implications of disabling SMB/CIFS

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Auditing Account Management I have successfully configured auditing for Account Management. However, it does not generate an event for when an email address is changed/deleted/modified? Is there a way extend the attributes that are tracked within Account Management in AD? Thank you for any help that you may provide. Jamie Tag: implications of disabling SMB/CIFS Tag: 76059
  - 2
    - Effects of Disabling USB storage... Hi all, I was looking for a method to disable USB storage devices through GP and came across the KB article 555324. One question does pop to mind before I implement this: I'm wondering if setting this would affect other USB devices such as keyboards and mice, and if so is there a workaround? Thank you. -- Bill Tag: implications of disabling SMB/CIFS Tag: 76046
  - 3
    - Can't run MBSA. Insufficient services enabled? I am having trouble running MBSA. I run XP Pro + SP1 on a standalone PC connected via ethernet to broadband. If I provide the computer name then I get a message saying: "Unable to scan all computers" my-home\my-pc (Unknown IP) Computer not found." If I provide the IP address I get a message saying: "Unable to scan all computers xxx.xxx.xxx.xxx : Computer not found." where the xxx's have the correct value for my IP address. The MBSA help text says: ---------------- START ------------------ The following are the requirements for a computer to be scanned remotely by the tool: ... The following services must be enabled: Server service, Remote Registry service, and File & Print Sharing. Please see article 303215 for more information on these services. ---------------- END ------------------ Unfortunately article 303215 does not seem to exist any longer. What are the names of the services in the services menu that corespond to these: Server service Remote Registry service File & Print Sharing. Tag: implications of disabling SMB/CIFS Tag: 76044
  - 4
    - How to prevent stealing password Hi.I have free mail accounts in Hotmail and in Yahoo. They both offer security logging so the informations sent would be encrypted. Most public PCs are infected with spyware and viruses and I wonder if I access my mail account (in Hotmail for example) from an infected public PC , will some hacker be able to access my mail later because the keyloggers has saved my password.I have heard that if the info is encrypted ,like in Yahoo and in Hotmail,no spyware ,keylogger or hacker,noone would be able to see(save) my password. Is that true? :) Tag: implications of disabling SMB/CIFS Tag: 76043
  - 5
    - ccEmFlSv.exe On a Win XP SP2 Pro box. I have never seen ccEmFlSv.exe show up as a process but it has started to and is taking about 6272 K CPU. When I google or teoma search it it comes up as a low grade Trojan and I don't see any info about it as a normal process. I can't find info at www.norton.com/search . I can't end the process at TM. Can someone context this for me and if I need to remove it does anyone know of a removal tool? Best, Chad Harris Tag: implications of disabling SMB/CIFS Tag: 76040
  - 6
    - Force reboot in WSUS We've used SUS for quite some time now to distribute updates. I am in the process of moving to WSUS and for the most part things seem to be working well. One nice feature is the ability to see if a user has taken on the patches. I know for a fact that currently many users blow past the install and/or reboot prompts that they receive when SUS is trying to do its thing. Ultimately I believe that we end up with machines that are not properly patched. In WSUS it's nice to be able to get a report on the status of those machines, but is there a way to force that PC to reboot remotely so that all the patches are properly done? Tag: implications of disabling SMB/CIFS Tag: 76029
  - 7
    - Internal Audit question I am an IT auditor for an internal audit department. Our company uses Active Directory with Winows 2000 and 2003 servers and XP Pro workstations. Currently our IT support personnel have admin access to servers and workstations. My question is: Is there a way to allow the IT support personnel to do their job while restricting access to user data? The IT support people need to apply upgrades, install software, etc. We want to allow them to do this but restrict their access to user data in the Docs & Settings folder on the workstations, user directories on the servers, etc. Currently the IT support people have admin rights on the workstations. Can they do their job as a Limited user with proper permissions? I know this is a long post but i would appreciate any help. Thanks. -- wweldin -- wweldin Tag: implications of disabling SMB/CIFS Tag: 76022
  - 8
    - Computer and User Certificates Issues Hello, I have setup a Windows Server 2003 box in a test environment as a RADIUS Server using IAS to familiarise with Wireless Networking Authentication (we are intending to deploy some Windows 2003 systems as RADIUS Servers in the near future). The authentication method that I am hoping to use is EAP-TLS, which I understand requires User and Computer Certificates. Hence, I installed a CA on the Server, and duplicated the User and Computer Certificate Templates, changing only the Expiration Times. Both Templates have Authenticated Users with Read Access, Domain Admins with Full Access. The new User Template has Domain Users with Enroll and AutoEnroll Access and the same for Computer Template except for Domain Computers group. We have configured the Domain Level GPO to grant Automatic Certificate Enrollment. However, when computers in the test environment update Group Policy they all contain the following events: Event Type: Error Event Source: AutoEnrollment Event Category: None Event ID: 13 Date: 22/09/2005 Time: 9:54:16 PM User: N/A Computer: EPT-101 Description: Automatic certificate enrollment for local system failed to enroll for one LFN Computer certificate (0x80070005). Access is denied. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: AutoEnrollment Event Category: None Event ID: 13 Date: 22/09/2005 Time: 10:09:49 PM User: N/A Computer: EPT-201 Description: Automatic certificate enrollment for local system failed to enroll for one LFN Computer certificate (0x80070005). Access is denied. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Where have I gone wrong? These are XP SP2 clients, I previously tried enabling detailed Enrollment Logging but the additional events provided no extra information. Thank-you in advance for all corresspondence, William Teller Tag: implications of disabling SMB/CIFS Tag: 76011
  - 9
    - Mobile Messanger Is the following link safe, I want to access hotmail from my PSP (Playstation Portable). This link is posted several places but it doesnt seem to be a microsoft website and I just dont trust it. Is there a microsoft equivalent? http://mob.e-messenger.net/mobile/ Tag: implications of disabling SMB/CIFS Tag: 76004
  - 10
    - What creates these files? I originally posted this on an Outlook discussion group, but have since realised Security might have been more appropriate, so am copying it here with minor additions. For less than one full day, both NAV and AVG indicated that files that are constantly created in "C:/Documents and settings/<user>/Local settings/Temp" with names "CC*.tmp" (they appear to be named using hexadecimal notation of a byte) have the Netsky.P or .Q worms. Is this NAV/NIS creating these files as a result of using MS Outlook, and why would the files have an old worm? Investigating how these worms work shows that the system does not appear to be infected with these worms. But the "CC*.tmp" files are always being recreated. Any suggestions how to eliminate the problem? For further information, warning messages from AVG and NAV only now appear when I access that folder/files to try to solve the problem. Maybe there's no real problem after all. But if NAV/NIS is creating those files, then why would it be creating them with an apparent security flaw? Kevin Tag: implications of disabling SMB/CIFS Tag: 76002
  - 11
    - Rest password emails I have received at least 10 emails recently from Microsoft Customer Support saying I have requested via email to reset my hotmail password. Enter this link to reset, or if you did not request enter this link. I have never once asked to reset my password, so i always click the 2nd link, but why am I receiving these? Tag: implications of disabling SMB/CIFS Tag: 76001
  - 12
    - Where to send fraud e-mails? Hi Does anybody know what government agency to send a fraud e-mail? I just received one from the Nigerian crew. Thanks. Tag: implications of disabling SMB/CIFS Tag: 75999
  - 13
    - Serial/Thumbprint of Certificate attached to CA? Hello all, I was wondering if anyone could tell me if it is possible to find out the Serial # and/or thumbprint of the certificate that is associated with a Certification Authority. The problem is we have multiple certificates with the same name, and since there is a problem with the certificate I get an "access denied" when I attempt to access it through the CA properties. I have tried to back up the CA but always get an error, perhaps associated with the "acess denied" to the certificate itself. If anyone could adivse on this I would be most appreciative. Thanks! Tag: implications of disabling SMB/CIFS Tag: 75994
  - 14
    - Spyware doctor. Is it free? I installed 1 month ago spyware doctor ver. 3.2.1.359 on one pc; supposedly, free. Well, i want to install it at my home pc too. But, at a few known sites, like tucows, download.com and majorgeeks, this program is says shareware for $29.95. I remember reading something about this on the other pc. but, my work pc still has this program installed and its not a registered version nor a dime has been paid for it. Can I safetly download it at home. And assume that I wont get charged later on? is it a trial with a time limit?? If something says it needs or if I want to register it, does that mean $$$$$ time?? Tag: implications of disabling SMB/CIFS Tag: 75985
  - 15
    - Administrator's Account Name Reverts to Original Name I have one of our Network gurus' telling me that after they have renamed the Administrator's name on some of our network systems, that the systems are reverting back to the original name...Administrator I have never seen or heard of this. Any Truth to this orideas? Thanks -- Jerry Tag: implications of disabling SMB/CIFS Tag: 75984
  - 16
    - hotbar trying to install Hi- I have been using the ms antispy program at home for about 2 months now. when I log on to my user account, all is ok. But lately, when my daughter logs into her user account, after a few seconds, the red box from Microsoft antispy program says that this threat wants to install; and if I want to remove it. I click yes. it says it removes it. I scan right away, and the next time we turn off/on the pc and go into her acc't, this warning comes back. scans done= ad-ware, spybot S & D, spyware doctor, Ewido, MS antispy. Did them in safe mode. Only thing found, this last time, was with MS-antispy; and it was some searchbar threat and a tracking cookie. I went to Majorgeeks and dloaded a program specifically for this threat and it come up clean. will try it again as well as any others suggested here. hope you can help. PS, i also have HJT if I need to post a log at those forums. Thanks -- Tag: implications of disabling SMB/CIFS Tag: 75982
  - 17
    - SSL Padlock shows then disappears when viewing a site (asp.net) that I created the browser (ie 6, XP SP2) address shows https: but the padlock only shows when the site loads then disappears, any help would be appreciated... Thanks, Rico Tag: implications of disabling SMB/CIFS Tag: 75979
  - 18
    - How can you compromise a SQL Server via Front-End Server ? Imagine this: I have a Sharepoint Front-End web server in the "Forest-Perimeter" network (some call it DMZ). Imagine the SQL server such Sharepoint server uses continues to be housed in the "Internal" network. Therefore I would need to open a hole in the ISA firewall to allow communication between the Sharepoint Front-End<----> SQL Server (internal) network. Can you tell me the mechanism and likelyhood of getting such SQL server compromised via this Front-End web server ? I know you can hit a SQL server pretty hard if you can explore SQL server injections, but let's assume you use store procedures to avoid SQL server injections. Tag: implications of disabling SMB/CIFS Tag: 75978
  - 19
    - LU1806 Re : Live update problem. I am constantly receiving LU1806 error when trying to run live update. I have read all the information from Symantec. Attemtped to reload Norton Antivirus however the errors still occur. This problem has only been happening since I loaded Windows Internet Security. Any ideas how to get around the problem? Tag: implications of disabling SMB/CIFS Tag: 75970
  - 20
    - Reasons TO use full HHD encryption vs File/Folder (non-EFS) Hello - if anyone has any good argumements regarding why to USE Full Hard Disk Encryption -vs- just Folder (& file) Encryption, please post some comments. My boss wants to just do Folder, but I am leaning toward encrypting the full HHD to cover all the bases - thinking of using something like SafeGuard Easy 4.11. Please note: we are not considering EFS (sorry MS). Thank you all in advance! -- Take care! Mark -- Take care! Mark Tag: implications of disabling SMB/CIFS Tag: 75964
  - 21
    - how to delete a contact from the block list in privacy tab please let me know if there is a way to delete a contact from the block list in privacy tab. Tag: implications of disabling SMB/CIFS Tag: 75959
  - 22
    - ICMP Hardware Error Help. I have a few networks here. EXT FW&WAP -> SBS2003 w/ ISA2004 -> Internal LAN -> LAN GW&WAP -> Internal LAN DSL -> 192.168.1.x -> 192.168.16.x SBS is 192.168.1.200 LAN GW&WAP is 192.168.1.2 EXT FW&WAP is 192.168.1.1 SBS Internal is 192.168.16.4 LAN GW&WAP is 192.168.16.1 LAN/DHCP (on SBS) Default Gateway is 192.168.16.1 SBS Defautl GW in on Ext NIC and is 192.168.1.1 No GW defined on SBS internal NIC Problem.... Everytime I try to ping or tracert from my SBS Server to the internet my External Network Interface goes offline and reports "unplugged" and I get a "Hardware Error" in my CMD windows. A few minutes later the interface re-initializes and goes online. This server publishes content to the internet frequently every day, and serves as a Web, FTP, SMTP and other services server, all day long. Nothing else causes this, it only happens if I try to Ping or Tracert. Any ideas? Tag: implications of disabling SMB/CIFS Tag: 75954
  - 23
    - How prevent data steal thru pen drives? Tag: implications of disabling SMB/CIFS Tag: 75946
  - 24
    - How blocking some attachments helps protect your computer How the hell can i turn that thing off? i don't want windows to block an mp3 file when somebody sends me one through msn. And deblocking don't help either, cuz help and support says that i should just look for the file on my computer and deblock it, but it ain't even on my computer. It didn't save the file. I can judge myself whether or not a file can be trusted, i don't need windows doing that for me and what bugs me the most is that i can't seem to find a way to turn it off.....somebody? Tag: implications of disabling SMB/CIFS Tag: 75943
  - 25
    - IE Send Mail When I'm on MSNBC and I try to send a page via email to a friend, I receive: The current document type can not be sent as mail. Would you like to send a shortcut instead? I was able to do this before. Why not now? Tag: implications of disabling SMB/CIFS Tag: 75942
- Next
  - 1
    - Monitoring file usage I would like to know if there is a way to monitor when a user copy or move a file to an usb memory device. Our network have 200 + advanced clients with a domain controller and Systems Managment Server 2003 SP1. Thanks for your response. Tag: implications of disabling SMB/CIFS Tag: 75929
  - 2
    - smscfg.ini, 7 copies, won't defragment Hello, I've just defragmented my sony laptop, 5th time in 2 yrs, not too bad, because it seemed to be slowing down. My D drive went fine. My C drive had a failure to defragment smscfg(2).ini so I looked it up and I actually have 7 copies of this. I am not networked, I don't SMS, I internet via wifi. Is this anything I should be concerned about? Tag: implications of disabling SMB/CIFS Tag: 75924
  - 3
    - Can i run more then one session on the computer? Multiple sessions is pretty feature of XP. In domain environment its not working by default. How can i use this feature in domain environment? May be Vista can help me? Tag: implications of disabling SMB/CIFS Tag: 75918
  - 4
    - nigerian scams lately, i ve been getting a lot of mail from nigerians saying i can make millions if i give them my account number so they can deposit money from folks over there who died and left me in thier wills., and other such crap. is there somewhere i can report these to. i imagine some folks get this stuff and beleive it. -- xp-pro,sp2,ff1.0.6,40gb,380mb vig mobo,900gz, computer newbie Tag: implications of disabling SMB/CIFS Tag: 75917
  - 5
    - Infected from Google Virus from maxfiles.com It seems i am infected from some virus from Google toolbar, everytime am clicking search on google.com or googletoolbar my internet explore hangs/freezes the system for few mins . It also opens a pop-up on right-side of internexplorer screen. I think it is from maxfiles.com ? Please hel -- jigu90200 ----------------------------------------------------------------------- jigu902003's Profile: http://forums.techarena.in/member.php?userid=884 View this thread: http://forums.techarena.in/showthread.php?t=36450 Visit - http://www.techarena.in | http://forums.techarena.in | http://forums.techarena.in/archive/index.ph Tag: implications of disabling SMB/CIFS Tag: 75914
  - 6
    - FTP Server HELP!!! An unknown user used a program to try to script through about 8 different usernames, and like 300 passwords each in attempts to hack my FTP Server on my SBS 2003 Premium Server. Dilema, I hadn't ever created a "just in case" backup admin account. I try to never use admin privledges on the server, and with the negative implications of following the recommendations to rename Administrator, I have hesitated to do so, however after 300 failed login attempts, the Administrator account was locked out. Now I've recovered my access to my system, but I have some "obscurity" goals I'd like to try. I have found the following and implemented it: http://support.microsoft.com/default.aspx?scid=kb;en-us;826270 Now I would like my FTP SVC to at the least broadcast external.domain.com rather than server.domain.local on the "Connected to:" line. Any other recommendation on securing my "Read Only" FTP server would be greatly appreciated. Thanks, Tag: implications of disabling SMB/CIFS Tag: 75906
  - 7
    - accounts in two groups - Administrators and Power Users - who wins Does one group take precedence over the other. I had a situation where the user's accoutn was in both groups but when trying to install software, it appeared as if he did not have enough privileges. One of my technicians signed in as administrator and was able to install the software without a problem. When he signed in as the user who was in both Power Users and Admins, he said the install did not work. So the general question is how does Windows decide how to apply group membership roles. Tag: implications of disabling SMB/CIFS Tag: 75905
  - 8
    - Forest/Domain in the "DMZ" to accomodate web, front-end servers Imagine I have an IT guru in my organization and (political forces behind him) that don't let me put ANY front-end server in the internal network. I mean, I have Exchange 2003 OWA and Sharepoint servers that, to this date, have been published via ISA 2004 and in my view that was provided adequate security. Now imagine that I must put all servers that reside in the "internal" network in the "DMZ". Do you think it makes sense if I setup a "Domain-DMZ" and put all such front-end servers there and allow a one-way trust relantioship where my existing "domain-dmz" trusts the "corporate domain" ? Then I would put the Sharepoint Servers (front-end) and Exchange (front-end) and such DMZ-DOMAIN ? Do you really believe this would be a good security implementation for a mid size organization ? (5,000 AD accounts). Tag: implications of disabling SMB/CIFS Tag: 75902
  - 9
    - What Server Roles are OK to Share with a VPN? Hello-- We are going to be implementing a VPN for one of our remote offices. We have to be aware of costs, so we would like to share some of our network server roles on the same box. What server roles are safe to share on a VPN server? Security is our main concern, just ahead of cost. Many thanks, Stephen Tag: implications of disabling SMB/CIFS Tag: 75897
  - 10
    - MSN HOTMAIL SIGN IN PROBLEMS Whenever I try to sign in to my MSN e-mail account I get the following messages: "We cannot sign you in because we cannot verify the status of your subscription. Please verify that you are connected to the Internet before trying to sign in again." "MSN cannot verify that the MS.NET passport that you signed in with has an MSN billing account. You can still work offline...." Tag: implications of disabling SMB/CIFS Tag: 75896
  - 11
    - Vendor support security Hi all, Can anyone tell me or point me to a document to back me up on dos and don'ts when allowing vendor support connections. Does anyone have a policy that I can go by on this? We have setup a vpn (pptp) connection using pcanywhere, allow webex, and have a dialup modem using pcanywhere connections. The vendor still has a problem with me using group policy security and windows xp security. All my users do NOT have administrators rights to their workstation. The vendor insists that that is needed in order for him to connection with webex and fix a problem. The software is installed on an SQL server where he has a vpn connection and can connect with webex to have full control of the software. The only thing installed on the workstation is the SQL client which I installed and can maintain. Just would like to see other network/security administrators' policies on this. Thanks in advance for any help on this. Sher Tag: implications of disabling SMB/CIFS Tag: 75895
  - 12
    - Service Log On Account Problem Hello. My problem concerns Windows Services. I want some of my services work with permissions of domain user or domain admin (not Local System account). Everything works OK till reboot server. After this services don't start automatically due to incorect password reason. I have to type password manualy and start service manualy. This domain account are local admins of server and are added in Local Security Settings\User Rights Assignment\Logon as a service. What is the reason of my problem? Thanks in advance. Pawel Tag: implications of disabling SMB/CIFS Tag: 75894
  - 13
    - Bypass Traverse Checking not working I am having trouble getting Bypass Traverse checking working on my Windows 2003 EE server in a Windows 2003 domain. I have set Bypass Traverse Checking to Authenticated Users via Group Policy. However I have a service account that can not delete a file in the C:\Temp folder. The service account has Modify permissions to the C:\Temp folder and no permissions to C:\ Theoretically it should traverse C:\ and be able to find C:\Temp If I give the Service account the NTFS permission of "Travers Folder \ Execute File" the service account can then delete the file in the C:\Temp folder. I do not understand this as Bypass Travers Checking should give the same results. The following TechNet article states "Traverse folder takes effect only when the group or user is not granted the Bypass traverse checking user right in the Group Policy snap-in". http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/e4be109f-5547-4df8-90f0-4d885dc302e7.mspx Any idea on why Bypass Travers Checking does to appear to be applied? Tag: implications of disabling SMB/CIFS Tag: 75890
  - 14
    - should administrator lock pages in memory? Dear, all. Windows 2003 default setting, nobody could lock pages in memory. But in microsoft recommend in high security organization, should define administrator have this right. Could you tell me the reason? Thanks. Frank Tag: implications of disabling SMB/CIFS Tag: 75887
  - 15
    - I can't get into my other account...... My friend tried to many times to get into my other msn account. Corrupt_by_silence@hotmail.com, so now I can't get into it eather. And he tried to many times to answer my secret question, so I can't do that eather. So now I can't get in at all. Tag: implications of disabling SMB/CIFS Tag: 75883
  - 16
    - unable to login into WinXP HE Hi, I don't relly know if I'm posting in the right area but anyway...I was getting rid of viruses/sayware off my computer and MS GIANT found 3 viruses, a trojan, a mediaticket and a 180 solutions. I was akedto reboot my PC due because one of the viruses was running so I did. When I had rebooted I tryed to log into my useer but it immediately logged me out...I have tried safe mode and other users but all unsuccessful. Is there a way to open msconfig, command prompt (safe mode with prompt doesn't work) without logging into a user. Yours, Duggles Tag: implications of disabling SMB/CIFS Tag: 75878
  - 17
    - questionable emails received when I open an email that is full of hidden statements, is this something that should be turned over to MSN or high authorities? Did not want to just delete should something be questionable and might lead to something serious. THanks Tag: implications of disabling SMB/CIFS Tag: 75876
  - 18
    - Security Flaw: Any website can read your clipboard text Web sites you visit can retrieve data from your clipboard depending on your security settings. Go to this page (www.clipboard.googlemyway.com) and see if anything shows up in the box. If you are using Firefox or Opera you probably won't see anything. However, if you are using Internet Explorer then chances are that whatever you last copied into your clipboard will be displayed. Tag: implications of disabling SMB/CIFS Tag: 75871
  - 19
    - Diamond CS And Possible Name Change ??? Heck, I asked for a refund from Diamond over two months ago for their now defunct TDS program and thus far have heard nothing. I checked in on this board and their site about a month and a half ago and heard proclamations that an exciting new site with great new programs was "just around the corner" (where did I hear THAT expression before?!?!?), but alas, here we are 6 weeks later and it looks like all is status-quo. I could not find any new site, nor could I find any new products, nor did I ever find any information from Diamond CS regarding my (numerous) requests for a refund. Maybe they should change the name from Diamond CS to Diamond "BS"--- that seems to be what they specialize in! Tag: implications of disabling SMB/CIFS Tag: 75868
  - 20
    - Limit domain user logon to a unique workstation Hi there, I would like to know the procedure to restrict a domain user account(AD user) to logon to a single workstation (and no other PC, only that particular one) without creating a local user account on the machine. Is this feasible? Can someone help? Thanks in advance, Tag: implications of disabling SMB/CIFS Tag: 75867
  - 21
    - IE Flaw Puts Windows XP SP2 At Risk "CNET is reporting that a new flaw has been discovered in Internet Explorer that could enable a remote attack on systems running Windows XP with Service Pack 2, eEye Digital Security has warned. The discovery of this IE flaw comes just over a month after Microsoft issued a cumulative patch addressing three vulnerabilities for IE. The new IE flaw also adds to another vulnerability, discovered last month, that affects systems using Windows XP SP2." http://news.com.com/IE+flaw+puts+Windows+XP+SP2+at+risk/2100-1002_3-5868867.html?tag=nefd.top Imhotep Tag: implications of disabling SMB/CIFS Tag: 75863
  - 22
    - VPN and/or remote access Plug-Ins A number of companies are now using plug-ins to allow client desktop control for support/troubleshooting. QUESTIONS: 1) After the remote session is terminated, is there anyway to identify and locate the plugin installed by the support organization? 2) Is it possible to force the plugin to be installed into a specific directory/folder where the file system has permissions (NTFS assumed here since I don't believe FAT32 has folder permissions)? 3) If #2 is possible, will this contain the viewer from going outside (accessing or viewing) beyond the folder? 4) If not, is it possible for the client to contain the area where browsing can take place -- if so how? Thanks David Tag: implications of disabling SMB/CIFS Tag: 75860
  - 23
    - who could lock pages in memory Dear, all. Windows 2003 local security settings\user rights assignment\lock pages in memory, the default setting is: none is defined here. Could this mean nobody have right to lock pages in memory, or all body have this right? Thanks. Frank Tag: implications of disabling SMB/CIFS Tag: 75858
  - 24
    - CreateEvent fails with ERROR_INVALID_OWNER We're calling the Win32, CreateEvent, and it's failing with ERROR_INVALID_OWNER = "this security ID may not be assigned as the owner of this object". Here's the setup. We have a .NET class library (called .CAL) that calls into an unmanaged C-callable DLL (OMDAPI.DLL). The class library is hosted in a Web page. The Web page is running in IIS with anonymous access turned off. The web.config contains these entries: <authentication mode="Windows" /> <identity impersonate="true" userName="" password="" /> Therefore, we're trying to have the Web page impersonate the client browser's user. When OMDAPI.DLL connects to the ASPNET_WP process, during the DLL_PROCESS_ATTACH, it creates a static CSecurityDescriptor (from ATL). It calls InitializeFromThreadToken() on that CSecurityDescriptor. The DACL is null for this CSecurityDescriptor. The first user connects to the page, which calls into the class library which calls into the DLL. The DLL calls CreateEvent with a unique name and a SECURITY_ATTRIBUTES structure. The event name is generated from the username and some other data. Therefore, for each user, we're generating a different event name. The SECURITY_ATTRIBUTES structure is filled in with the CSecurityDesriptor (m_pSD) that was created during DLL_PROCESS_ATTACH. The first user's call to CreateEvent succeeds. I'm not 100% sure, but I believe this is the first time this security descriptor is actually used. The second user that logs in fails with ERROR_INVALID_OWNER. The second user is coming in from a different machine since we're using impersonation, it must be from a different user. It's been seen, sometimes on Windows Server 2003, that the second user gets in OK, but the third user fails. So basically, it fails after at most 3 users. The primary test platform has been Windows 2000. Now, OMDAPI.DLL has been around for a long time (6-7 years) and works fine in stand-alone, multi-threaded Windows applications. It has only started failing now that we're hosting this in a Web page. I've tried giving the ASPNET user account these privileges but they don't work: - administrator privileges - "act as part of the operating system" I haven't verified this, but it seems likely that each user is coming in on a different thread. The first user gets in and grabs ownership of that security descriptor. Then when the second user comes in on the second thread, it fails because it's already owned by the first thread/user. Does that sound reasonable? Some other things: - it's not in our class library because someone else wrote their own class library and called into OMDAPI.DLL and they get the same problem. - We're not trying to recreate the event name because it's different for each user. Any help as to why we're getting this ERROR_INVALID_OWNER would be greatly appreciated. Thanks in advance. Tag: implications of disabling SMB/CIFS Tag: 75852
  - 25
    - Error loading Roaming Profile - System detected a security comprom Getting this error when attempting to log in to a domain. Domain Controller is running Windows 2000 Server. ============ Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. ============ I am able to authenticate after logging in for functions such as internet browsing. Tried removing the computer from the domain and deleting the computer from AD, and reconnecting everything with no success. Tag: implications of disabling SMB/CIFS Tag: 75851

While designing a secure standard base image for WinSvr2003std the issue of
weather non-file servers need SMB enabled came up.
I proposed the alternative of OpenSsh which will allow file transfer and
remote execution over a secure and encrypted session.
Question: if we disable SMB what will stop working? SMS, AD software
distribution, Manage another computer?

Re: implications of disabling SMB/CIFS by Steven

Steven
Fri Sep 23 19:33:50 CDT 2005

You can disable the server service. You will lose the ability to use
Microsoft Baseline Security Analyzer to scan those servers remotely, lose
the ability to use Computer Management to manage them remotely, not be able
to run a RSOP on them in logging mode from a domain controller, use any
command line tools that rely on SMB, and probably a few other significant
things. Another solution would be to use ipsec to protect your servers. For
instance you could have an ipsec policy to allow all access to/from domain
controllers and only specific admin workstations for file and print sharing.
Ipsec negotiation policies require computer authentication and then can
protect data with encryption and insuring integrity. You can always use
Group Policy computer configuration to manage services at a later time. See
the link below on ipsec and a strategy that can be used to protect domain
computers. Ipsec strategy must be well planned and tested with special
attention placed on domain controller traffic being exempt from ipsec
negotiation with domain computers. The Windows 2003 Server Security guide
has specific recommendations on services for servers for baseline
configuration and based on role.

http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/W2003HG/SGCH00.mspx

"sd" <sd@discussions.microsoft.com> wrote in message
news:5D605A6F-F034-4D2D-A096-DA16D38E36A7@microsoft.com...
> While designing a secure standard base image for WinSvr2003std the issue
> of
> weather non-file servers need SMB enabled came up.
> I proposed the alternative of OpenSsh which will allow file transfer and
> remote execution over a secure and encrypted session.
> Question: if we disable SMB what will stop working? SMS, AD software
> distribution, Manage another computer?