&mylongVal); -------------- till here everything is successful....verified with corresponding GSSPI call ...the (inSecBufDesc).pBuffers[1] contains the 4 byte octet string....Now according to rfc2222.txt, final step required to wrap the data (EncryptMeassage call) in this case and use final ldap_sasl_bind_s call err =3D pSecurityInterface->QueryContextAttributes( pClientCtxHandleIn, SECPKG_ATTR_SIZES, &sizes); // password length is passWd_Len =3D strlen("myuse...@INTRANET.XYZ.COM") + 4; //setting the first byte of octet to 1 ptr =3D (unsigned char *)inSecBufDesc.pBuffers[1].pvBuffer; maxsz =3D (ptr[1]<<16) | (ptr[2]<<8)| (ptr[3]); ptr =3D (unsigned char *) malloc(passWd_Len); ptr[0]=3D 1; ptr[1]=3D maxsz>>16; ptr[2]=3D maxsz>>8; ptr[3]=3D maxsz; sprintf((char *)&ptr[4], "%s", "myuse...@INTRANET.XYZ.COM"); ---------------------------till here everything is ok....SAME AS DONE WITH GSSAPI CALLS AND IS SUCCEEDED ...EVERYTHING IS FINE TILL HERE. NOW THE JOB IS TO ENCRYPT AND SEND IT TO THE SERVER IN FINAL CALL.------------- --------------------Problem lies in next part of the code --------------------- // Need three descriptors, two for the SSP and one to hold the //application data. inSecBufDescSecond.ulVersion =3D SECBUFFER_VERSION; inSecBufDescSecond.cBuffers =3D 3; inSecBufDescSecond.pBuffers =3D &inSecBufSec[0]; inSecBufSec[0].BufferType =3D SECBUFFER_TOKEN; inSecBufSec[0].cbBuffer =3D sizes.cbSecurityTrailer; inSecBufSec[0].pvBuffer =3D malloc(sizes.cbSecurityTrailer); // This buffer holds the application data. inSecBufSec[1].BufferType =3D SECBUFFER_DATA; inSecBufSec[1].cbBuffer =3D passWd_Len; inSecBufSec[1].pvBuffer =3D malloc(inSecBufSec[1].cbBuffer); memcpy(inSecBufSec[1].pvBuffer, ptr, passWd_Len ); inSecBufSec[2].BufferType =3D SECBUFFER_PADDING; inSecBufSec[2].cbBuffer =3D sizes.cbBlockSize; inSecBufSec[2].pvBuffer =3D malloc(inSecBufSec[2].cbBuffer); err =3D pSecurityInterface->EncryptMessage(pClientCtxHandleIn, ( 0 / SECQOP_WRAP_NO_ENCRYPT ) ,&inSecBufDescSecond, 0); ----> if i keep second argument as SECQOP_WRAP_NO_ENCRYPT ....the call returns SEC_E_OK , butinSecBufDescSecond.pBuffers[1] does not contains the expected data. On the other hand keeping second argument 0=2E..returns error(-2146893054) Let me know...where is the problem ??=20 Amit Tag: Can we default to a trusted domain in IIS prompt? Tag: 79432
  - 19
    - SSPI client to ldap Server - Error at last stage of n-way authentication check Hi all, I'm using Microsoft=AE Platform SDK 2003 and my client program is using SSPI calls. I'm able to get 4 octet string token from TGT server just before the final step of handshaking mechanism in SASL connection. i=2Ee. my final step of three way handshaking is broken in the final step where i'm calling EncryptMessage(..) [enquivant to gss_wrap( .. ) in GSSAPI]. It is returning some garbage value (-122346..34) instead of SEC_E_OK; ------------------------------------- SAME WAY I'VE TRIED THE HANDSHAKING MECHANISM USING GSSAPI CALLS AND .=2E...EVERYTHING IS WORKING FINE... WHILE USING SSPI CALLS.....I'M GETTING PROBLEMS...............!! Here is code snippet ---- --------- this step succeeded err =3D pSecurityInterface->InitializeSecurityContext ( &hcredClient, pClientCtxHandleIn, TEXT("LDAP/ps2345.intranet.xyz....@INTRANET.XYZ.COM"), grfRequiredCtxAttrsClient, 0, SECURITY_NATIVE_DREP, pClientInput, 0, pClientCtxHandleOut, pClientOutput, &grfCtxAttrsClient, &expiryClientCtx); cbv.bv_len =3D pClientOutput->pBuffers[0].cbBuffer; cbv.bv_val =3D (char*)pClientOutput->pBuffers[0].pvBuffer; // successful call verified..... retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if ((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCE= SS)) { cbv.bv_len =3D 0; cbv.bv_val =3D NULL; if (sbv) { ber_bvfree(sbv); sbv =3D NULL; } //replying the challenge will NULL value retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCES= S)) { inSecBufDesc.ulVersion =3D SECBUFFER_VERSION; inSecBufDesc.cBuffers =3D 2; inSecBufDesc.pBuffers =3D &inSecBuf[0]; inSecBuf[0].BufferType =3D SECBUFFER_STREAM; inSecBuf[0].cbBuffer =3D sbv->bv_len; inSecBuf[0].pvBuffer =3D sbv->bv_val; inSecBuf[1].BufferType =3D SECBUFFER_DATA; inSecBuf[1].cbBuffer =3D 0; inSecBuf[1].pvBuffer =3D NULL; ULONG mylongVal=3D0; //Decrypting the Response. err =3D pSecurityInterface->DecryptMessage(pClientCtxHandleIn, &inSecBufDesc, 0,&mylongVal); -------------- till here everything is successful....verified with corresponding GSSPI call ...the (inSecBufDesc).pBuffers[1] contains the 4 byte octet string....Now according to rfc2222.txt, final step required to wrap the data (EncryptMeassage call) in this case and use final ldap_sasl_bind_s call err =3D pSecurityInterface->QueryContextAttributes( pClientCtxHandleIn, SECPKG_ATTR_SIZES, &sizes); // password length is passWd_Len =3D strlen("myuse...@INTRANET.XYZ.COM") + 4; //setting the first byte of octet to 1 ptr =3D (unsigned char *)inSecBufDesc.pBuffers[1].pvBuffer; maxsz =3D (ptr[1]<<16) | (ptr[2]<<8)| (ptr[3]); ptr =3D (unsigned char *) malloc(passWd_Len); ptr[0]=3D 1; ptr[1]=3D maxsz>>16; ptr[2]=3D maxsz>>8; ptr[3]=3D maxsz; sprintf((char *)&ptr[4], "%s", "myuse...@INTRANET.XYZ.COM"); ---------------------------till here everything is ok....SAME AS DONE WITH GSSAPI CALLS AND IS SUCCEEDED ...EVERYTHING IS FINE TILL HERE. NOW THE JOB IS TO ENCRYPT AND SEND IT TO THE SERVER IN FINAL CALL.------------- --------------------Problem lies in next part of the code --------------------- // Need three descriptors, two for the SSP and one to hold the //application data. inSecBufDescSecond.ulVersion =3D SECBUFFER_VERSION; inSecBufDescSecond.cBuffers =3D 3; inSecBufDescSecond.pBuffers =3D &inSecBufSec[0]; inSecBufSec[0].BufferType =3D SECBUFFER_TOKEN; inSecBufSec[0].cbBuffer =3D sizes.cbSecurityTrailer; inSecBufSec[0].pvBuffer =3D malloc(sizes.cbSecurityTrailer); // This buffer holds the application data. inSecBufSec[1].BufferType =3D SECBUFFER_DATA; inSecBufSec[1].cbBuffer =3D passWd_Len; inSecBufSec[1].pvBuffer =3D malloc(inSecBufSec[1].cbBuffer); memcpy(inSecBufSec[1].pvBuffer, ptr, passWd_Len ); inSecBufSec[2].BufferType =3D SECBUFFER_PADDING; inSecBufSec[2].cbBuffer =3D sizes.cbBlockSize; inSecBufSec[2].pvBuffer =3D malloc(inSecBufSec[2].cbBuffer); err =3D pSecurityInterface->EncryptMessage(pClientCtxHandleIn, ( 0 / SECQOP_WRAP_NO_ENCRYPT ) ,&inSecBufDescSecond, 0); ----> if i keep second argument as SECQOP_WRAP_NO_ENCRYPT ....the call returns SEC_E_OK , butinSecBufDescSecond.pBuffers[1] does not contains the expected data. On the other hand keeping second argument 0=2E..returns error(-2146893054) Let me know...where is the problem ??=20 Amit Tag: Can we default to a trusted domain in IIS prompt? Tag: 79431
  - 20
    - Windows 2003 server Network Security I want to lock down my network from PCs for Laptops outside the company. Basically I do not want anyone to be able to plug in his or her laptop computer via an RJ45 connection and have any access to resources without signing in with a valid userid and password. I donâ??t want them to have a DHCP IP address to surf the Internet unless authorized via their userid and password. Where do I start to implement these restrictions? Thanks Tag: Can we default to a trusted domain in IIS prompt? Tag: 79427
  - 21
    - about axistwo.exe and nprvesof.exe Hello, who knows something about a file named axistwo.exe? I can't find anything about it in the web. It's generated in a directory named "life soft tick". In this dirctory there are also some other files: nprvesof.exe Win Tool Meal.exe Thanks for your help, Axel Tag: Can we default to a trusted domain in IIS prompt? Tag: 79421
  - 22
    - L2TP/IPsec sites-to-sites vpn Hi Here are my scenario. I have two sites that are connected through a isdn lines but I don't want to use that line anymore, instead I will use a site-to-site vpn connection. My main site is using a Windows 2000 server with ISa 2000, this computer is a member of my domain. Ip adress 10.10.x.x/16. On this site I have a Stand alone certificate server on Windows 2003. This server is not a Domain Controller. The remote site is using a Windows 2003 server with ISA server 2004, he is also a member of my domain. Ip adress 10.30.x.x/16 On both isa server I have made the necessary configuration to make a pptp conection, and with this type of connnection I am able to make the connection between both sites. My problem is when i'm trying to use a L2TP/IPsec connection. On the ISA 2004, I change the protocol type of the remote site to L2TP. On the ISA server 2000, packet filters for this type of traffic is there, and I changed the type of protocol the netwotk interface is using for LP2TP vpn type. My concerns are about the certificates part. On the ISA 2000, I use the certifictaes mmc to request and install a computer certificates with success. On the ISA server 2004, I tried the same thing but I receive this error The certificate request was submitted to CA that is not started or you don't have permissions to request certificates from availabe CAs. I restarted the routing and remote access and IPSec policies services on both computers without success. So on this server I use the a web request (http://10.10.0.x/certsrv) to request a administrator template certificates. When I tried to connect I receive this error on both ISA servers Event Type: Error Event Source: RemoteAccess Event Category: None Event ID: 20111 Date: 12/23/2005 Time: 8:53:50 AM User: N/A Computer: MASTER3 Description: A Demand Dial connection to the remote interface IsaMoncton on port VPN2-0 was successfully initiated but failed to complete successfully because of the following error: The L2TP connection attempt failed because security policy for the connection was not found. Data: 0000: 17 03 00 00 .... I have read many articles and some articles tells that I need a computer certificates, some other a IPsec template, others a Router(offline) templates... So my first idea was to use a computer type certificates but I can not use the MMC Certificates snap-in on the ISA 2004 to reuqest one and the the computer templates is not available for installation when I'm using the web. I can't figured out where is my errors and all my reading haven't help me it mixed me up instead Thanks Tag: Can we default to a trusted domain in IIS prompt? Tag: 79420
  - 23
    - Service running as Local system account Unable to map drive on ano Hi all I have a problem. I am developing a service which need to run as Local System Account, and which need to access a directory on a remote computer, in order to both read and write files. Both computers are running Windows 2000 and are in the same domain. As Local System Account do not have any network permissions as such, I have tried some alternative approaches but none seem to work. 1). I have tried to share the directory on the remote machine as a so called null session share (http://support.microsoft.com/default.aspx?scid=kb;en-us;289655), as that in theory should allow access to everyone and everything. But when I tried to write a file I got the "System error 5 has occurred.Access is denied." error. 2) Next I have tried to grant the computer account on which the service is running full access to the share as this article describes (http://forumz.tomshardware.com/software/Folder-Sharing-Computer-Accounts-ftopict225518.html). With the same result. The way I tested both approaches this: In both methods I use UNC format and IP numbers to address the remote share, like this: \\192.168.106.12\share\ 1) Run some code in my service using the function OpenStreamOnFile(MAPIAllocateBuffer, MAPIFreeBuffer, ulFlags, file_name, szFilePrefix, out_stream) function, and also fopen( "\\192.168.106.12\\share\\data.dat", "w+" ). Both methods fail though. 2) started a CMD prompt with Local Systems Account credentials (using the method described here: http://www.windowsitpro.com/Article/ArticleID/47673/47673.html and the psexc.exe tool from sysinternals - running psexec.exe -s cmd.exe). Then tried to both copy a file manually using the copy command and to map a drive letter using "net use". But all I got was a "System error 5 has occurred.Access is denied." I would appreciate any help I can get. Small things to try or even whole new approaches, as I am really running out of ideas here. Also if you need further information regarding my setup, please let me know. Thanks, and a merry Christmas to all Kind regards/ Venlig hilsen Peter Langhoff Feddersen System Engineer, MCSD Systematic Software Engineering A/S Web: www.systematic.dk Tag: Can we default to a trusted domain in IIS prompt? Tag: 79417
  - 24
    - Not able to open a locked mdb file from Windows 2003 Hi, I have this problem: I'm not able to open an mdb file that is already locked. The file is located in another server, the folder is fully shared, and my user has full access to that folder. I only has this problem for Server running on Windows Server 2003. My Win2K Server doesn't have this problem. I can open the file only if I open it from Microsoft Access, when I tried to double click the file from Windows explorer nothing happen. If the file is not locked I can open it by double click, even though there is a security window pop up. I can open a locked mdb file if the file located in Local Server. Is this problem has anything to do with Windows Server 2003 security?? Any suggestion will be greatly appreciated Thanks Tag: Can we default to a trusted domain in IIS prompt? Tag: 79411
  - 25
    - SPAM!!!! Im sick to death of spam , its soo anoying . The funniest thing is though Why have i recived an email that is spam and that has come from my actual email adress.?? Can any one help me? Cheers:D Tag: Can we default to a trusted domain in IIS prompt? Tag: 79400
- Next
  - 1
    - Local Administrator Password Good morning! I was wondering if Microsoft had any software that globally reset all local admin passwords on my domain. Can MOM accomplish this? Thank you in advance for your help. Roger Settle rsettle@(remove this)oasisadvantage.com Tag: Can we default to a trusted domain in IIS prompt? Tag: 79399
  - 2
    - 0x80070569: Logon failure: the user has not been granted the requested logon type at this computer. Hi. In a Windows 2000 domain, I defined a domain user (dom\StartTask) member of Domain Users and Users domain group with password never expires and set in Domain Security Policy 'Deny Access to this computer from the network' and 'Deny logon locally'. After this, in a member server (Server01), I create a scheduled task and associate with defined user. The task doesn't run and in View Log I see the following message: ---- "xxxx.job" (xxxx.bat) 12/22/2005 11:59:59 AM ** ERROR ** The attempt to log on to the account associated with the task failed, therefore, the task did not run. The specific error is: 0x80070569: Logon failure: the user has not been granted the requested logon type at this computer. Verify that the task's Run-as name and password are valid and try again. ---- In Event Viewer (Security) the event : Logon Failure: Reason: The user has not been granted the requested logon type at this machine User Name: StartTask Domain: dom Logon Type: 4 Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: Server01 ---- The strange think is that after I reset the password, the scheduled task works. Could you help me? Ivan Cella Eridano@hotmail.com Tag: Can we default to a trusted domain in IIS prompt? Tag: 79396
  - 3
    - Error getting while Encrypting the data on final step of handshaking Hi all, I'm using Microsoft=AE Platform SDK 2003 and my client program is using SSPI calls. I'm able to get 4 octet string token from TGT server just before the final step of handshaking mechanism in SASL connection. i=2Ee. my final step of three way handshaking is broken in the final step where i'm calling EncryptMessage(..) [enquivant to gss_wrap( .. ) in GSSAPI]. It is returning some garbage value (-122346..34) instead of SEC_E_OK; ------------------------------------- SAME WAY I'VE TRIED THE HANDSHAKING MECHANISM USING GSSAPI CALLS AND .=2E...EVERYTHING IS WORKING FINE... WHILE USING SSPI CALLS.....I'M GETTING PROBLEMS...............!! Here is code snippet ---- --------- this step succeeded err =3D pSecurityInterface->InitializeSecurityContext ( &hcredClient, pClientCtxHandleIn, TEXT("LDAP/ps2345.intranet.xyz.com@INTRANET.XYZ.COM"), grfRequiredCtxAttrsClient, 0, SECURITY_NATIVE_DREP, pClientInput, 0, pClientCtxHandleOut, pClientOutput, &grfCtxAttrsClient, &expiryClientCtx); cbv.bv_len =3D pClientOutput->pBuffers[0].cbBuffer; cbv.bv_val =3D (char*)pClientOutput->pBuffers[0].pvBuffer; // successful call verified..... retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if ((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCE= SS)) { cbv.bv_len =3D 0; cbv.bv_val =3D NULL; if (sbv) { ber_bvfree(sbv); sbv =3D NULL; } //replying the challenge will NULL value retval =3D ldap_sasl_bind_s(ld, NULL, "GSSAPI", &cbv, NULL, NULL, &sbv); if((retval =3D=3D LDAP_SASL_BIND_IN_PROGRESS || retval =3D=3D LDAP_SUCCES= S)) { inSecBufDesc.ulVersion =3D SECBUFFER_VERSION; inSecBufDesc.cBuffers =3D 2; inSecBufDesc.pBuffers =3D &inSecBuf[0]; inSecBuf[0].BufferType =3D SECBUFFER_STREAM; inSecBuf[0].cbBuffer =3D sbv->bv_len; inSecBuf[0].pvBuffer =3D sbv->bv_val; inSecBuf[1].BufferType =3D SECBUFFER_DATA; inSecBuf[1].cbBuffer =3D 0; inSecBuf[1].pvBuffer =3D NULL; ULONG mylongVal=3D0; //Decrypting the Response. err =3D pSecurityInterface->DecryptMessage(pClientCtxHandleIn, &inSecBufDesc, 0,&mylongVal); -------------- till here everything is successful....verified with corresponding GSSPI call ...the (inSecBufDesc).pBuffers[1] contains the 4 byte octet string....Now according to rfc2222.txt, final step required to wrap the data (EncryptMeassage call) in this case and use final ldap_sasl_bind_s call err =3D pSecurityInterface->QueryContextAttributes( pClientCtxHandleIn, SECPKG_ATTR_SIZES, &sizes); // password length is passWd_Len =3D strlen("myuserid@INTRANET.XYZ.COM") + 4; //setting the first byte of octet to 1 ptr =3D (unsigned char *)inSecBufDesc.pBuffers[1].pvBuffer; maxsz =3D (ptr[1]<<16) | (ptr[2]<<8)| (ptr[3]); ptr =3D (unsigned char *) malloc(passWd_Len); ptr[0]=3D 1; ptr[1]=3D maxsz>>16; ptr[2]=3D maxsz>>8; ptr[3]=3D maxsz; sprintf((char *)&ptr[4], "%s", "myuserid@INTRANET.XYZ.COM"); ---------------------------till here everything is ok....SAME AS DONE WITH GSSAPI CALLS AND IS SUCCEEDED ...EVERYTHING IS FINE TILL HERE. NOW THE JOB IS TO ENCRYPT AND SEND IT TO THE SERVER IN FINAL CALL.------------- --------------------Problem lies in next part of the code --------------------- // Need three descriptors, two for the SSP and one to hold the //application data. inSecBufDescSecond.ulVersion =3D SECBUFFER_VERSION; inSecBufDescSecond.cBuffers =3D 3; inSecBufDescSecond.pBuffers =3D &inSecBufSec[0]; inSecBufSec[0].BufferType =3D SECBUFFER_TOKEN; inSecBufSec[0].cbBuffer =3D sizes.cbSecurityTrailer; inSecBufSec[0].pvBuffer =3D malloc(sizes.cbSecurityTrailer); // This buffer holds the application data. inSecBufSec[1].BufferType =3D SECBUFFER_DATA; inSecBufSec[1].cbBuffer =3D passWd_Len; inSecBufSec[1].pvBuffer =3D malloc(inSecBufSec[1].cbBuffer); memcpy(inSecBufSec[1].pvBuffer, ptr, passWd_Len ); inSecBufSec[2].BufferType =3D SECBUFFER_PADDING; inSecBufSec[2].cbBuffer =3D sizes.cbBlockSize; inSecBufSec[2].pvBuffer =3D malloc(inSecBufSec[2].cbBuffer); err =3D pSecurityInterface->EncryptMessage(pClientCtxHandleIn, ( 0 / SECQOP_WRAP_NO_ENCRYPT ) ,&inSecBufDescSecond, 0); ----> if i keep second argument as SECQOP_WRAP_NO_ENCRYPT ....the call returns SEC_E_OK , butinSecBufDescSecond.pBuffers[1] does not contains the expected data. On the other hand keeping second argument 0=2E..returns error(-2146893054) Let me know...where is the problem ?? Amit Tag: Can we default to a trusted domain in IIS prompt? Tag: 79392
  - 4
    - Server hang after installing MS05-053,54,55 Hi, Would like to check out does anyone experience server hang at "saving your setting.." during logoff after installing the above patches ? That is what happening to me right now on 4 of my servers. When the server hung, i starts getting a lot of event id 2002, application class, source : perflib, descriptions as remoteaccess DLL timeout, something like that. That was the last changes that i made to the servers. Ironically, it does not happen to all servers. That is the hardest part. And after we rebooted the server, it went back to normal. That's why i am unable to reproduce the problem for further diagnostics. Any reply or advise is much appreciated ! Thanks. Tag: Can we default to a trusted domain in IIS prompt? Tag: 79391
  - 5
    - Invitation to join "Security, Privacy & Related Legal Issues" You are cordially invited to join the YahooGroups "Security, Privacy & Related Legal Issues" at http://groups.yahoo.com/group/securityprivacy/ GROUP DESCRIPTION: Privacy, Computer Security, Harassment, Stalking, Defamation, Libel and Related Legal Issues. All new members will be on temporary moderated status, in order to avoid spammers. Member list is private and members may join anonymously. List is also for fans of J.J. Luna, author of: Work From Home At Any Age; and How to Be Invisible Tag: Can we default to a trusted domain in IIS prompt? Tag: 79390
  - 6
    - Digital Content Security Act Well, the movie Nazi's are trying it again... ..."Congress is leaving a special gift under the tree for Hollywood's film industry. Just before closing for the holidays, legislators introduced a new proposal designed to curb redistribution of movies.The Digital Transition Content Security Act would embed anticopying technology into the next generation of digital video products. If it makes its way from Capitol Hill to the Oval Office and becomes law, the measure will outlaw the manufacture or sale of electronic devices that convert analog video signals into digital video signals, effective one year from its enactment. PC-based tuners and digital video recorders are listed among the devices." http://politics.slashdot.org/article.pl?sid=05/12/22/0123210&from=rss Imhotep Tag: Can we default to a trusted domain in IIS prompt? Tag: 79389
  - 7
    - Security Problem>>> Need Help!!! Hi, Hope someone here can help me. The problem is: My Browser keeps getting HiJacked despite Fort Knox Security. The Question is....What am I missing? I am using windows xp home w/sp2 installed(but disabled) in it's place I'm using Norton System Works, Fix it Utilities 6, Adaware SE, Spybot S&d, Norton and Mcafee Clean Sweeps, I have run File Analyzer, Net Analizer, Reg Analizer, Pop Up Blockers are: Windows(disabled), Nortons, MSN, Yahoo. I have disabled Remote Access, I have run MS Malware Tools, System is set to erase all tracks when browser closes and is confirmed. All Updates are up to date and run regularly. Checked all ports besides using all tools listed above. also use yahoo spyware scanner. my system is set up (High Speed Cable) Connected to router , to which I have Security enabled.I have checked for hardware and software conflicts and all is fine. all system tools run come up Zilch. I have scanned pc thru nortons and mcafee sites. I have scanned in safe mode, I have done everything i can think of. I know somthing or someone is getting into my system as I log on and my explorer page is different than what I have it set to. and my OE settings keep getting messed with, which I have to keep resetting. otherwise my system is 100% fine. I don't have any error messages or hangs. So someone please tell me what I am doing Wrong here. oh and another thing I noticed is my computer systems can be shut completely off and router and modem keeps showing pc activity, although I can't detect anything being sent or recieved. when i boot and logon as this is happening it then quits. I have also shut down the other antivirus and run AVG. I need some insight please. Tag: Can we default to a trusted domain in IIS prompt? Tag: 79386
  - 8
    - parental permission please tell me how to give permission to my kids .i do not have a credit card Tag: Can we default to a trusted domain in IIS prompt? Tag: 79378
  - 9
    - Weird problem / Email showing up in excel spreadsheet I have a windows 2000 domain, windows 2000 exchange. I have a user that just sent an email, the contents of the email autotyped themselves into an open excel spreadsheet on another users computer. This other user does not have an exchange account or anything. Any ideas? I have run netstat looked through all the startup stuff, no weird processes running, nothing. Please throw me some ideas here, this is bizarre and I have never seen this... Tag: Can we default to a trusted domain in IIS prompt? Tag: 79377
  - 10
    - Event ID 5723 I keep getting this error on my DC (W2k3 Server) with the following... The session setup from computer '17951' failed because the security database does not contain a trust account '17951$' referenced by the specified computer. For user action is says to disjoin this account from the domain. That's fine, but I can't find the computer in AD. Is there a way to remove this ghost account? Can I use Netdom or ADSI edit? Tag: Can we default to a trusted domain in IIS prompt? Tag: 79375
  - 11
    - network service accounts HKCU access Hi, I have a web service, as I understand from msdn docs, web services in IIS 6 works with network service account. Therefore for a specific purpose, I have to access the HKCU registry of network service account and add some keys there. But the problem is that, How to do that, since network service account is not a normal user account. can you please tell me how to do such a change in reg (HKCU) of network service account?? thanks, atx Tag: Can we default to a trusted domain in IIS prompt? Tag: 79374
  - 12
    - spyware question I have microsoft anitspyware installed. I just got redirected to a japanese porn site when I clicked on a link. When I tried the link again it worked ok but an antispyware notice popped up saying, on top, that a change had been allowed (green) but underneath it said a change had been blocked. Makes no sense. The message referred to shdocvw.dll. When I clicked on "help", in the notice, a blank page came up. When I closed the blank page the spyware notice disappeared before I could copy it. I think it said "the microsoft doc object shdocvw.dll has been prevented from..." either changing, or loading or something. I dont remember what. I did a spyware scan and it did not detect any spyware. But then a notice on the spyware page said "number of items detected, 1". Makes no sense. I cannot find any information on what this "item detected" was (or is) or what to do about it. When I tried to send a report to Microsoft about it (in the spyware program) it said "submission failed, check you proxy settings". So far as I know, there is nothing wrong with my proxy settings. Can you shed any light on this situation? Thanks. Tag: Can we default to a trusted domain in IIS prompt? Tag: 79369
  - 13
    - netmon where can i get the full version of netmon? Tag: Can we default to a trusted domain in IIS prompt? Tag: 79356
  - 14
    - Boot Passwords Hi everyone, I have a BIOS utility on my PC (accessible during start up by pressing "F1") which allows me to set passwords, but for some reason the PC does not require that a user enters any of these passwords every time the PC is switched on, but rather only when a user enters the BIOS utility. My laptop requres the BIOS password to be entered every time the computer starts up, and I want my desktop PC to act in like manner. I have checked out the product support helpline for my desktop PC and it seems (strangely) that the BIOS passwords can not be set so that they are required on boot up. Does anyone know of any programs that will impliment a power on/boot password, or is there anything in Windows XP that will do the same? ------- Regards, CB. Tag: Can we default to a trusted domain in IIS prompt? Tag: 79351
  - 15
    - Microsoft Excel Unspecified Memory Corruption Vulnerabilities http://www.securityfocus.com/bid/15926 Imhotep Tag: Can we default to a trusted domain in IIS prompt? Tag: 79348
  - 16
    - Microsoft Internet Information Server 5.1 DLL Request Denial of Service Vulnerability http://www.securityfocus.com/bid/15921 (not much info available at this time) Imhotep Tag: Can we default to a trusted domain in IIS prompt? Tag: 79347
  - 17
    - Best virus protection/ internet controls for multiple users I have been using Mcafee Security Center Installed on my Computer with Windows XP Media. The Privacy Service which allowed me to control sites and times my kids could access the internet defeloped a glich which required a very cumbersome uninstall process. Before I simply reinstall the program I'm wondering what recommendations you might have for good overall virus protection, spyware protection and for controlling internet access. We use Mozilla Foxfire. One problem with the Security Center was that it used a lot of CPU % and seemed to slow down the computer. Tag: Can we default to a trusted domain in IIS prompt? Tag: 79345
  - 18
    - Tracking where mail is coming from. We are getting about 800 mails an hour that are trying to go out on our exchange server. We know that it is internal to the company but not which subnet it is coming from. Can any of you tell me how to use performance monitor to find out what IP it is coming from? If you can help I would really appreciate it. Thanks Tag: Can we default to a trusted domain in IIS prompt? Tag: 79341
  - 19
    - Auditing folders Good morning everyone, I audit all of our folders using the built in feature in Server 2003. The problem is our event log files are huge by the end of the day because when Veritas runs the backup at night it logs every file it reads and opens in the event log. Does anyone know of a way to exclude programs or users from the auditing process? Thank you for your time. Tag: Can we default to a trusted domain in IIS prompt? Tag: 79328
  - 20
    - Same User regardless of being on the domain. I have a laptop that I use at work where I log on to a domain. When I bring it home, I don't log on to the domain (because it doesn't exist.) As far as the system is concerned though I'm a different user. How do I make it the same user with/without the domain? Do I attempt to log in to the domain at home and just let it fail or what? TIA - Jeff. Tag: Can we default to a trusted domain in IIS prompt? Tag: 79327
  - 21
    - Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability http://www.securityfocus.com/bid/13799 Imhotep Tag: Can we default to a trusted domain in IIS prompt? Tag: 79315
  - 22
    - Microsoft Internet Explorer Dialog Manipulation Vulnerability http://www.securityfocus.com/bid/15823 Imhotep Tag: Can we default to a trusted domain in IIS prompt? Tag: 79314
  - 23
    - Microsoft Windows MSDTC Memory Corruption Vulnerability http://www.securityfocus.com/bid/15056 Imhotep Tag: Can we default to a trusted domain in IIS prompt? Tag: 79313
  - 24
    - fake security warnings i keep getting fake security warnings and i cant access my home page when i click on internet explorer this page loads: http://i6.photobucket.com/albums/y239/cannonfodder39/damncomp.jpg Tag: Can we default to a trusted domain in IIS prompt? Tag: 79306
  - 25
    - restricted sites zone in IE Hi, I was adjusting my security settings in IE 6 and I clicked on "SITES" in the restricted zone, and there were a bunch of websites, mostly disreputable ones that I'm not sure how they got there. I didn't put them there. My question is this: if I remove them will they stay gone forever? I know this sounds silly, but I really don't know how they ended up in that list, I never added them. If I click remove, what exactly will that mean? Will those sites end up in the safe zone? Some advice please? Thanks... Tag: Can we default to a trusted domain in IIS prompt? Tag: 79300

I am trying to configure Windows Integrated Security on a SharePoint server
(Windows 2003 sp1) so that users do not have to enter a domain at the logon
prompt, but just a username. I was able to do this in a basic scenario when
the web server is in the same domain as the user's domain by setting the
default logon domain Metabase property.

But when I tried to do this in the case where the user is part of a trusted
domain rather than the server's domain, it did not work. Is there another
setting that I need to add/modify? Is this even possible in IIS 6.0?

Thanks,
Mary

Top

Re: Can we default to a trusted domain in IIS prompt? by Roger

Roger
Tue Dec 27 14:05:52 CST 2005

I do not believe that is possible with only what is built into
IIS 6 for W2k3. Now, W2k3 R2 has added some Kerberos
support for IIS but I noticed that most of it one could not use
for (WSS) Sharepoint webs, and, I have not noticed whether
a "default domain" was added, but it surely was not there in
any of the earlier versions of IIS for Windows integrated auth.

"Mary F." <maryha@burntsand_nospam.com> wrote in message
news:C15604F3-10A9-47CE-BC38-6C7416D2DFB6@microsoft.com...
>I am trying to configure Windows Integrated Security on a SharePoint server
> (Windows 2003 sp1) so that users do not have to enter a domain at the
> logon
> prompt, but just a username. I was able to do this in a basic scenario
> when
> the web server is in the same domain as the user's domain by setting the
> default logon domain Metabase property.
>
> But when I tried to do this in the case where the user is part of a
> trusted
> domain rather than the server's domain, it did not work. Is there another
> setting that I need to add/modify? Is this even possible in IIS 6.0?
>
> Thanks,
> Mary
>

Top

Re: Can we default to a trusted domain in IIS prompt? by maryha

maryha
Tue Dec 27 17:03:01 CST 2005

That's what I suspected. Thanks!

Mary

Top