This would be an odd approach, but it may just work. Mcafee Stinger seems to
always remove the virus/worms that I cant get rid of with SAV 9.0 (although it
does only look for recent or most notable virus, but usually the ones you have
problems with). Would it work to autodownload Stinger everyda
I do this on all my machines with a group from a trusted domain. Check out the
restricted groups feature in group policy.
--Brian Desmond
[EMAIL PROTECTED]
Payton on the web! www.wpcp.org
v - 773.534.0034 x135
f - 773.534.8101
From: [EMAIL PROTECTED] on beha
Title: Message
If all you have to do is grab the data off of the box as
fast as possible, I would recomend doing a parallel install of XP, snagging the
data, then dumping the box or fighting through the problem.
//SIGNED//
David J.
PerdueNetwo
Title: Message
Good morning everyone,
(What a great way to start the day)
One of our "important" PC has died over night (the computer turns on and goes to
the Windows Screen and then reboots - this happen over and over again) and I now
need to do a recovery on it, quick question in regards
yes, you answered everything. Thanks
well,except 2 questions
1. you say you wouldn't use a forwarder for root name resolution. so the only 2
choices are- house all the zones in the root and point all clients there or
have each shild domain have a secondary copy of the root. true?
2.What was the
Why? What good would that do for you?
I understand what you're saying though. No, you wouldn't be able to define
just ._msdc as your transfer target. You'd have to define the entire zone
that ._msdc belongs to. It's not a zone in itself (which is what you were
asking earlier right? It's just a
If I have 60 CALs is there a way to determine how many of them are
currently being used?
Mike
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
how can you just transfer the _msdc zone in a Win2k forest.
No the whole root domain.com zone,just the _msdc zone from the root? I don't
think thats possible.
thanks
-Original Message-
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 01, 2004 4:55 PM
To: [EMAIL PROTE
Child domains MUST be able to resolve root resources. How you accomplish
that is open but a forwarder doesn't come to mind. Failure to resolve those
names would result in broken replication and other issues.
DNS is not required to be on Windows servers, but it must be on RFC 2052 and
RFC 2136 com
You should be able to directly add the trusted domain's domain admins group
to any workstations you want. As long as the trust lines are there the
global groups will nest fine in the workstations builtin administrators
group.
Ex:
G:\TEMP\schema>lg administrators
LG V01.01.00cpp Joe Richards ([E
If I had a multi domain Win2k forest and my child domains were delgated control
of their respective zones but did not have a secondary copy of the root zone OR
were forwarding to the root, would that cut them off from the forest?
This is a really basic AD question,but I just wanted to know for s
Can't you use the "Restricted Groups" policy setting to set your local Admin
membership on your workstations ?
We do this routinely for about 2500 workstations and 300+ servers with no
problems.
MS Article on it (not a huge amount of help though)
http://support.microsoft.com/default.aspx?scid=kb;
Ken,
ErrrPerl
Had a quick look at this, it seems to be a perl-based client to talk to a
remote rsync daemon (presumably running on a Linux box). I'll keep looking
though.
"File::RsyncP does not yet implement server functionality (acting like the
remote end of a connection or a daemon). Sinc
The passwords are srong which is why its not getting anywhere and the users who
are local admins are getting locked out from bad logon attempts.
Renaming the admin accounts is not going to stop the worm from going out on
those ports and flood my network and bring everything to a crawl.
I need t
Phil,
Not in the first instance. We are currently replicating portions of from
about 10 odd machines into a single DR server, and the majority of source
machines are Win2k, not 2k3. Eventually, we want to be able to do full
replication between the primary server to its DR pair, at which point we
1)I get numerous logon hits on my DC's. Some accounts are Admins,some
are just regular users who get locked out. None of the attempts succeed.
Check the Event Logs on the clients that got infected. If it is trying
to get into the systems using passwords it is going after the local
Administrator acc
I will be out of the office starting 25/11/2004 and will not return until
06/12/2004.
I will respond to your message when I return.
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.
I get numerous logon hits on my DC's. Some accounts are Admins,some are just
regular users who get locked out. None of the attempts succed.
I ran the exe on a clean patched up to date box while running filemon and
regmon. The exe is wupdmngr.exe which creates a process called faxze.exe.
It tries
Hi!
In my current network I have a placeholder domain domain.local, with two child
domains a.domain.local and b.domain.local. I want to migrate a.domain.local to
a.local and b.domain.local to b.local (two new forests) for security reasons.
I already tried to migrate the child domain to a new tr
I have Snort deployed in 28 offices, logging to a MS SQL server and we
view alerts using BASE. I have a lot of custom virus signatures and
would be willing to share of you want them. It works good to quickly
identify who is spreading the worms.
As far a fully patched machines getting infected che
Might not be the best solution, but you could always write a custom
script in something like perl that does customized data integrity
checking for you and what not. The ActiveState perl for windows works
exceptionally well in my experience.
List info : http://www.activedir.org/mail_list.htm
List
I should comment that as part of our "pre-conditioning" for the robocopy
step, we disconnect any users that might be using the source files (net
session /delete) and also stop the server service.
Michael M. Thommes
Argonne National Laboratory
-Original Message-
From: Jacqui Hurst [mailto
I've seen an attempt to migrate data using Robocopy which took far too long
and had to be stopped. The cause of this was put down to files in use (pst
files left open). If you go down this route be careful of the switches you
use.
Jacqui
-Original Message-
From: [EMAIL PROTECTED]
[mailt
I’d block the non-critical ports over
the frame. You can also watch the routers to see whats hitting them or put a
sniffer in the gap between the frame router and LAN to hunt the offender.
Rob
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: 01
I see
the offender. What I want to know is where the offender got it
from.
I know
its not from the internet because we block all those ports
incoming.
We
have a sister corp that has ther own independent IT staff and is connected to
use via frame relay. We are all in the same forest.
We
al
If you watch your firewall logs…. You
will more than likely see the offender, i.e. you will see it trying to talk on
specific ports and likely to be scanning up class ‘C’ reserved
ranges. I just tend to filter the firewall logs and setup alerts for suspicious
activity.
I think Watchgua
Group,
Have you ever added a domain admins group from another forest into the
built in administrators groups on your local workstation.
We have our forest of nt40 and the parent company has a forest named
abc. They both have a two way trust. I started this project by creating
a universal group in
System restore is always off on our machines
win2k machines get infected too and i can say without a doubt they are all
patched. we use SUS and patch all our boxes whenever a new one come out. All
defs are up to date via Symantec though sometimes in safe mode, Symantec full
scan will NOT find th
IDS isn’t going to protect you from these worms… let’s
initially focus on that:-
I’m just going to ramble and we can then home in on a solution…
It’s hard to believe patched machines are being re-infected.. but
it does happen. I suspect you have a rogue machine which isn’t managed i
I played around with SNORT a couple of years ago and it was a very
good product. Unless it has changed, it is only an IDS, meaning it
only detects and logs intrusions. It doesn't stop them. I'm not sure
about it tying into your firewall. I know Realsecure does, but it
costs $.
Jordan
On Wed,
No real experience with snort, but on the topic of "getting the worms
even if they are patched," it is most likely that they got the worm
before the machine was patched, and system restore is turned on.
Although system restore seems to be helpful to some people, I have never
had it successfully res
Would Volume Shadow Copy be something you could look at to do this?
Phil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Wednesday, December 01, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Slightly OT: File Copy of Deat
Anyone had good experiences with snort and can you recommend it as a IDS and
intrusion prevention?
I'm really getting hit hard with bots like W32.spybot.worm and W32.Randex.BTB.
I get these worms even being fully patched and my Symantec defs are up to date.
I'm looking for something cheap(read:
Thanks forthe link. I will check it out. I am looking at MOM, but I
wanted to get some feed back on other tools. I hope to use this
problem to highten managements awareness of our lack of monitoring
tools and processes.
Dennis
On Wed, 1 Dec 2004 12:53:08 -, Geary, Simon (Computer People)
That's pretty cool, but what does the information mean? What is "largest
delta"?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent: Wednesday, December 01, 2004 8:15 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Monitoring Replication
Would a Perl Rsync implementation be better?
http://search.cpan.org/~cbarratt/File-RsyncP-0.52/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Glenn Corbett
Sent: Wednesday, December 01, 2004 3:20 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Slightly OT
There is a book "Active Directory Notes from the field". On the
companion cd there is source code for a website. I use it for looking at
replication, OU's etc. Those that have support contracts with MS should
ask about their Active Directory Health Check. We had one done and they
gave me all the to
repadmin /replsum * /bysrc /bydst
Requires WinXP or later running Win2k3 repadmin or later.
Caveat: It's not actual monitoring, it's like quick dirty checkup.
-B
On Wed, 1 Dec 2004, Myrick, Todd (NIH/CIT) wrote:
> Depends on the size of your forest and how many domains; I am partial to
> Di
Depends on the size of your forest and how many domains; I am partial to
Directory Analyzer for monitoring and alerting for forest with multiple
domains. They have a stand alone monitor that is web enabled, or they can
integrate with MOM and HP Openview.
HP Openview has a set of AD tools.
You mi
Microsoft have several free tools that can be used to monitor FRS, such as
Ultrasound.
http://www.microsoft.com/windowsserver2003/technologies/fileandprint/file/dfs/tshootfrs.mspx
Or if you want a more fully featured product you can try MOM 2005 although this
is not free.
-Original Message-
On Wed, 1 Dec 2004 07:33:31 -0500, Dennis Depp wrote
> What is everyon using to monitor replication between domain controllers?
>
(...)
> few warnings and nothing that particularly alarmed me.
>
> Thanks in advance for your input.
>
We are using Quest spotlight for AD as one of Rep monitoring to
What is everyon using to monitor replication between domain controllers?
I ran into a problem yesterday with replication. We are running a
Bind DNS with the underscore domains delegated to Active Directory
integrated DNS. I rebuilt a domain controller last Wednesday and
everything did not get up
In hockey they do North America verses the World. Hehe
Todd
-Original Message-
From: Daniel Gilbert [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 30, 2004 9:10 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] IT PrOlympics Challenge on WindowsITPro
Might need to be the Americans a
Return Receipt
Your RE: [ActiveDir] Accessing resources when a domain controller
document is u navailable (sightly OT)
:
I think the following is true:
When a computer (client or server with resources) discovers W2Kx DCs it will
only talk kerberos and it "forgets" NTLM for AD domain accounts. NTLM will
only work if you connect using local credentials on the member server that
hosts the resources .
NTLM with AD domai
Can't the user connect using NTLM authentication (unless that's been turned
off)?
Cheers
Ken
: -Original Message-
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto
: Sent: Wednesday, 1 December 2004 8:31 PM
: To: [EMAIL PROTECTED]
: Subje
Hi Lucia,
Any chance you can turn off your receipts for this group?
Thanks,
Rob
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lucia Washaya
Sent: 01 December 2004 10:05
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Offline Files
Return Receipt
Return Receipt
Your RE: [ActiveDir] Offline Files
document
:
Hi,
Check out the
following:
Q811525
Q811660
The solution that's provided in the hotfix concerning the multiple still sucks. In my opinion the thought of using
Offline Files is great, but the implemention is a little bit crappy.
Be carefull when you have resources on 1 server that are
o
Return Receipt
Your RE: [ActiveDir] Accessing resources when a domain controller
document is u navailable (sightly OT)
:
* When logging on with cached credentials when no DC is available you won't
get any kerberos tickets either and you most likely won't have access to
resources.
* When logging on while a DC is available you can get kerberos tickets to
access resources. If after a while no DC is available because the
All,
Sorry to hijack this thread, however in the same vein, is anyone aware of a
(preferably) freeware application that does a similar function to rsync on
Linux ? We are looking at synchronising large amounts of data each night,
including some 200+gb databases. Rsync seems to handle this situati
The problem you may encounter (and I'm not by any means an IP routing
expert) is that unless you do run NAT on the interface connected to the
physical production NIC (as opposed to using straight RRAS), other routers
on the network won't know how to get to your "test" subnet. Unless of
course yo
53 matches
Mail list logo