Re: New IIS Lockdown tool from Microsoft
Thanks Russ. If you're gonna cut and paste a quote from someone, you should give 'em some sort of credit... I have not had the chance to try it but here goes nothing http://www.microsoft.com/technet/itsolutions/security/tools/locktool.asp What it does; 1. Creates two new groups, Web Anonymous Users and Web Applications, puts the IUSR and IWAM accounts in them respectively, then sets an ACE more than enough executables to specifically deny any access to those files. Good job. 2. Disables WebDAV. Good job. 3. Provides a new .dll, called 404.dll, that is implemented with all (or some) ISAPI filter script mappings. This provides a 404 response to any request for such a file. Probably the best we could expect since its impossible to tell IIS to not allow the re-implementation of a given script type (i.e. you can't prevent it from re-implementing .ida, but if its already mapped to a .dll you're not likely to overwrite the existing mapping). So so job. I haven't checked yet whether 404.dll is added to the WFC dllcache, I sure hope so. 4. Removes sample files. About time. 5. Removes the \scripts and \msadc *virtual* directories (the actual directories themselves, and their contents, are left intact). The directories should have been removed as well. 6. Explicitly denies the IUSR account write access to the contents of the INETPUB directory. Unfortunately it does this using a DACE, which NT 4.0 cannot handle, so on NT 4.0 systems you won't be able to view any security information about these modified files after the tool is run. W2K systems don't have this problem. Guess this is just another example of how MS seems to have forgotten how many NT 4.0 systems are out there, or figure that no Novices run NT 4.0? List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: New IIS Lockdown tool from Microsoft
My apologies to every one especially Russ, I thought (being in a rush, of course) that I left most of the email intact, but no . I guess it is not my day ! -Original Message- From: Steve Norton [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 19:51 To: MS-Exchange Admin Issues Subject: Re: New IIS Lockdown tool from Microsoft Thanks Russ. If you're gonna cut and paste a quote from someone, you should give 'em some sort of credit... I have not had the chance to try it but here goes nothing http://www.microsoft.com/technet/itsolutions/security/tools/locktool.asp What it does; 1. Creates two new groups, Web Anonymous Users and Web Applications, puts the IUSR and IWAM accounts in them respectively, then sets an ACE more than enough executables to specifically deny any access to those files. Good job. 2. Disables WebDAV. Good job. 3. Provides a new .dll, called 404.dll, that is implemented with all (or some) ISAPI filter script mappings. This provides a 404 response to any request for such a file. Probably the best we could expect since its impossible to tell IIS to not allow the re-implementation of a given script type (i.e. you can't prevent it from re-implementing .ida, but if its already mapped to a .dll you're not likely to overwrite the existing mapping). So so job. I haven't checked yet whether 404.dll is added to the WFC dllcache, I sure hope so. 4. Removes sample files. About time. 5. Removes the \scripts and \msadc *virtual* directories (the actual directories themselves, and their contents, are left intact). The directories should have been removed as well. 6. Explicitly denies the IUSR account write access to the contents of the INETPUB directory. Unfortunately it does this using a DACE, which NT 4.0 cannot handle, so on NT 4.0 systems you won't be able to view any security information about these modified files after the tool is run. W2K systems don't have this problem. Guess this is just another example of how MS seems to have forgotten how many NT 4.0 systems are out there, or figure that no Novices run NT 4.0? List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: And I still hate SP4 for exchange
Title: And I still hate SP4 for exchange -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Friday, August 17, 2001 11:31 AM To: MS-Exchange Admin Issues Subject: RE: And I still hate SP4 for exchange Installing sp4 potentially can cause or not fix the following post sp4 fixes (there are others not available yet): 6 things fixed for the MTA http://support.microsoft.com/support/kb/articles/q283/2/38.asp 15 fixes for the information store: http://support.microsoft.com/support/kb/articles/Q282/5/33.ASP 1 fix for the IMS http://support.microsoft.com/support/kb/articles/Q289/2/58.ASP 6 post sp4 CDO fixes http://support.microsoft.com/support/kb/articles/Q289/6/06.ASP If Exchange2000 wasn't released already, we'd probably see an exchange5.5 sp5. We still might. William -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Friday, August 17, 2001 8:29 AM To: MS-Exchange Admin Issues Subject: RE: And I still hate SP4 for exchange Does everything work OK before SP4? I can't see why anything in SP4 would cause those problems. David James Infrastructure Administrator Generation Technologies Corporation www.generationtechnologies.com [EMAIL PROTECTED] Voice - 913-345-1012 x103 -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Friday, August 17, 2001 10:14 AM To: MS-Exchange Admin Issues Subject: RE: And I still hate SP4 for exchange What sp4 are you using? Download? CD? Also, there are several post-sp4 fixes for the MTA. William Lefkovics, MCSE, A+ -Original Message- From: Nicole Wajer [mailto:[EMAIL PROTECTED]] Sent: Friday, August 17, 2001 7:43 AM To: MS-Exchange Admin Issues Subject: And I still hate SP4 for exchange Hello All, Me again with/on about SP4. It's giving me a hell of a headache and before I talk to MS maybe you have some bright ideas. Here is the deal I installed the software in the following order Compaq 1850 NT 4.0 NTssd (compaq stuff) iis4 Sp6a some iis patches srp exchange 5.5 (stuff replicated!!) exchange sp4 after this MTA just doesn't want to start anymore with the error of... A fatal system error occurred while initializing the MTA. Reboot the computer. If that does not work, contact Microsoft Technical Support. [4 BASE IL MAIN BASE 1 173] (16) And NT service 2140 error (when trying to start the mta). why why why why? If you have some additional questions or hints please let me know. I want this sp4 running well and till now that is not working (as still my imc - other machine - needs to have a reboot once in a while since sp4). Groetjes, Nicole List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Orbz
I don't mind you testing, When you say I am correct, you mean correct, your machines are configured not to relay I have been in email contact with Orbz, and their basic responce is f*ck you, if you are on our list, you have an open relay, we don't have to prove anything to you. -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 25, 2001 10:55 To: MS-Exchange Admin Issues Subject: RE: Orbz You are correct (I tested it, hope you don't mind). I don't know how you got on the list. You have to contact them to get off the list. It's totally automated though, so good luck. -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 10:46 PM To: MS-Exchange Admin Issues Subject: Orbz Anyone had any dealings with these guys? http://www.orbz.org They say that my gateway machines are an open relay. We are using the SMTP service out of the NT 4.0 Option Pack, SP6A I know I have them configured to only relay messages for our internal servers. Bill Higgins Lead NT Systems Engineer (415) 402-3444 office (415) 720-7053 cell [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Orbz
When I think of RBL's, the words Net Nazis comes to mind. With them, you are guilty till proven innocent, and then still guilty. -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 25, 2001 10:54 AM To: MS-Exchange Admin Issues Cc: '[EMAIL PROTECTED]' Subject: RE: Orbz I don't mind you testing, When you say I am correct, you mean correct, your machines are configured not to relay I have been in email contact with Orbz, and their basic responce is f*ck you, if you are on our list, you have an open relay, we don't have to prove anything to you. -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 25, 2001 10:55 To: MS-Exchange Admin Issues Subject: RE: Orbz You are correct (I tested it, hope you don't mind). I don't know how you got on the list. You have to contact them to get off the list. It's totally automated though, so good luck. -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 10:46 PM To: MS-Exchange Admin Issues Subject: Orbz Anyone had any dealings with these guys? http://www.orbz.org They say that my gateway machines are an open relay. We are using the SMTP service out of the NT 4.0 Option Pack, SP6A I know I have them configured to only relay messages for our internal servers. Bill Higgins Lead NT Systems Engineer (415) 402-3444 office (415) 720-7053 cell [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
Re: Word as email editor problem
test - Original Message - From: [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Thursday, August 23, 2001 5:16 PM Subject: RE: Word as email editor problem It's about time! -Michèle Immigration site: http://LadySun1969.tripod.com Our new 2001 Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - If I throw a stick, will you leave? - -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 11:14 AM To: MS-Exchange Admin Issues Subject: RE: Word as email editor problem I am. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 5:28 AM To: MS-Exchange Admin Issues Subject: RE: Word as email editor problem et, où est le FAQ francais pour le serveur Exchange? Merci. eh? write yer own! ;-P -Michèle Immigration site: http://LadySun1969.tripod.com Our new 2001 Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Fear knocked at the door. Faith answered and no one was there. - -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 5:42 AM To: MS-Exchange Admin Issues Subject: RE: Word as email editor problem I don't know this error specifically, but you might consider making sure Office SR-1 (at least) is on the computer with Word. I wouldn't consider supporting Word as my email editor to that point. Too many boogers. Now, Mr Hadi. I'd like to have a Word with you. What's up with my Lucent shares? Certainly not their value... How many Definity switches do I have to buy?!?!? ;) et, où est le FAQ francais pour le serveur Exchange? Merci. William Lefkovics, MCSE, A+ -Original Message- From: HADI, ALI (ALI)** CTR ** To: MS-Exchange Admin Issues Sent: 8/23/01 2:26 AM Subject: RE: Word as email editor problem How about running detect and repair - assumng u've alreafy changed font settings ? Best Regards / Meilleures salutations Ali Hadi Compaq EUS Technicien Lucent Technologies 16 Avenue Descartes 92350 Plessis Robinson France Tel : 00 331 41 28 5596 Email: [EMAIL PROTECTED] -Original Message- From: Nikki Cleland - ITCX [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 7:08 PM To: MS-Exchange Admin Issues Subject: RE: Word as email editor problem The ZOOM setting in their Word is set to 100%... -Original Message- From: John Elliott [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 9:20 AM To: MS-Exchange Admin Issues Subject: Word as email editor problem Hi, I have a client running Winnt Workstation SP 6a, that just decided they wanted to use Word 2000 as their email editor. When they try to create any email the font is huge even though it says it's like Arial 8it shows up as something in the 40 range! If they use Outlook it's not a problem. Any ideas? John Elliott MCSE+I, ASE, MCP, ACT, A+ eCommerce Solutions TELUS Enterprise Solutions Inc. 4 King Street West Toronto, Ontario Canada M5H 1B6 Phone 416-862-1401 ext. 536 Fax 416-862-0999 [EMAIL PROTECTED] www.telus.com [EMAIL PROTECTED] www.daedalian.com List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Orbz
yes, they're very unpleasant that way. Drew (MOS) KWAR2001 website: www.schoolofdefence.org/kwar.html Read my Column on OUTLOOKEXCHANGE.COM: http://www.outlookexchange.com/articles/drewnicholson/default.asp Pics of Max are BACK! http://www.drewncapris.net A state without the means of change is without the means of its own conservation. - Edmund Burke -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 25, 2001 12:54 PM To: MS-Exchange Admin Issues Cc: '[EMAIL PROTECTED]' Subject: RE: Orbz I don't mind you testing, When you say I am correct, you mean correct, your machines are configured not to relay I have been in email contact with Orbz, and their basic responce is f*ck you, if you are on our list, you have an open relay, we don't have to prove anything to you. -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 25, 2001 10:55 To: MS-Exchange Admin Issues Subject: RE: Orbz You are correct (I tested it, hope you don't mind). I don't know how you got on the list. You have to contact them to get off the list. It's totally automated though, so good luck. -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 10:46 PM To: MS-Exchange Admin Issues Subject: Orbz Anyone had any dealings with these guys? http://www.orbz.org They say that my gateway machines are an open relay. We are using the SMTP service out of the NT 4.0 Option Pack, SP6A I know I have them configured to only relay messages for our internal servers. Bill Higgins Lead NT Systems Engineer (415) 402-3444 office (415) 720-7053 cell [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Orbz
William [1] It seems to be a side effect of using WLBS to load balance the Microsoft SMTP service. It's a nice side effect to have... [1] Hi William! -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 25, 2001 14:02 To: MS-Exchange Admin Issues Subject: RE: Orbz An SMTP connection from an SMTP server is very much like the telnet conversation done with the SMTP commands. I tried last night as well. The telnet connection is made, so you didn't 'block' it; however, SMTP commands from the telnet session are not replied to. How did you prevent that? William Lefkovics, WLKMMAS, MCSE, A+ (Hi Bill!) -Original Message- From: Bill Higgins To: MS-Exchange Admin Issues Sent: 8/25/01 1:32 PM Subject: RE: Orbz That was the plan... Telnet to our gateway is not allowed... only an SMTP server can connect... -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 25, 2001 12:32 To: MS-Exchange Admin Issues Subject: RE: Orbz I just opened a telnet session to smtpgate.buzzsaw.com on port 25 (and smtpgatent1.buzzsaw.com on port 25) to test for an open relay but all I got back is: 220-**2**200 ***2*2** 2***0*00 220 * And even a helo command didn't gave me anything. So it looks like you are very secure. Siegfried / -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 25, 2001 7:54 PM To: MS-Exchange Admin Issues Cc: '[EMAIL PROTECTED]' Subject: RE: Orbz I don't mind you testing, When you say I am correct, you mean correct, your machines are configured not to relay I have been in email contact with Orbz, and their basic responce is f*ck you, if you are on our list, you have an open relay, we don't have to prove anything to you. -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 25, 2001 10:55 To: MS-Exchange Admin Issues Subject: RE: Orbz List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: new users don't get a calendar
Probably has given his account Service account perms. Not that I would do that. J -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 3:58 PM To: MS-Exchange Admin Issues Subject: RE: new users don't get a calendar out of curiosity, exactly how were you trying to access the calendar from [your] own outlook profile? -Michèle Immigration site: http://LadySun1969.tripod.com Our new 2001 Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Anytime you can express your age in signifcant fractions of a century, its a bit of a downer. - David Horza - -Original Message- From: Richardson, Kendall (UNISYS) [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 2:05 PM To: MS-Exchange Admin Issues Subject: RE: new users don't get a calendar Creating the new profile worked. Previously I was trying to access the calendar from my own outlook profile; as soon as I opened it with its own profile all of the appropriate folders were there. Thanks much Ken Richardson LIA Virginia Network Engineer (703) 617-7268 UNiSYS -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 10:50 AM To: MS-Exchange Admin Issues Subject:RE: new users don't get a calendar Create a profile that points to the new mailbox as the primary mailbox. Open the mailbox with the Outlook client. The client will create the folders for you. If not, there is a switch you can use when starting Outlook to create the folders (Can the list help me out here, I've forgotten the exact wording of the switch.) In TechNet search for command line options and Outlook, and you should be able to get a list. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 Reduce your stress; Resign as the General Manager of the Universe -Original Message- From: Richardson, Kendall (UNISYS) [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 9:57 AM To: MS-Exchange Admin Issues Subject: new users don't get a calendar When I create new user mailboxes, the mailbox does not have a calendar, contacts, drafts, journal, or notes folder. I am running NT4 with 6a and Exch 55 with SP3. From within Outlook I can go in and add a calendar folder for these users, and users can add items to the new calendar, but no one else can view the calendar from their own workstations, regardless of permissions set. Last week I upgraded from standard edition to enterprise for Exchange--not sure if that had any bearing on this problem, but in the past I have always been able to create normal mailboxes with all of the standard folders. Thanks for the help. Ken Richardson List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm