Disable services (was: Mystery Domains)
This brings up a good point - what other services do you typically disable? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Disable services (was: Mystery Domains)
For servers(Non-DCs), GPOs disable: Audio Service, Messenger, Computer Browser, Distributed Link Tracking Client, wireless configuration GPOs enable: DNS client, windows time, snmp service For clients GPOs disable: computer browser, messenger, Distributed Link Tracking Client GPOs enable: dns client, dhcp client, windows time Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Thursday, February 26, 2009 8:48 AM To: NT System Admin Issues Subject: Disable services (was: Mystery Domains) This brings up a good point - what other services do you typically disable? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Disable services (was: Mystery Domains)
Alerter, help and support, indexing, portable serial number, SSDP DISCOVERY SERVICE (MUST), telnet, upload manager, smart card, computer browser -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 8:06 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) For servers(Non-DCs), GPOs disable: Audio Service, Messenger, Computer Browser, Distributed Link Tracking Client, wireless configuration GPOs enable: DNS client, windows time, snmp service For clients GPOs disable: computer browser, messenger, Distributed Link Tracking Client GPOs enable: dns client, dhcp client, windows time Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Thursday, February 26, 2009 8:48 AM To: NT System Admin Issues Subject: Disable services (was: Mystery Domains) This brings up a good point - what other services do you typically disable? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Disable services (was: Mystery Domains)
+1 on these! I add to GPO enable: Automatic Updates (because we use WSUS) We are also going to turn off the autoplay via GPO starting next week after some patching: http://support.microsoft.com/kb/967715 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 6:06 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) For servers(Non-DCs), GPOs disable: Audio Service, Messenger, Computer Browser, Distributed Link Tracking Client, wireless configuration GPOs enable: DNS client, windows time, snmp service For clients GPOs disable: computer browser, messenger, Distributed Link Tracking Client GPOs enable: dns client, dhcp client, windows time Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Thursday, February 26, 2009 8:48 AM To: NT System Admin Issues Subject: Disable services (was: Mystery Domains) This brings up a good point - what other services do you typically disable? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Disable services (was: Mystery Domains)
And hopefully, if you are disabling DLT, you have disabled Distributed Link Tracking Server service on your DC's long ago[1] and considered cleaning up the droppings in AD that were left behind before you disabled it if you ever had it running. Distributed Link Tracking on Windows-based domain controllers http://support.microsoft.com/kb/312403 [1]That service is off by default in Windows Server 2003 AD. It is a stupid service, not sure why it made it to production. joe Richards -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 6:06 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) For servers(Non-DCs), GPOs disable: Audio Service, Messenger, Computer Browser, Distributed Link Tracking Client, wireless configuration GPOs enable: DNS client, windows time, snmp service For clients GPOs disable: computer browser, messenger, Distributed Link Tracking Client GPOs enable: dns client, dhcp client, windows time Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Thursday, February 26, 2009 8:48 AM To: NT System Admin Issues Subject: Disable services (was: Mystery Domains) This brings up a good point - what other services do you typically disable? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Disable services (was: Mystery Domains)
Yes. Done that. I agree with joe -- it's caused issues over the years :( Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, February 26, 2009 1:52 PM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) And hopefully, if you are disabling DLT, you have disabled Distributed Link Tracking Server service on your DC's long ago[1] and considered cleaning up the droppings in AD that were left behind before you disabled it if you ever had it running. Distributed Link Tracking on Windows-based domain controllers http://support.microsoft.com/kb/312403 [1]That service is off by default in Windows Server 2003 AD. It is a stupid service, not sure why it made it to production. joe Richards -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 6:06 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) For servers(Non-DCs), GPOs disable: Audio Service, Messenger, Computer Browser, Distributed Link Tracking Client, wireless configuration GPOs enable: DNS client, windows time, snmp service For clients GPOs disable: computer browser, messenger, Distributed Link Tracking Client GPOs enable: dns client, dhcp client, windows time Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Thursday, February 26, 2009 8:48 AM To: NT System Admin Issues Subject: Disable services (was: Mystery Domains) This brings up a good point - what other services do you typically disable? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Disable services (was: Mystery Domains)
I figured you knew that and you had already addressed it :-) My message was for those among us who may not have been aware of it... -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 11:03 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) Yes. Done that. I agree with joe -- it's caused issues over the years :( Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, February 26, 2009 1:52 PM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) And hopefully, if you are disabling DLT, you have disabled Distributed Link Tracking Server service on your DC's long ago[1] and considered cleaning up the droppings in AD that were left behind before you disabled it if you ever had it running. Distributed Link Tracking on Windows-based domain controllers http://support.microsoft.com/kb/312403 [1]That service is off by default in Windows Server 2003 AD. It is a stupid service, not sure why it made it to production. joe Richards -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 6:06 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) For servers(Non-DCs), GPOs disable: Audio Service, Messenger, Computer Browser, Distributed Link Tracking Client, wireless configuration GPOs enable: DNS client, windows time, snmp service For clients GPOs disable: computer browser, messenger, Distributed Link Tracking Client GPOs enable: dns client, dhcp client, windows time Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Thursday, February 26, 2009 8:48 AM To: NT System Admin Issues Subject: Disable services (was: Mystery Domains) This brings up a good point - what other services do you typically disable? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Disable services (was: Mystery Domains)
I for one did not know about that and now get the pleasure of looking over the article and dealing with my mistake. I do thank you though! Jon On Thu, Feb 26, 2009 at 2:12 PM, Free, Bob r...@pge.com wrote: I figured you knew that and you had already addressed it :-) My message was for those among us who may not have been aware of it... -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 11:03 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) Yes. Done that. I agree with joe -- it's caused issues over the years :( Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, February 26, 2009 1:52 PM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) And hopefully, if you are disabling DLT, you have disabled Distributed Link Tracking Server service on your DC's long ago[1] and considered cleaning up the droppings in AD that were left behind before you disabled it if you ever had it running. Distributed Link Tracking on Windows-based domain controllers http://support.microsoft.com/kb/312403 [1]That service is off by default in Windows Server 2003 AD. It is a stupid service, not sure why it made it to production. joe Richards -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 6:06 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) For servers(Non-DCs), GPOs disable: Audio Service, Messenger, Computer Browser, Distributed Link Tracking Client, wireless configuration GPOs enable: DNS client, windows time, snmp service For clients GPOs disable: computer browser, messenger, Distributed Link Tracking Client GPOs enable: dns client, dhcp client, windows time Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Thursday, February 26, 2009 8:48 AM To: NT System Admin Issues Subject: Disable services (was: Mystery Domains) This brings up a good point - what other services do you typically disable? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Disable services (was: Mystery Domains)
I don't think it was publicized as well as they could have at the time. I caught it years ago because I focus on AD but the fact that they still look for it in the ADRAP (AKA-Healthcheck) leads me to believe it's still an issue at customer sites. I think the KB is at v9 now and it has a LOT more info than it used to when it basically said- you don't really need this, turn it off From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, February 26, 2009 12:10 PM To: NT System Admin Issues Subject: Re: Disable services (was: Mystery Domains) I for one did not know about that and now get the pleasure of looking over the article and dealing with my mistake. I do thank you though! Jon On Thu, Feb 26, 2009 at 2:12 PM, Free, Bob r...@pge.com wrote: I figured you knew that and you had already addressed it :-) My message was for those among us who may not have been aware of it... -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 11:03 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) Yes. Done that. I agree with joe -- it's caused issues over the years :( Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, February 26, 2009 1:52 PM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) And hopefully, if you are disabling DLT, you have disabled Distributed Link Tracking Server service on your DC's long ago[1] and considered cleaning up the droppings in AD that were left behind before you disabled it if you ever had it running. Distributed Link Tracking on Windows-based domain controllers http://support.microsoft.com/kb/312403 [1]That service is off by default in Windows Server 2003 AD. It is a stupid service, not sure why it made it to production. joe Richards -Original Message- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 6:06 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) For servers(Non-DCs), GPOs disable: Audio Service, Messenger, Computer Browser, Distributed Link Tracking Client, wireless configuration GPOs enable: DNS client, windows time, snmp service For clients GPOs disable: computer browser, messenger, Distributed Link Tracking Client GPOs enable: dns client, dhcp client, windows time Scott Kaufman Lead Network Analyst ITT ESI, Inc. -Original Message- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Thursday, February 26, 2009 8:48 AM To: NT System Admin Issues Subject: Disable services (was: Mystery Domains) This brings up a good point - what other services do you typically disable? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http
Re: Mystery Domains
Hopefully you really only need to worry about it if you have a single-label domain. Klint Scott Kaufman at HQ wrote: You don't need WINS to do hostname resolution. If DNS is correctly configured, hostname resolution will work just fine. Since 2000, the OS uses DNS first before WINS for name resolution * * *Scott Kaufman* Lead Network Analyst ITT ESI, Inc. *From:* David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] *Sent:* Wednesday, February 25, 2009 3:28 PM *To:* NT System Admin Issues *Subject:* RE: Mystery Domains correct. No WINS. \\server\share file:///%5C%5Cserver%5Cshare works fine. What do you mean by a UNC that aren't FQDN? *From:* David Lum [mailto:david@nwea.org] *Sent:* Wednesday, February 25, 2009 3:16 PM *To:* NT System Admin Issues *Subject:* RE: Mystery Domains Really? And I'll assume no WINS either? How do UNC's that aren't FQDN work then? I'm missing some knowledge here... */David Lum/*/ /*// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 *// *(Cell) 503.267.9764 *From:* David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] *Sent:* Wednesday, February 25, 2009 11:48 AM *To:* NT System Admin Issues *Subject:* RE: Mystery Domains At least not for me - haven't used NetBIOS over TCP/IP in years. *From:* David Lum [mailto:david@nwea.org] *Sent:* Wednesday, February 25, 2009 2:25 PM *To:* NT System Admin Issues *Subject:* RE: Mystery Domains Won't that cause other issues? */David Lum/*/ /*// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 *// *(Cell) 503.267.9764 *From:* David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] *Sent:* Wednesday, February 25, 2009 10:58 AM *To:* NT System Admin Issues *Subject:* RE: Mystery Domains disable NetBIOS over TCP/IP (WINS tab of your network connection's IP settings) *From:* Steven Calvanese [mailto:scalvan...@membersolutions.com] *Sent:* Wednesday, February 25, 2009 1:50 PM *To:* NT System Admin Issues *Subject:* Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Mystery Domains
\\server.domain.tld\share, vs. \\server\share On Wed, Feb 25, 2009 at 12:27, David Mazzaccaro david.mazzacc...@hudsonhhc.com wrote: correct. No WINS. \\server\share works fine. What do you mean by a UNC that aren't FQDN? From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 3:16 PM To: NT System Admin Issues Subject: RE: Mystery Domains Really? And I’ll assume no WINS either? How do UNC’s that aren’t FQDN work then? I’m missing some knowledge here… David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Wednesday, February 25, 2009 11:48 AM To: NT System Admin Issues Subject: RE: Mystery Domains At least not for me - haven't used NetBIOS over TCP/IP in years. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 2:25 PM To: NT System Admin Issues Subject: RE: Mystery Domains Won’t that cause other issues? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Wednesday, February 25, 2009 10:58 AM To: NT System Admin Issues Subject: RE: Mystery Domains disable NetBIOS over TCP/IP (WINS tab of your network connection's IP settings) From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Mystery Domains
Both work fine. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 25, 2009 4:28 PM To: NT System Admin Issues Subject: Re: Mystery Domains \\server.domain.tld\share, vs. \\server\share On Wed, Feb 25, 2009 at 12:27, David Mazzaccaro david.mazzacc...@hudsonhhc.com wrote: correct. No WINS. \\server\share works fine. What do you mean by a UNC that aren't FQDN? From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 3:16 PM To: NT System Admin Issues Subject: RE: Mystery Domains Really? And I'll assume no WINS either? How do UNC's that aren't FQDN work then? I'm missing some knowledge here... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Wednesday, February 25, 2009 11:48 AM To: NT System Admin Issues Subject: RE: Mystery Domains At least not for me - haven't used NetBIOS over TCP/IP in years. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 25, 2009 2:25 PM To: NT System Admin Issues Subject: RE: Mystery Domains Won't that cause other issues? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Wednesday, February 25, 2009 10:58 AM To: NT System Admin Issues Subject: RE: Mystery Domains disable NetBIOS over TCP/IP (WINS tab of your network connection's IP settings) From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Mystery Domains
Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Mystery Domains
Now, this is something I have done for a long time via GPO! Dave -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstationswe did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
