Are any of your server boxes domain controller? DCPROMO.LOG will only be created after a Windows Server OS is promoted to a domain controller.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Maudsley Sent: Tuesday, April 13, 2004 9:55 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] LSASS.EXE Remote Buffer Overflow Investigation Hello list, Regarding [Full-Disclosure] EEYE: Windows Local Security Authority Service Remote Buffer Overflow (http://archives.neohapsis.com/archives/fulldisclosure/2004-03/1994.html). None of my systems (XP Pro, 2K, 2K3 Server) had this log file ("DCPROMO.LOG") in their %WINDOWS%\Debug directorys. I'm guessing this is because the logging functions have never been called. How is this (and the other affected commands) executed remotly? Thanks, -Rich _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html