remote access logons in Event Viewer

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Firewall If I enable the Windows firewall on my new 2003 Server Std x64 SP1 network server (Domain Controller, DNS, File and Print Server, WINS) the loads and saves of files across the network are very slow. I opened a port exception for my network but still very slow loads and saves. When I turn the firewall off I get normal loads and saves again. Do I even need a firewall on this server if I don't have the IP address for my ISP gateway configured in my network settings? Tag: remote access logons in Event Viewer Tag: 74256
  - 2
    - MAJOR Hacking Hi - have a big problem and unsure how to correct despite best efforts with router, personal firewalls, etc. Brand new computer worked well for 2 weeks until one day norton reported many programs (AIM, internet expplorer, svchost.exe etc) accessing the internet through unknown Modules. Since that point, it doesnt matter if i completely wipe out the system or not (which I have done x number of times now) it reverts back to accessing the internet through unknown modules. I am fairly confident that whatever is happening, it is forcing my internet information to be filtered through some other server whose IP seems to be masked to my firewall logs. My logs are filled with entries of only my internal ip address. Anyone have ANY ideas?: Tag: remote access logons in Event Viewer Tag: 74249
  - 3
    - Searching tool for FULL disc encryption (not only volume files) I am searching a tool which allows to encrypt a whole harddisc and not only a volume file as the most of the offered tools. Yes, I know TrueCrypt. But this tool has problems with large external USB drives. I got permanent errors from the TrueCrypt driver in big operations like copying 20000 files onto a TC encrypted harddisc (Doing the same with the same USB hatrddisc unencrypted show no error). Yes, I know also PGPdisk. But this tool can only exist with a running PGP installation. I need a tool which can be launched easily on demand (when I plugged in the external USB drive) BestCrypt, DriveCrypt offer only encryption of volume files. Which tools exist otherwise? Thomas Tag: remote access logons in Event Viewer Tag: 74248
  - 4
    - Bug in Kerberos SSP within SSPI?? We have been trying to gain a detailed understanding of what SSPI does when authentication fails. Unfortunately while much documentation exists for how ti works when it all works, the documentation on what happens when things go wrong is almost non-existent! For example, take the scenario where the client initializes a context for a service with the SPN of "userA@domain.com". However the service is actually running as "userB@domain.com". On the first call to AcceptSecurityContext, when the client's first blob is passed in, SSPI returns SEC_I_CONTINUE_NEEDED. Shouldn't it return a failure code since the ticket embedded in the security blob (token) is not encrypted with a key it can understand? We've also noticed the behaviour differs between an initial logon and once the workstation has been locked and unlocked. On an initial login: AcquireCredentialsHandle (client side) - SEC_E_OK AcquireCredentialsHandle (server side) - SEC_E_OK InitializeSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to server AcceptSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to client InitializeSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to server AcceptSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to client InitializeSecurityContext - SEC_E_WRONG_PRINCIPAL After locking/unlocking the workstation: AcquireCredentialsHandle (client side) - SEC_E_OK AcquireCredentialsHandle (server side) - SEC_E_OK InitializeSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to server AcceptSecurityContext - SEC_I_CONTINUE_NEEDED -> Send token to client InitializeSecurityContext - SEC_E_LOGON_DENIED Where is the behaviour different after the lock/unlock and why the extra roundtrip in the initial logon case? Any enlightment would be greatly appreciated given the black-box nature of SSPI :) We are running a W2K3 with SP1 running in W2K+ mode for the Domain controller and WinXP with SP2 for the workstations. Tag: remote access logons in Event Viewer Tag: 74247
  - 5
    - Eractic Behaviour from Win2k Server Hi I hope someone can help me. I have three domains in my network environment - Network A, Network B and Network C. Two domains are running Windows 2000 Server and the last is Windows 2003 Server. Each domain has its own Domain Controller. Domain C has two domain controllers. DNS is running within each domain and the Dns server for each network is itself. Each domain communicates with the other via a trust relationship. There is one DHCP server in the network allocating IP addresses to the client machines running Windows XP. My problem is as follows- I have a 256/512Kbps wireless internet connection and I noticed that our internet bandwidth has reduced significantly over the last couple of days. I used Ethereal to pinpoint which machine was hogging the bandwith. Ethereal results showed that the computer is querying www.cheaptickets.com for DNS information along with some other wierd sites. It is one of the Domain Controllers in Network C. I installed Microsft Antispyware to scan the machine for spyware but nothing was found. The Norton Virus defintions are up to date and it found no viruses when a scan was done. When I take this machine off the network the internet bandwidth returns to its normail behaviour. This machine is currently running Norton, Exchange 5.5 and Print services. What should be my next course of action to rectify this problem. The task manager does not show any unregular behavour within the Processes nor Performance tab. What could be causing my problem and what should I do to rectify the issue. PLEASE HELP. Regards Tag: remote access logons in Event Viewer Tag: 74241
  - 6
    - Windows XP/2000: Working without administrator rights Hoping some people can offer some advice. We have recently taken all users out of the Local Administrators group on their PCs (not our choice but the powers that be). All users are now either Users or Power Users. This has become a nightmare in that we now need to log users of and on in order to make any changes. I am after some tips to help make this easier. Here is what I am utilizing so far: - Remote Assistance (XP Only) - "Run As" from installing some programs Is there any way to do the following without having to log on as an administrator on their PC? - Modify the registry - Run System Tools (eg Disk Defragmenter) - Install programs - Modify the hosts file We have limited access to a single group policy for our OU but at this stage no rights to create additional ones. Happy to hear any scripting solutions as well. Tag: remote access logons in Event Viewer Tag: 74239
  - 7
    - Guest account access Hello everyone, Please help Im getting the following application error message when logged on as a guest; could not create entry(""+speedtouch connection+"" ) I want my friends to access my PC using the guest account. With this error i can't connect to the internet. I think its something to do with guest access control permissions. How can i solve this? Many thanx Tag: remote access logons in Event Viewer Tag: 74232
  - 8
    - Alternative for Norton Antivirus? I'm experiencing quite a lot of problems with Norton Antivirus and I was just wondering what virus scanner the members of this group were using (if any)? I used to be pretty happy with Norton but not anymore. Tag: remote access logons in Event Viewer Tag: 74231
  - 9
    - Display users rights for auditors Hi, for our IT auditors we need to show them what user permissions everyone has got within AD 2003. Especially the Admins. We just showed them (auditors) the built in Admin groups, but they are not happy with this and asked for a report on all users and what control they have. It and admin accidently adds a user to a admin group how would we know? I just hope you guys know of a solution we can put in place from now on. Thanks S Tag: remote access logons in Event Viewer Tag: 74228
  - 10
    - Patching Alpha NT Server Systems Hello, I have an old Alpha NT 4 Server box that is currently requiring patching. Will there be an issue installing the same patches for the Intel platform on this server? Do the exploits affect Alpha systems the same way as Intel systems? Finally, were there prior released updates for these Alpha NT systems before MS declared NT no longer supported? Thanks much, Paul Tag: remote access logons in Event Viewer Tag: 74225
  - 11
    - LsaSrv Event 6033 I started getting the following error error message on my Windows 2003 Domain server: An anonymous session connected from LOCALMACHINENAME has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller. The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1. Can somebody suggest a way of figuring out what application/service is trying to access the LSA policy anonymously? Thanks, Irina Tag: remote access logons in Event Viewer Tag: 74224
  - 12
    - Nessus vs MBSA My environment has 200 servers, in which 95% are MS Win2000/2003 OS's. We have few Unix boxes and clients are primarily WinXP. Do you think it makes more sense using Nessus or MBSA to scan our network for vulnerability detection ? I have experience no experience with Nessus, but if the goal is getting the Windows servers scanned, it seems to me that MBSA is a better approach. Please advise. Tag: remote access logons in Event Viewer Tag: 74217
  - 13
    - Is Browser using Localhost OK ? Hello, I see Netscape Browser trying to use Localhost in my Firewall Log that I usually Block, so I made Rule to Block it that I can change to Allow later if it is not a problem: Everything seems to work fine with it Blocked. Rule "Localhost NETSCP.EXE TCP-UDP" blocked (localhost,http). Details: Outbound TCP connection Local address,service is (0.0.0.0,1053) Remote address,service is (localhost,http) Process name is "E:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE" Everything else using Localhost is Blocked (I don't like being used as a server, Zombie or otherwise) but should I allow this one? Thank you for your help Kevin Tag: remote access logons in Event Viewer Tag: 74216
  - 14
    - TsInternetUser issues I am having events logged in Event Viewer and I am trying to figure this one out. Event Viewer shows - Event Type: Error Event Source: SAM Event Category: None Event ID: 12294 Date: 7/25/2005 Time: 5:31:41 PM Computer: MAIL1 Description: The SAM database was unable to lockout the account of ã? due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above. Data: 0000: a5 02 00 c0 Â¥..Ã? C:\WINNT\Debug\PASSWD.LOG shows - 07/27 01:49:52 Attempting password change server/domain HERITAGE for user TsInternetUser 07/27 01:49:55 SamChangePasswordUser2 on machine \\GFFS1 for user TsInternetUser returned 0xc000006a And these errors and events happen every 24 hours. I know Windows changes this password automatically every day to prevent hacking, but it appears to have forgotten the password. BTW - Users are able to use Citrix and I am able to use termianl services. I just want to keep my event viewer clean. -- Do NOT email replies as they do not benefit the community as a whole. Tag: remote access logons in Event Viewer Tag: 74214
  - 15
    - Disabling Shutdown and Restart Is there a way to disable shutdown but keep restart for the general user population through GP. Administrators will need the ability to shutdown while they are logged on to users computers. The computers will also have to have shutdown disabled at the login prompt but not restart. We have several tasks running throughout the night and some people just don't listen when told to leave their computers on. Tag: remote access logons in Event Viewer Tag: 74213
  - 16
    - Firewalls I'm sure this has been asked before... I have Windows xpsp2 (has a firewall), MS broadband router for a home network(has a hardware firewall), Norton IS2005 (has a firewall) and, finally, my service provider has given us free security package which also has a firewall. The obvious question is should they all be on? Should they all be off but one? Do I benefit from having them all on or does it affect performance? Which one should be on? The router firewall seems to be the logical one to keep on but then I keep getting alerts from xp that I don't have a firewall on. Norton keeps telling me that I have another firewall on and do I want to turn it off? Help! Tag: remote access logons in Event Viewer Tag: 74211
  - 17
    - Setting up WPA in Windows 2000 Hi, This is my first Wi-Fi network. I am using a Belkin Pre-N router and Pre-N notebook (PCMCIA) card. I am trying to setup WPA encryption under Windows 2000 Pro. All documentation I have seen shows Windows XP. Can WPA work under Windows 2000? Also, are there drawbacks to WPA over WEP? Someone here posted that netcams don't work with WPA. Thanks for the help. Tag: remote access logons in Event Viewer Tag: 74210
  - 18
    - What is the earliest version with full harddisk encryption (not only files) ? When I looked into v6.0.2 I had to recognize that PGPdisk encryptes only files as volumes. Afaik there are newer versions which encrypt complete harddisc devices as well. What is the earliest version which is capable of doing this? Thomas Tag: remote access logons in Event Viewer Tag: 74205
  - 19
    - Windows security out of date My windows security is out of date, but I also have McAfee virus scan 8.0.0 do i need to download another AV I am running wxp sp2. Also can I unistall the windows security center... thank you in advance wendy Tag: remote access logons in Event Viewer Tag: 74196
  - 20
    - letter from technet (not!) i got the following letter - watch out it is a phony and dangerous. came from Security Assistance [zczruklrzf@technet.com] Warning: This message has had one or more attachments removed (Patch79.exe). Please read the "ITOL-Attachment-Warning.txt" attachment(s) for more information. Microsoft All Products | Support | Search | Microsoft.com Guide Microsoft Home MS Customer this is the latest version of security update, the "July 2005, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run code on your computer. This update includes the functionality of all previously released patches. System requirements Windows 95/98/Me/2000/NT/XP This update applies to MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later Recommendation Customers should install the patch at the earliest opportunity. How to install Run attached file. Choose Yes on displayed dialog box. How to use You don't need to do anything after installing this item. Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us. Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies. -------------------------------------------------------------------------- The names of the actual companies and products mentioned herein are the trademarks of their respective owners. Contact Us | Legal | TRUSTe ©2005 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility Tag: remote access logons in Event Viewer Tag: 74189
  - 21
    - How to view wireless clients in Win2000 network? Hi, how do I view a wireless client in a Win2000 domain network? Currently, I'm testing out accessing our network using a RADIUS server (Microsoft IAS Server) using PEAP-MSCHAPV2. However, we need to view who is currently connected to our network via the wireless AP. TIA. Tag: remote access logons in Event Viewer Tag: 74188
  - 22
    - EFS / CRL / Laptops ? We have a W2K3 Enterprise (domain-joined) Certification Authority which issues a diverse group of certificates â?? smartcard logon, code signing, client auth, etc. Because of these functions, it publishes its CRL every twelve hours, and in a location visible only from inside the enterprise. If we issue EFS certificates from this server, for use on laptops, what will happen when they are off the network? If the user is on an airplane on a two day journey â?? or otherwise unconnected past the expiration of the current CRL â?? will the EFS certs work ok, or will they eventually not be usable for encryption? If that's the case, would the laptop self-generate a cert instead? -- Lynn Tag: remote access logons in Event Viewer Tag: 74187
  - 23
    - PKI S/MIME issue Has anyone seen an issue where an email should be encrypted, but for some reason is not? I have captured several e-mails in my system that have headers that would suggest encryption was intended. When I take a look further into the email, it is obviously not encrypted. The header that would suggest encryption is: Content-type: application/pkcs7-mime;smime-type=enveloped-data;name=smime.p7m Any help appreciated. Tag: remote access logons in Event Viewer Tag: 74186
  - 24
    - Logon Interactivly one of the xp sp2 clients is getting "Local Policy of This System Does Not Permit You to Logon Interactively" regardless what account I use. cannot logon locally with local admin account because password has been changed from default I use for every new pc install somehow (i'm saying somehow because policy does not allow users to be in local admin group so they are not able to change local accounts passwords anyways) here is what I did, create new OU | move this one PC to this OU | create GP that allow 2 doman users to logon locally | now if I use one of these users to try to logon I do not get this message but here is how it behave: - I logon then get "applying sec policy message - then, is see logging off message - then, I get saving your settings and I'm back to login screen any idea what else I can try? Tag: remote access logons in Event Viewer Tag: 74180
  - 25
    - policy for one computer "this computer has been locked by" I have one computer that is in a shared area and people keep walking away from it without logging out. The result is that it locks them out. How can I change this feature on this one computer. It's in a windows2000 domain, I am the admin. I want to change the policy on this computer only. I have changed policies for all, but not just one. thanks Tag: remote access logons in Event Viewer Tag: 74174
- Next
  - 1
    - WINDOWS 2003 BLUE SCREEN Dear all I have a filserver within my organistion running on a Windows 2003 server platform, I have recently installed the Windows updates for July, however when I restarted the server it took an extreemly lengthy time to start up and in the end the blue screen appeared. I then restarted the server is 'Safe Mode', rebooted the server in 'Windows' normal mode, checked the event logs and I noted down the following Event ID with Error Messages: - EVENT ID: 1003 CATEGORY: 102 ERROR CODE: 0000007a, parameter1 e1402d14, parameter2 c0000185, parameter3 bf9194b0, parameter4 2f668860. I have rang Microsoft with no success, anyone who has experienced a similiar problem or has any advice/recommendations please post them. KR BrunoDJ Tag: remote access logons in Event Viewer Tag: 74172
  - 2
    - Determining security on an NT server I need to find a way of analysing an NT server to see where there rights and security groups are and what permissions they have been given. The data on the server I am looking at is going to be migrated onto another server but I need to determine what security is in place in order to migrate that security across to the new server. Is there a quick way to do this? maybe with a shareware tool or Microsofts own resource kit? Thanks for your help Mal Tag: remote access logons in Event Viewer Tag: 74171
  - 3
    - Upon Logon, IE Trusted Sites trying to automatically be added -- help. I am certain that many users have already posted requesting help with this. However, as I have just setup my newsgroups reader, I am failing to find help with this during any of the searches I have tried. With that in mind here goes... I am running Windows XP Pro (Svc. Pack 2) and was attacked several weeks ago by something that reset my home page to about.blank. Very annoying. I researched on the Internet and found some wonderful advice which lead me to the offending files and registry entries -- all of which I removed successfully! Yeah! Except there is this one lingering issue -- Trusted Sites attempting to auto-add themselves to my IE Trusted Sites list. Now, the only reason I am aware of this is because I am currently running what is most likely quite an outdated MS AntiSpyware software (probably the beta version still). Every time I logon, I get several "green" messages from this software informing me of allowed items (of which I am not concerned), but at the end I am always getting an alert ("blue" alert) informing me of some site trying to be added to the Trusted Sites list in IE. Each time, it is a different site (e.g. just now solongas.com tried to be added automatically). Now, each time this alert pops up, I choose to block it and everything seems fine. However, it is very annoying to have to do this extra step after logging on every single time. Is there a procedure I can perform to detect the root cause of this auto-adding functionality and remove it? I suspect there are some rouge registry entries and/or some bad files in my filesystem which, once deleted, will no longer attempt to add any sites to my IE Trusted Sites list automatically. I greatly appreciate any and all suggestions. Many thanks. Jared Schrag Tag: remote access logons in Event Viewer Tag: 74162
  - 4
    - got hacked this weekend fully patch, anti virus up to date wasn't running ms spybot beta, but it didnt' see anything after the fact on scan files in c:\winnt\system32 as.exe mt.exe let.exe zp.exe esmb.exe skill.exe s.exe wpa.dbl files in c:\inetput\extranet\scriptlibrary rt.asp msg.asp ( lets you upload files ) c.exe (rename of cmd.exe) lanping.asp (shows files in inetpub. web is in korean or chinese, my files are in english) rz.asp (lets you upload files) ideas on how they got in? google says as.exe is from zorro or scorpio worm not much in logs, firewall shows them (i have ip addresses) downloading, but i can't find any uploads advise? thanks mike Tag: remote access logons in Event Viewer Tag: 74161
  - 5
    - VPN Connection Using RASDIAL.EXE Hello, My VPN connection is working fine while using GUI. When I am trying to connect the same connection using rasdial.exe ( rasdial "all connect") I am getting Remote Access error 691 - Access was denied because the username and/or password was invalid on the domain. Error. At the same time when I am connecting the VPN Connection using GUI and disconnecting the same from command line ( rasdial "all connect" /disconnect) it's working - that means it's disconnecting. I am missing something while connecting.... what is it? Thanks & Regards Suraj Jadhav Tag: remote access logons in Event Viewer Tag: 74160
  - 6
    - Can PGP and GnuPG share the same keyrings? Is it possible to install both, the PGP (v6.5.8) and GPG on one Windows system and let them share the same keyrings? Gerd Tag: remote access logons in Event Viewer Tag: 74158
  - 7
    - Can IPSec connect 2 VPN Clients or is ALWAYS an IPSec server needed ? As the subject already asked: Do I always need an IPSec server to establish an IPsec connection or is something like an ad-hoc (similar to WLAN) IP-sec connection between two clients possible? Peter Tag: remote access logons in Event Viewer Tag: 74157
  - 8
    - Recurring Event Id: 529, Windows 2000 SP4 Hello, I have been seeing failed secuirty audits that happen every ten minutes on the dot. These are occurring on our Domain controller. Details are as follows: Event ID:529 Logon Failure Reason: Unknown user name or bad password User Name: Administrator Domain: <Our local Domain> Logon Type: 4 Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_VI_0 Workstation Name: <Our Domain Controller> Do you guys have any idea what could be causing this? I have searched Microsoft's Knowledge base and have come up with articles: http://support.microsoft.com/default.aspx?scid=kb;en-us;811082 and http://support.microsoft.com/default.aspx?scid=kb;en-us;312827 This is on a Windows 2000 SP4 Server platform with Windows XP SP2 workstations. Any Idea how to resolve this problem? Thanks in Advance, Nate Tag: remote access logons in Event Viewer Tag: 74156
  - 9
    - rsa key pair generator in jscript or com Can anybody point me to a jscript or com implementation for a opensource key generator for rsa key pair's? Thanks, Kees. Tag: remote access logons in Event Viewer Tag: 74130
  - 10
    - Quota information not returning user name When I view my Quota Entries, it does not return the users name, only the SSID (?). What should I check? TIA Tag: remote access logons in Event Viewer Tag: 74129
  - 11
    - How to get post SP2 WinXP security updates to get burned in a CD? Hi, Saturday I installed WinXP on a PC. I connected to the net to get security updates and immediately the LSASS service got hacked and made restart the PC. I was less than 5 min connected!. Some time ago I posted a message asking how to download all the security patches for Win98 in order to burn them in a CD and apply to a non connected PC. I was suggested to go to http://v4.windowsupdate.microsoft.com/catalog/en/default.asp . That worked fine. But now I want to do the same for a WinXP SP2 system (I mean, download all critical security updates post SP2) but the results I receive are all .NET related updates. What is wrong? How can I get all security patches to burn in a CD? Thanks in advance Sammy Tag: remote access logons in Event Viewer Tag: 74125
  - 12
    - Internet Security After recently having problems with my internet security suite I have decided to change it. I previously had Norton Internet Security 2005 but after stop allowing things to connect to the internet and not allow any changes to be made. I wonder if anyone can tell me what are they think are the best ones to use for things like anti-virus and stuff. Any help would be appreciated. Sean Tag: remote access logons in Event Viewer Tag: 74117
  - 13
    - cannot get into e-mail at hotmail Hi, I keep trying to get into my hotmail e-mail account & it starts loading it, then it gets to 30 percent and then a box pops up that says that server cannot find my e-mail account and to try again later. This has been happening for the last two days. My friend tried getting into her e-mail account from my computer and she got right in, and then I tried getting into my e-mail at her house and it wouldn't let me in, but it let her into her e-mail at my house and her house. I want to get into my e-mail what is going on? KELLS. my email is kells197924@hotmail.com Tag: remote access logons in Event Viewer Tag: 74112
  - 14
    - Terminal services oddity I am currently working on a server that is 10 feet from where I sit. I'm using my laptop to connect and configure via Terminal services. Because the server is in a default mode of locking after so many minutes of non use, the server locked me out. Obviously this is of little consequence if I have the password - I do, I am the one who set the password. However, the server is not recognizing the password that I set???!??! When I get up and walk to the server and physically enter the password on the server directly (not through Terminal services) I am allowed access. The server recognizes the password I set. But when I go back to my laptop and terminal server connection, I find the serve denies my access and sites incorrect password as the reason. Cap locks is not on - there is no apparent reason for this, can someone please offer advice- I'm clueless. Thanks Tag: remote access logons in Event Viewer Tag: 74111
  - 15
    - cannot apply KB901214 I have approved the security patch MS05-36 (ICC color module) in SUS and it has been pushed out to clients. However, when I attempt to install the patch on a client (W2k, WXP, W2k3), it returns immediately with nothing installed. No log is generated and no files modified. I have rolled out many patchea successfully in the past. What's happening? Thomas Tag: remote access logons in Event Viewer Tag: 74105
  - 16
    - exe programs I HAVE UPGRADED FROM WINDOWS 98 SE TO WINDOWS XP PRO SPACK2. I HAVE NOTICED WITH XP A NUMBER OF EXE PROGRAMS THAT I DID NOT SEE BEFORE UNDER WIN 98. THESE APPEAR ON MY FIREWALL PROGRAM ZONEALARM. I HAVE CHECKED THESE OUT AND ALTHOUGH ADVICE IS THAT WINDOWS HAVE PROGRAMS WITH THESE NAMES, SO DO TROJANS. THEY WARN TO BLOCK/DELETE. ARE THESE WINDOWS PROGRAMS OR NOT/?. HOW CAN I TELL?. EXAMPLE...mqsvc.exe spoolsv.exe dumprep.exe IN THE MEAN TIME I HAVE BLOCKED, BUT DO NOT KNOW IF THEY ARE OR WILL STOP WINDOWS FROM OPERATING NORMALLY. PLEASE ADVISE ME. Tag: remote access logons in Event Viewer Tag: 74103
  - 17
    - Domain Name in Logon Screen I somehow made it so that a place to enter my domain name does not appear on my XP Pro logon screen. Even when I select Options, rather than displaying the space like it normally would, they is no box, however there are the letters "EN" on the left side of the window. Also, when I type in what I consider to be valid username and passwords (both user and administrator), it says they are wrong. How can I get the domain box to appear? Why don't my passwords work any more? Rod Tag: remote access logons in Event Viewer Tag: 74096
  - 18
    - Windows does not recognize my password unless I reboot. If say I hit the Windows key + L to lock the computer. Sometimes when I go to log back on it says ive typed the wrong password and wont let me log on. If I reboot the computer then type in my password it lets me log on just fine. Mind you this not being able to log on when I enter password does not happen all the time., but I am noticing it more often now. Its like sometimes it remembers what my password is and lets me log on and sometimes it does not. I can tell you that I am putting in the right password because when I re-boot it works fine. Please any advice would be appreciated Matthew Tag: remote access logons in Event Viewer Tag: 74087
  - 19
    - security and DSL Hi, I have used dial up since I first started using computers only 3 years ago; and today, I am going to set up my new qwest dsl modem and all. it will only involve one pc. i have a few security questions. do I need to do anything with my firewall, AV, etc before or after I do the installation? anything of importance that you can add, I'd appreciate it as I am new to dsl. win xp home, sp1, zonealarm, AVG, ad-aware thanks in advance Tag: remote access logons in Event Viewer Tag: 74077
  - 20
    - subordinate ent CAs don't publish certs to AD after Win 2k3 SP1 Hi, my system consists in a single windows 2003 domain. Iâ??ve got an enterprise root CA installed on a Domain Controller and a subordinate enterprise CA on another server, which issues only secure email purpose certificates. These two servers runs both Win 2003 enterprise ed. Before having the SP1 installed on both servers, everything goes well: subordinate CA issued certificates and publish them to AD with autoenrollment process. After having SP1 installed on both servers, users cannot autoenrolls certificates and, if enrollment is done manually, i.e. by web server, subordinate ca issues the certificates but DOES NOT publish it on AD. On event viewer I always see the warning (source: certsvc; event id: 80) Certificate Services could not publish a Certificate for request 9 to the following location on server testup.prova.upg: CN=user_test,CN=Users,DC=prova,DC=upg. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344). ldap: 0x32: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Note that if the same kind of certificate is requested to the domain controller's CA (the root CA), this will be published to AD! any ideas? I've already checked that: 1) Both server with root CA and subordinate CA are members of Cert Publishers Group, and this group has got permissions to read and write the userCertificate attribute on users. 2) The brand new security group added by SP1 installation in the AD structure CERTSVC_DCOM_ACCESS contains both Domain Users and Domain Computer groups. I've added also the Domain Controllers group, but nothing changed. PLEASE help me, Iâ??m really in a mess!!! Thanks in advance!!! Tag: remote access logons in Event Viewer Tag: 74074
  - 21
    - Group Policy with Terminal Server I have a GP for users that locks their desktop and runs a screen saver. However this also works with Terminal Server (and Citrix). The problem is screensavers take up loads of CPU how can I stop the screensaver running on Terminal Server. Thanks SW Tag: remote access logons in Event Viewer Tag: 74072
  - 22
    - PKY gurus: why it is not necessary to install a cert under "Public http://download.microsoft.com/download/6/9/0/690d2ee7-a4e0-4c0a-80d4-1e30ebcac1de/isa_2004_ee_configuration_guide.doc An important question: In order to make my ISA 2004 EE array members communicate with ISA Configuration Storage Server, I follow the procedures below and I import the ISA Configuration Storage Server into the "Array member" Trust Root Certification Authorities Computer Certificate Store. Can you explain why I don't need to put the cert under "Certificates (Local Computer)/Personal" store as well ? Installing CA Certificates in Each Array Member's Trusted Root Certification Authorities Computer Certificate Store For the firewalls in the enterprise array to trust the server certificate installed on the Configuration Storage server for authentication, the certification authority (CA) certificate of the enterprise CA must be installed on each array member. You can use the enterprise CA's Web enrollment site to obtain the CA certificate. Perform the following steps on each of the computers that will participate in the enterprise array (array-1 and array-2 on your sample network): 1. Open Internet Explorer, and then enter http://10.0.0.4/certsrv (where 10.0.0.4 is the IP address of the enterprise CA) in the Address bar and press ENTER. 2. Enter a valid user name and password in the Connect to dialog box and click OK. 3. Click Add in the Internet Explorer dialog box to add the site to the list of trusted sites. 4. Click Add in the Trusted Sites dialog box to add the site to the list of trusted sites. Click Close. 5. On the Welcome page of the Web enrollment site, click the Download a CA certificate, certificate chain, or CRL link at the bottom of the page. 6. On the Download a CA Certificate, Certificate Chain, or CRL page, click the Download CA certificate link. 7. Click Save in the File Download dialog box. 8. Click Save in the Save As dialog box to save the CA certificate to the desktop. 9. Click Close in the Download Complete dialog box. Now you need to import the CA certificate into the array member's Trusted Root Certification Authorities certificate store: 1. Click Start, and then click the Run command. In the Run dialog box, enter mmc in the Open text box and click OK. 2. Click the File menu in Console 1 and then click the Add/Remove Snap-in command. 3. Click Add in the Add/Remove Snap-in dialog box. 4. Select the Certificates snap-in from the Snap-in list in the Add Standalone Snap-in dialog box. Click Add. 5. On the Certificates snap-in page, select the Computer account option and click Next. 6. On the Select Computer page, select the Local computer option and click Finish. 7. Click Close in the Add Standalone Snap-in dialog box. 8. Click OK in the Add/Remove Snap-in dialog box. 9. In the left pane of the console, expand the Certificates (Local Computer) node, and then expand the Trusted Root Certification Authorities node. 10. Right-click the Trusted Root Certification Authorities\Certificates node, point to All Tasks, and click Import. 11. Click Next on the Welcome to the Certificate Import Wizard page. 12. On the File to Import page, click the Browse button to locate the CA certificate you downloaded from the Web enrollment site. When the certnew.cer file appears in the File name text box, click Next. 13. On the Certificate Store page, accept the default settings and click Next. 14. Click Finish on the Completing the Certificate Import Wizard page. 15. Click OK in the Certificate Import Wizard dialog box informing you that the import was successful. Repeat the procedure on the second member of the array (array-2) so that the CA certificate of the enterprise CA is placed in the second array member's Trusted Root Certification Authorities computer certificate store. Tag: remote access logons in Event Viewer Tag: 74059
  - 23
    - User sharing personal folder in AD domain '03 Server AD Domain w/ XP Pro Clients Question: I have a couple users who are sharing folder(s) on our domain. Giving other users access rights to them. We have mapped "home" drives as well as departmental shares where they can store there info. The previous network engineer was not the best, would go as far as deleting users info out of malice. It has been dificult to gain the users trust. How can I go about getting them to put all there info on the network shares and stop sharing files from there workstations? Also, what are the security risks invloved? My goal is to provide documentation that states this is best practice. Thanks in advance C. Tag: remote access logons in Event Viewer Tag: 74054
  - 24
    - EAL / ITSEC Security accreditation of Windows XP Hi, Can anyone tell me what (if any) security accrediation windows XP has? Windows NT has been certified to E4 (http://www.cesg.gov.uk/site/iacs/index.cfm?menuSelected=1&displayPage=152&id=16), but none of the newer operating systems appear on the list. Is there any plan to certify XP? It makes it a lot easier to use the OS in certain applications if it has been certified E3/ EAL 4 thanks Tag: remote access logons in Event Viewer Tag: 74044
  - 25
    - Lost security tools I am running xp Home Edition and when I tried to login as administrator I go the message "Unable to log you on because of an account restriction). I went to "Administrative Tools" and my "Local Security Policy" was gone. Then I went to "Computer Management" and under "System Tools" my "Local Users and Groups" are gone. How do I get them back so I can log in as administrator? -- Thanks: Wayland Tag: remote access logons in Event Viewer Tag: 74041

I need to find out if someone is logging on to our sever via remote access
desktop. Is there an Event Log entry to indicate access via RAD?

Top

RE: remote access logons in Event Viewer by WongTuckWah

WongTuckWah
Thu Jul 28 22:43:03 CDT 2005

I suppose you are refering to Remote Desktop Connection, right?

Yes, on the PC that are being RDC-ed, in the security log there will be an
event ID 528. This event will show the user who logon and the client IP
address from the RDC-ing PC.

HTH.

Top