tracking copy transaction

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - using WSUSSCN2.CAB Hello, I am trying to find a way to obtain the list of patches and security updates that should be installed for specific Microsoft operating systems and applications. It has to be some sort of list, which depending on the operating system or application given, it brings the list of patches or updates that should be installed. I would like to know if this information can be obtained from the WSUSSCN2.CAB file and how. The KB article 927745 brings some information on this issue, but I find it quite cryptic and incomplete. Using MBSA and MBSACLI are not an option, because they both require administrator rights. Thank you for your attention! Tag: tracking copy transaction Tag: 94361
  - 2
    - mrt.exe I just did autoupdates along with the Malicious Tool thing. I found an mrt.exe on my C drive but it's dated 8/2/07. Is that normal? Tag: tracking copy transaction Tag: 94355
  - 3
    - Malicious Software Removal Tool - signs that it was running I just did autoupdate and included the removal tool for the first time. Did it run while loading all the other updates? It's supposed to, but I expected it to take longer, since it scans the whole disk, doesn't it? But the whole update took, as usual, only 5-10 minutes. Tag: tracking copy transaction Tag: 94354
  - 4
    - System Crash and Data Recovery Anyone here knows how to recover data from a backup NTFS drive? I use the drive to back up my data. However, after system is crashed and reinstalled, some files is not accessible anymore. I found some file saved a few months ago is ok. Those saved recently are not accessible. I am not sure what setttings have been modified. Appreciate the help to let me know how to recove the data. Tag: tracking copy transaction Tag: 94353
  - 5
    - Unable to log on - Unknown Admin Password Hi To explain the situation, we currently have a Windows Storage Server 2003 R2 which has been reporting errors of â??Windows cannot determine the user or computer nameâ??. This has been experienced previously and overcome by adding the server to a Workgroup, rebooting, logging on to the server locally, then reconnecting the server to the domain. However, unfortunately the particular server in question was configured by a contractor who, predictably, never gave us the local password. Therefore I currently have a Storage Server which is no longer on our Windows 2000 domain and which I am unable to log onto to reconnect to the domain. As i'm sure you will agree it is a bit of a problem! So my questions are: a) is there any way to reconnect the server to the domain without logging on locally? b) if the answer to the above is no, what is the best way to recover the local administrator password? c) Any other suggestions? I would be very grateful for any advice anyone could give me with this. Many thanks James Tag: tracking copy transaction Tag: 94350
  - 6
    - Microsoft PKI problem with domain controllers (autoenrollment) Hello everybody, I have the following problem on my AD-Domain (3 Domain Controllers with MS-PKI): all the domain controllers have recurrent errors in the Application Event Viewer that say: "Automatic Certificate Enrollment for local system could not find a valid certificate templete to match DomainControlleras specified in the group policy automatic enrollment object. Enrollment will not be performed." The "DomainController" template is the standard template, which I have removed from the "Certificta templates to issue" container. Besides, I have created a new personnalized DomainController template, called MyDomainController, which is accepted by all the CDs, i.e. all the 3 of them have been issued a valid certificate. Nevertheless, all domain controllers still ask for a "DomainController" Certificate, although there is no entry at all in the Default Domain Controller Policy (--> Computer Settings --> Windows Settings --> Security Settings --> Public Key Policies --> Automatic Certificate Request Settings). If I try to reintegrate the "DomainController" template on the CA to -- > Certificate Authority --> My CA --> Certificate Templates: New Cert Template to issue, I get the following error: "The template information on the CA cannot be modified at this time. This is most likely because the CA service is not running or these are replication delays. One or more certificate templates to be enables on this certificate authority could not be found. The changes can be saved to Active Directory and retrieved by the CA next time it is started. Do you want to save the changes to Active Directory?". Clicking "Yes" and restarting the CA does not solve the problem... Did anyone have the same problem? Any ides? Thanks in advance, Grovnasch Tag: tracking copy transaction Tag: 94349
  - 7
    - To prohibit creation or access of a particular file type? Hi all, Is there any way in Windows XP to prohibit user from creating and accessing a particular file type like ".mp3"? if not, is there any third party tool to do it? Thank you, Samuel Tag: tracking copy transaction Tag: 94346
  - 8
    - Malicious Software Tool - is it worth it? I've never downloaded or used the Windows Malicious Software Removal Tool. I download the patches every time and I use AVP antivirus and Spybot (I use XP SP2). Should I bother with the Removal Tool? Tag: tracking copy transaction Tag: 94334
  - 9
    - Cannot Uninstall Windows Defender I go into add/remove programs and try to unistall windows defender and it say it cannot find windowsdefender.msi and asks me for an install disc. I searched my machine and the file does not exist. This is a real problem because I am trying to install Norton 360 and it says I must uninstall windows defender first. I only briefly used the beta version and somehow after beta expired some files were deleted or corrupted. I also tried to install new version of windows defender but I get the same error message about file not found and I need to use install disc. Tag: tracking copy transaction Tag: 94332
  - 10
    - Removing viruses from another hard drive. Hi I have spent days and days trying to find an answer to the following. I have run antivirus/malware programs for years on my machine and most of the time keep it reasonably clean of bugs, so I know all about removing stuff from a live, connected to the internet computer. What I would like to know is, how does one remove viruses from a second computer which has no internet, or an ineffective antivirus/malware. Is it possible to slave the hard drive to an up to date computer and scan from there without collecting all the bugs from the slave drive? Or does one have to setup antivirus programs on the infected computer and update manually. However what happens if it is dead, and cannot start due to the infection. I know this is probably basic stuff but any help would be appreciated. Wombat -- Eats, roots and leaves. Tag: tracking copy transaction Tag: 94330
  - 11
    - log off script that prevents loggoff if user has app open Users are logging off in terminal server without shutting down a certain msaccess application . My solution which I haven't implement yet, is run a logoff script that checks whether the LDB is present in the local directory and prevent logoff if it exists. Problem is, users could close the batch file and bypass shutting down the application correctly. Is there another better approach?? cheers Astro Tag: tracking copy transaction Tag: 94329
  - 12
    - Test This is just a test Tag: tracking copy transaction Tag: 94327
  - 13
    - invalid certificate Hi, I have just installed windows certificate service and selected an enterprisse root ca. I then issued a certificate to the default website for enabling OWA over HTTPS. All seemed OK, but when users connect to the OWA site the certificate cannot be installed into the trusted root CA. When viewing the certificate, it says "This certificate cannot be verified up to a trusted certificate authority". Is this normal for windows CA? or there is something wrong in installing the CA and creating the certificate? Thanks in advance, Tag: tracking copy transaction Tag: 94324
  - 14
    - SSL VPN:Poor performance & memory resources I notice that I connect via SSL VPN to my organization. Then I launch RDP (Remote Desktop) and connect to my machine at work. In the first 15 minutes or so, response time is great. Then gradually I notice that things slow down;graphics in documents do not appear as promptly anymore, I attempt to reply to e-mails and it takes seconds untill I see the window to let me type, etc. I am using Vista with 1GB RAM memory. I have a co-worker using XPSP2 from a machine with 1GB RAM and he reports same behavior when using the SSL VPN. I notice that if I reboot my machine, I connect again to the same RDP session and response time is good. Then I start using my machine at work via RDP, and things slow down again. My question is: How sensitive is a client machine if SSL (in this case, SSL VPN) process is in place? I know SSL is intense on the server side and I do have an SSL acceleration card on the VPN gateway, but I would like a confirmation on whether an SSL connection like this would also make memory a more sensitive resource. My user experience with my machine is fine other than this, and therefore I am trying to determine whether limited memory in the client side could be the cause of this. Tag: tracking copy transaction Tag: 94313
  - 15
    - Find SID for the Windows 2000 domain user remotly Hi, I want to find the SID of Windows 2000 domain user. I tried psgetsid.exe and it works for Windows 2003 not for windows 2000. Can you please anyone help me? Brahmaji Tag: tracking copy transaction Tag: 94309
  - 16
    - VPN with User Certificates on TPM Hello World ! Does anyone has done allready a project with Windows Server 2003 PKI and user certificates stored in TPM (Trusted Platform Module) on Windows XP SP2 clients ? Searching for White Papers... booster -- ~~~~~~~~~~~~~~~~~~~~ ..is an MCSE 2003 and MCDBA ~~~~~~~~~~~~~~~~~~~~ Tag: tracking copy transaction Tag: 94307
  - 17
    - CRL Distribution Point on http://pki.companyname.com/certdata Hello Just installed a 2 tier PKI with Offline Root CA and 1 online issuing CA with the WebComponents. Everything works, PKI View ist all Green. But, what if a new CRL is published ? LDAP publishing works, the new CRL is published. The http location is not updated, it's a manually created directory and available on the IIS as virtual directory. the *.crl's are not updated there, do i have to copy the new published crls from c:\windows\system32\certsrv\certenroll ??? Or did i miss something ? Regards. booster -- ~~~~~~~~~~~~~~~~~~~~ ..is an MCSE 2003 and MCDBA ~~~~~~~~~~~~~~~~~~~~ Tag: tracking copy transaction Tag: 94302
  - 18
    - No credentials being passed across network with Windows Authentica I cannot remotely access SQL Server 2005 with Windows Authentication with a specific login (I get the error 18452 "this user is not associated with a trusted login.."). I ran a trace with the profiler and it shows that no values are being passed for the login/credentials. I can login to the server locally just fine with the login. Windows Authentication works with the same login work against another SQL Server machine. What could be specific to the login or the server that would cause the credentials not to be passed. -- John Shahan Tag: tracking copy transaction Tag: 94301
  - 19
    - Need help with CAPICOM Security APIs Not sure if this is the right newsgroup for this question. I have a simple task that I need to perform. I want to be able to pragmatically verify that an EXE file contains my signed certificate. I was looking at the CAPICOM classes and it appears that there are class APIs that I can use. However, I am not sure exactly what I need to do. I created a SignedCodeClass and set the SignCode.Filename member equal to the EXE file that I want to check. Then, SignCode.Verify function is called to verify the validity of the certificate. However, I want to go one step further and verify that the certificate is my certificate. Could someone please offer some information on how I can do this? -- --------------------------------------------- Ken Varn Senior Software Engineer Diebold Inc. MailID = varnk Domain = diebold.com --------------------------------------------- Tag: tracking copy transaction Tag: 94300
  - 20
    - [SOFT TOOL EXE DLL ISO C PHP NIX WIN CISCO] search & download === www.GEGEREKA.com Project of the year: Incredible unique search machine like nothing on earth. any kind of useful data: WIN,NIX,CISCO,MAC,DLL,PHP,EXE,ISO, ...and much more Millions files for everyone. Also music, movies and other media. http://www.GEGEREKA.com : THE LORD OF DOWNLOADS. Tag: tracking copy transaction Tag: 94299
  - 21
    - Prevent Unauthorized PCs to connect on the LAN Is there any way that I can prevent any "rogue" PCs to connect on the company's domain? I'd like to avoid people bringing their laptops or Pocket PCs and connecting on the LAN. Thank you! Tag: tracking copy transaction Tag: 94279
  - 22
    - Domain Controller Security Please guide me, How to ensure the level of security of the domain controller on Win2003 Server Platform, and also detail how the security can be tighten. Shanthi Tag: tracking copy transaction Tag: 94278
  - 23
    - User Profile on Windows 2003 Server I found some user profiles are being created in our Win2003 server (DC). I am sure nobody can logon to the server unless the user is administrator or equivalent. Please detail how this is getting created. Shanthi Tag: tracking copy transaction Tag: 94277
  - 24
    - Windows Server Builtin Firewall I am running my domain controller on Win2003 server platform. By default the windows firewall was on. I turned off, hence the users are not able to login to the domain. I just want to turn on the firewall and give an exception for the same. Please guide us how to do the same. Shanthi Tag: tracking copy transaction Tag: 94276
  - 25
    - File Replication My Domain Controller is in Win2003 Server platform and having some shared folders. I want to replicate the files on the shared folders to another member server which is also in Win2003 Server platform to avoid the inconvenience of the daily backup. Hence the backup process is taking a long time everyday. I would like to plan the replication of the shared folder files to replication server on schedule basis. Please do let me know is there any solution available in windows for the same. Shanthi Tag: tracking copy transaction Tag: 94275
- Next
  - 1
    - Computer cert/User cert 802.x Authentication query Hi there, My question is this: we have our wireless setup pretty much identical to the description in this white paper: http://download.microsoft.com/download/f/d/d/fdd4d246-eabe-4a3e-a935-358532b5c168/StepSecureWirelessAcc.doc#_Toc100984847 We have a working, established PKI infrastructure and all Cisco 1100 ap's globally. We are using microsoft IAS with both a user and computer RAP. both of these appear to work fine and the network is firmly in production. It seems to work very well on the whole, machines are connected whilst users arent logged on so they receive gpo updates etc, when a user logs on they authenticate fine, providing they have previously been on the computer whilst it is connected to a wired network. If they havent been on the machine via a wired connection before there first log on on that machine then the machine does not have a local copy of their certificate, neither can it auto-enrol their certificate as it has no connectivity once they are logged on. Consequently the wireless sticks on authenticating or "no certificate" in these circumstances. What i'd like is to somehow allow people to request/enrol a certificate when logging onto the machine for the first time over wireless (rather than having to first put them on the wired network), is it possible to specify limited access during logon so the users account is able to connect to the pki box and enrol a new user certificate? maybe with an additional remote access policy? We have absolutely no problems with the distribution of computer certificates. I acknowledge that its fully possible that my implementation is at fault here! As i cant find any indication that the behaviour i'm experiencing has been a problem for anyone else! Any advice/pointers greatly appreciated. Jim Tag: tracking copy transaction Tag: 94270
  - 2
    - How do I create a service account? I want to create a service account that has administrator permissions on servers but I do not want this account to be able to log in to the console of any server, is this possible? Thanks Ray Tag: tracking copy transaction Tag: 94263
  - 3
    - Unified vs Federated Authentication questions I'm a student learning about computer security and am having difficulty finding out exactly what Unified Authentication is and how does it differ from Federated Authentication. Can anyone explain it to me? Tag: tracking copy transaction Tag: 94260
  - 4
    - Encrypting VBA code behind Excel File Hi, All. I hope this is the right discussion group - if not, please point me in the right direction. I've written code in VBA 6 for Excel 2000. I need to be able to share the file with others while encrypting the underlying code using an asymmetric algorithm. Any thoughts? Thanks in advance. Jim Tag: tracking copy transaction Tag: 94259
  - 5
    - Pop ups keep coming, vnr_creatives_history Recently, my laptop got to notice the similar problem. Last query: INSERT INTO vnr_creatives_history SE uid=2933683754995559387, cid=0, view_time=UNIX_TIMESTAMP() ON DUPLICAT KEY UPDATE view_time=UNIX_TIMESTAMP() Error: 1114 The table 'vnr_creatives_history' is full Last query: INSERT INTO vnr_creatives_history SE uid=2933683754995559387, cid=27, view_time=UNIX_TIMESTAMP() O DUPLICATE KEY UPDATE view_time=UNIX_TIMESTAMP() Error: 1114 The table 'vnr_creatives_history' is full I followed the solution given over here in the pag http://forums.techarena.in/showthread.php?t=793199. I got rid of som threats. But the pop ups keep coming. And my pop up blocker is at th hightest level of settings. Also, NAV is running along with AV antispyware. And I placed the popup site's URL to the restricted acces sites in my Internet browser settings. But I kept seeing the pop ups Any ideas to fix this problem.. -- mkira ----------------------------------------------------------------------- mkiran's Profile: http://forums.techarena.in/member.php?userid=2888 View this thread: http://forums.techarena.in/showthread.php?t=79623 http://forums.techarena.i Tag: tracking copy transaction Tag: 94258
  - 6
    - Malware issue regarding high broadband traffic and Norton 360 If this issue is not suitable for this newsgroup or if it has already been covered elsewhere would someone please point me in the right direction. I have been using Norton Internet Security for several years. I upgraded from NIS 2005 to Norton 360 in April, this year. I went for Norton 360 because it has received very good reviews. So far I have been pleased with it - it has a good set of useful facilities. However, the upgrade to 360 has not been without problems as I have described in the following. Symantec Technical Help have tried very hard to resolve the issues described in this posting but, so far, have not been able to do so. Although I did not become aware of it for several weeks my broadband traffic increased by a factor of 4 or 5 as indicated by my ISP's customer broadband usage log. Also, around the same, time I noticed that the two little monitor figures in the modem icon in the lower- right-hand corner of the screen were lit up all the time. If this issue is not suitable for this newsgroup or if it has already been covered elsewhere would someone please point me in the right direction. I have been using Norton Internet Security for several years. I upgraded from NIS 2005 to Norton 360 in April, this year. I went for Norton 360 because it has received very good reviews. So far I have been pleased with it - it has a good set of useful facilities. However, the upgrade to 360 has not been without problems as I have described in the following. Symantec Technical Help have tried very hard to resolve the issues described in this posting but, so far, have not been able to do so. Although I did not become aware of it for several weeks my broadband traffic increased by a factor of 4 or 5 as indicated by my ISP's customer broadband usage log. Also, around the same, time I noticed that the two little monitor figures in the modem icon in the lower- right-hand corner of the screen were lit up all the time. When I finally realised what was happening I became quite alarmed - my broadband usage was threatening to exceed my monthly limit. The following is a brief account of what happened. I got into several time-consuming rounds of help from Symantic Technical Help. This involved several re-installations of 360. While this was going on I tried Prevx 2.0 ( http://www.prevx.com/ ). Prevx 2.0 found a malware gremlin and removed it. Broadband traffic immediately went back down to normal levels. Was this the end of my problems? Definitely not! Prevx 2.0 caused 360 to not work properly. And I found that I was unable to uninstall and reinstall 360 even under the supervision of Symantic Technical Help. I could only do this if I first uninstalled Prevx 2.0. In order to find out what malware Prevx 2.0 found I accessed the Prevx log. It contained the following data: (1) File system: C:\WINNT\system32\a.exe (2) Registry: HKLM\software\microsoft\\windows\currentversion\Run \MSMSGNER SZ Since the first time that I used Prevx 2.0 to cure the high broadband traffic problem (attack by a malware gremlin) I have had two more rounds of the problem. The routine that I have developed is very undesirable but it works: (1) When high broadband traffic is noticed install Prevx 2.0. (2) Run Prevx 2.0 - it finds the malware and removes it. (3) Uninstall Prevx 2.0. Does anyone know: (1) What malware attacks my PC? (2) The malware gremlin seems to be using my broadband for something. Is it spamming? Or, is it more sinister? (3) Why does it keep coming back? (4) Why does Norton 360 not prevent attacks by it? (5) Should I try to use system restore instead of uninstalling and reinstalling Prevx 2.0? Finally, it is worth noting here hat what I have described above may not be related specifically to Norton 360. I would like hear from anyone else with the same high modem traffic problem and how they cured it. Thanks in advance for your help. The following is a brief account of what happened. I got into several time-consuming rounds of help from Symantic Technical Help. This involved several re-installations of 360. While this was going on I tried Prevx 2.0 ( http://www.prevx.com/ ). Prevx 2.0 found a malware gremlin and removed it. Broadband traffic immediately went back down to normal levels. Was this the end of my problems? Definitely not! Prevx 2.0 caused 360 to not work properly. And I found that I was unable to uninstall and reinstall 360 even under the supervision of Symantic Technical Help. I could only do this if I first uninstalled Prevx 2.0. In order to find out what malware Prevx 2.0 found I accessed the Prevx log. It contained the following data: (1) File system: C:\WINNT\system32\a.exe (2) Registry: HKLM\software\microsoft\\windows\currentversion\Run \MSMSGNER SZ Since the first time that I used Prevx 2.0 to cure the high broadband traffic problem (attack by a malware gremlin) I have had two more rounds of the problem. The routine that I have developed is very undesirable but it works: (1) When high broadband traffic is noticed install Prevx 2.0. (2) Run Prevx 2.0 - it finds the malware and removes it. (3) Uninstall Prevx 2.0. Does anyone know: (1) What malware attacks my PC? (2) The malware gremlin seems to be using my broadband for something. Is it spamming? Or, is it more sinister? (3) Why does it keep coming back? (4) Why does Norton 360 not prevent attacks by it? (5) Should I try to use system restore instead of uninstalling and reinstalling Prevx 2.0? Finally, it is worth noting here hat what I have described above may not be related specifically to Norton 360. I would like hear from anyone else with the same high modem traffic problem and how they cured it. Thanks in advance for your help. Tag: tracking copy transaction Tag: 94254
  - 7
    - My Computer Ports and System Services are being Hacked, Hello: Good Morning, I am having very serious computer problems with a computer hacker named Wendell E. Crosley/Wendell Crosley that continues on a daily basis to hack into the computer ports and system services on my windows xp sp2 operating system, daily, nights and weekends. These are the computer ports that Wendell E. Crosley/Wendell Crosley hacks into on a daily, basis, nights and weekends: VNC APP1, NETBIOS NAME, NETBIOS DATA GRAM, MICROSOFT SQL SERVER, MICROSOFT SQL MONITOR, SOCKS, WIN AMP SHOUT CAST/iRDMI, HTTP PROXY SCAN, WORLD WIDE WEB HTTP, SMTP, NS SERVER, MAIN CONTROL, MANAGEMENT UTILITY, CNRP SABA MS, KENTROX PROTOCOL, SSH REMOTE LOGIN PROTOCOL, TELNET, SERVICE CONTROL, SNS ADMIN, SNS QUERY, WEBSM, HTTP PROTOCOL OVER TSL/SSL, XFER UTILITY, CS LISTERNER, TRANSSCOUT, REAL AUDIO SERVERS/ARCP, DCE END POINT RESOLUTION, BBN IAD, BACK ORIFICE, X WINDOW SYSTEM, FILE TRANSFER CONTROL, ERMOTE ASSISTANCE, TCIM CONTROL, GNUTELLA, REMOTE PROCEDURE CALLS, SECURE WEB SERVER, UNIVERSAL PLUG AND PLAY, WEB SERVER, REMOTE DESKTOP, MAIL SERVER, MICROSOFT DIRECTORY SERVER, REMOTE ASSISTANCE TERMINAL AND OTHER COMPUTER PORTS on my Windows xp sp2 operating system. Wendell E. Crosley/Wendell Crosley continues on a daily basis to illegally access my user accounts and continues on a daily basis to disable my security programs on my windows xp sp2 operating system. These are the security programs that Wendell E. Crosley/Wendell Crosley disables on a daily basis, nights and weekends: Windows Security Center, Windows Firewall, Windows Defender, Mcafee Personal Firewall Plus Services, Norton Anti Virus Program. I have cleaned installed my windows xp sp2 operating system and Wendell E. Crosley/Wendell Crosley continues to hack into my computer ports and system services daily, nights and weekends. I am working from home online and how can I prevent Wendell E. Crosley/Wendell Crosley from hacking into my computer ports and system services on my windows xp sp2 operating system, daily, nights and weekends? Thank You, Tag: tracking copy transaction Tag: 94247
  - 8
    - anti virus use Hello, There are lately some big discussions about witch anti virus is the best and so on I use and advice kaspersky (microsoft gold certified partner) so I tought, what would the experts say? when you post an anti virus that you think is the best give a good reason it doenst make any sence when you dont post reasons included Tag: tracking copy transaction Tag: 94246
  - 9
    - network analyzer - any clues? Hello, there was a network analyzer (sniffer) which name I don't remember. But I remember that it worked as a proxy server, webbrowser needed to be set up to that proxy, and after a request to open any page, that program asked (if it was checked to do so) if that packed should be allowed. As I remember the program was free. It has possibility to modify all the packets and send the modified packet back to the origin destination. The program is for testing security on servers. It was for windows. Anyone know the name of it or of the similar program? Thank you in advance, emot Tag: tracking copy transaction Tag: 94245
  - 10
    - Removing RootKits All, I hope this is a simple question does Formatting a Hard Drive and then FDisk /MBR remove any rootkits or hidden files on a hard drive?? If the answer is no then could you please point me to a good resource for formatting the boot sector/MBR? Thanks in advance. - CES Tag: tracking copy transaction Tag: 94240
  - 11
    - Security Issue - Locked Out of My Own Drive Hello there, I was trying to protect the information in my drives from whomever is using our guest account at the moment so they cannot view private material. I tweaked this and that, but I have now somehow managed to block access to my own D: drive. Does anyone know how to fix this? I can still access the 3 other drives and the user was successfully blocked from accessing those drives; however, now I cannot get into my largest and most important drive. Thanks! Jackie Tag: tracking copy transaction Tag: 94239
  - 12
    - How do you audit your systems? Hi everyone, I'm just looking for some advice from everyone here on what kind of events you guys audit? We have a distributed IT team and more often than not if someone fails to follow change control proceedure then it's difficult to tell what change has been made and the logs aren't always that useful. So my question is what kind of things do your enterprises audit? For example, changes to group policy. At what level? For example, 'default domain policy' has been changed or 'this particular policy' has been changed. How do you aggregate that information? For example, proactively through SCOM 07 or MOM or retroactively via event manager's logs. Thanks in advance for your suggestions. Best wishes, Ross. Tag: tracking copy transaction Tag: 94238
  - 13
    - Word Document Password I have a Word document that is password protected. It is possible that the password is because of a corrupt document because I never use document passwords in Word. One of the most popular programs for finding a document password is Rixler's Office Multi-Document Password Cracker. However, I have a concern about the safety of the software because it appears to phone home when it is working: "The search for a decryption key is done on the online document decryption server, while the actual decryption is executed on your computer. This technology provides maximum security to the owner of the document as the latter remains on the computer and is not sent anywhere." The major concern is whether the program uploads any document information to Rixler. A Google search has not revealed any warnings about the use of the software. Since I'm not familiar with this company, and since they have been recommend in Microsoft newsgroups before, I thought I would ask. They have been around a while, and I would assume that they would not last if they are grabbing confidential information. The document is not particularly valuable, but it does contain some confidential information. Tag: tracking copy transaction Tag: 94237
  - 14
    - Remote Assistance Settings We just installed wireless on our laptop so it connects to our dekstop modem/router. We happened to be looking in System Properties on the laptop and noticed the following in "Remote Assistance Settings" "Allow this computer to be controlled remotely." And "YES" is checked. Is that OKAY? (Security Problem) Or should the "YES" be UN-checked? Tag: tracking copy transaction Tag: 94231
  - 15
    - Windows.exe error Recently everytime I reboot my computer, it takes an unusually long time to load and an error pops up with: Windows cannot find 'windows.exe'. Make sure you typed the name correctly, and then try again. To serach for a file, click the Start button, and then click Search. OK BUTTON These are the exact words in the dialogue box. Any valuable input would greatly help me. Thanks in advance. Tag: tracking copy transaction Tag: 94230
  - 16
    - client OS security under Virtual PC 2007 I have a number of legacy applications that run best on their original OS's (Windows 98 and Windows NT 4). Since neither of these OS's are currently supported with security patches, etc., and the applications require minimal network access, I would like to know whether there is any kind of 'umbrella' security provided by the host OS? Assuming, of course, that the host has current patches, and up to date AV/malware software. Tag: tracking copy transaction Tag: 94216
  - 17
    - Help with file permissions and ICACLS.EXE problem I'm getting desperate for help here. Yes, I am an MCSE but this is Vista and Vista security does not act like any security before it. Here's the problem: I have scanned the CD covers for my entire CD collection and saved them as 480x480 pixel images named Folder.jpg in the corresponding album folder. Windows Media Player 11 insists on resizing those images to 200x200 pixels. There is nothing in Windows Media Player that will stop this. Setting the read-only attribute also does not stop WMP from destroying the album art. My goal is to stop this behavior by setting the NTFS permissions. I've been doing it for years with WMP 9 and WMP 10 in XP and Server 2003 but I can't find a way that works with WMP 11 and Vista. The end result should be that I can read the file but not write or delete any file matching Folder*.jpg - technically Folder.jpg but the * is required to make icacls.exe work on subfolders. No program running in my security context or the SYSTEM security context should be able to write or delete the file. Windows Media Player and I should be able to change the MP3 files or other image files in the media library. The only thing blocked should be the Folder.jpg files. I use ICACLS.EXE to deny delete or write permissions: icacls Folder*.jpg /deny Dale:(D) /T icacls Folder*.jpg /deny Dale:W /T As soon as I do one of the above (either one - I don't have to do both) I cannot delete or write the file but I also cannot read the files. I check the effective permissions in the security properties and every box is checked for me except Full Control and Delete in the case of the first example above and Full Control and all of the write associated permissions in the case of the second example above. All indications are that I should be able to access the files for reading. If I reset the ACLs using: icacl Folder*.jpg /reset /T and then use the Security property tab in Windows Explorer to set the permissions including deny write and deny delete, all works perfectly as expected. The only problem with this solution is that I would have to manually, one file at a time, set the permissions for thousands of files. Does anyone have any help on how to do this with icacls or some other tool by which I can set permissions en masse? Thanks, Dale -- Dale Preston MCAD C# MCSE, MCDBA Tag: tracking copy transaction Tag: 94213
  - 18
    - Top security events to monitor For months now I have been trying to determine what the most important security events are. It would be greatly appreciated if you could help me by giving me at least 10 of the most popular events to monitor. Currently we are monitoring several events and we want to shorten the list with the most important events. Any help is greatly appreciated. Thanks, -- Bailey Tag: tracking copy transaction Tag: 94211
  - 19
    - Authentium AV and Security Suite Anyone familiar with Authentium? Do they do a good job of protecting against viruses, threats, spam, etc? Would you recommend them? They provide a free security suite through my ISP and I'm not sure if their service is equal to Norton, McAfee, TrendMicro, etc. Any info is appreciated. Thanks Tag: tracking copy transaction Tag: 94206
  - 20
    - MS06-041 exposure Two clarifying questions regarding The DNS Client Buffer Overrun Vulnerability (CVE-2006-3441) referenced in MS06-041 1) is the DNS server (ie: on Win2000, Win2K) vulnerable in any way if a client attempts to query an "evil" dns record from an "evil" dns server, or is this just a dns client resolver issue? 2) if the client passes its DNS query requst to a "good" upstream DNS server (Windows or otherwise), will that server "pass thru" any potential attack payload, or can the vulnerability only occur if the client is directly resolving to a "evil" dns server? thanks! -Matt Tag: tracking copy transaction Tag: 94204
  - 21
    - MS06-048 Fixed or not? In the writeup for MS06-048, a Powerpoint vulnerability "Microsoft Powerpoint Mso.dll Vulnerability CVE-2006-3590" is referenced. Based upon the writeup, the reader is left with the understanding that the included security updates remove this vulnerability. HOWEVER, when following up on the CVE link, several of the security vendors show this as NOT fixed... what gives? Ref: http://xforce.iss.net/xforce/xfdb/27781 (says "no remedy available as of June 2007) http://www.securityfocus.com/bid/18993 (says "Currently we are not aware of any vendor-supplied patches for these issues.") Thanks in advance. -Matt Tag: tracking copy transaction Tag: 94198
  - 22
    - Antigen and Rejected Mailhosts I am running Antigen for Exchange on a Exchange 2003 machine. My Outbound Mail Queue constantly has messages from my Postmaster that are in RETRY state trying to send NDRs (I guess) to what I assume are "spoofing" spammers. For these, the Additional Queue Information shows "the remote server did not respond to the communication request" which indicates the spam came from a spoofed or illegitimate source, right? I have added many of these spoofing spammers, the domains and or IPs, to my Rejected Mailhost lists but I continue to see my Postmaster is trying to send NDRs to the same blocked Rejected Mailhost. It seems like if you block a domain\mailhost that your server would never try to send a NDR reply to the illegitimate source. Does that all makes sense? Any ideas are much appreciated... Tag: tracking copy transaction Tag: 94197
  - 23
    - "Some updates could not be installed"??? Please help! Hi folks, I have jsut changed motherboards on my PC and had to 'repair' XP - I did this by trying to re-install then windows gave me the extra option to repair current edition - I didn't have a recovery disk so couldn't do this the official way but windows seemed to go through the install process and everything rebooted fine and windows started working again... I then had to activate XP over the internet which seemed to go fine. Trouble is, when ever I get critical updates I click the shield and I get a box like this... "Some updates could not be installed" - screenshot below... http://i170.photobucket.com/albums/u270/olly-k/Image1.jpg The list seems to be getting more critical so can anyone please help?! -- Olly. Tag: tracking copy transaction Tag: 94194
  - 24
    - anti-virus? Hi, A long time ago I posted a message about a threat. Someone answered me and gave me a direction to run to get several antiviruses, beside mine, which is aVG. it is C:\AV-CLS\Startmenu.BAT. That was in another computer (both running Windows XP). I am trying to run it in this one and I get an error message saying the page cannot be found. Someone could tell me how to do to retrieve it, please? Many thanks Best regards Tag: tracking copy transaction Tag: 94190
  - 25
    - Help: Windows XP cyber attack? I am getting MANY dialog windows that open up randomly with the message below. Does anyone out there understand what this means? Do I have some virus that is sending out infomation from my computer? This all started with some adware that I got called PurityScan (it came with other Trojan viruses) that was caught by Windows Defender. Since then I have done a full scan with Windows Defender and removed any virus's that it came up with (multiple times). I also downloaded and unistalled PurityScan. Windows defender says that I am clean but the messages keep coming. Last query: INSERT INTO vnr_creatives_history SET uid=12416977861406184582, cid=0, view_time=UNIX_TIMESTAMP() ON DUPLICATE KEY UPDATE view_time=UNIX_TIMESTAMP() Error: 1114 The table 'vnr_creatives_history' is full Last query: INSERT INTO vnr_creatives_history SET uid=12416977861406184582, cid=24, view_time=UNIX_TIMESTAMP() ON DUPLICATE KEY UPDATE view_time=UNIX_TIMESTAMP() Error: 1114 The table 'vnr_creatives_history' is full Tag: tracking copy transaction Tag: 94188

Hi
Is there a way to track "copy" transaction (copying of files) from one
folder to another folder. I'm trying to trace who had copied files from a
shared folder (only 1 user was granted read/write access to this folder) to a
public folder in Win2003 server. This user who had been granted access to the
shared folder advised that he did not copy it to the public folder, thus
someone had illegally access his folder and copied those confidential files.

we tried viewing the app/system/security logs from event viewer but it
doesn;t help much.

Thanks for any advice.
--
asterisks~

Top

Re: tracking copy transaction by Roger

Roger
Wed Aug 15 11:23:55 CDT 2007

"Asterisks" <Asterisks@discussions.microsoft.com> wrote in message
news:4571E73B-867C-49D4-8C08-FAE7DD43745C@microsoft.com...
> Hi
> Is there a way to track "copy" transaction (copying of files) from one
> folder to another folder.

No

> I'm trying to trace who had copied files from a
> shared folder (only 1 user was granted read/write access to this folder)
> to a
> public folder in Win2003 server. This user who had been granted access to
> the
> shared folder advised that he did not copy it to the public folder, thus
> someone had illegally access his folder and copied those confidential
> files.
>

Copy is not, so-to-speak, atomic action, from OS audit point-of-view.
It is composed, a read and a save. Read may be audited by NTFS on
the read-from location. Save (Write) may be audited by NTFS but this
is done on the save-to location (which of course means potentially
anywhere, including some that NTFS does not reach like dvd, usb).

> we tried viewing the app/system/security logs from event viewer but it
> doesn;t help much.
>

Even if you tried with auditing you would have needed to define what
was audited and where before the event you wanted traced by the
audit events messages.

Top