I usually don't deal with Small Business Server but I've got a customer
with it and he's got Code Red.
He currently has SBS4.0 with SP5 installed.
I want to apply the patch which requires SP6a.
I've poked around on MSDN and looked in the SP6a readme and haven't
found any explicit mention of
Title: Message
Has
anyone moved/copied DHCP from one server to another ? This is a total PC
replacement (hardware upgrade only - not OS)
or
Does anyone KNOW of a command line way to importthe backup registry file. e \winnt\system32\DHCP\backup\DHCPcfg , (it is a
binary file) ?
thx,
rey
Title: Code Red Got me
I know I patched this server but I am not taking any more chances.
Hello Folks -
It appears one of my servers got the backdoor worm - I can scan it sometimes and it shows clean and other times a memory scan shows an infection. There is no root.exe file anywhere on
From the people who discovered Code Red:
http://www.eeye.com/html/Research/Tools/codered.html
qfecheck will tell you if your W2K patches are installed correctly:
http://support.microsoft.com/support/kb/articles/q282/7/84.asp?LN=EN-USSD=g
Depending on what you're serving up from your server, I
guess...
For
database, web, and other transactionally intensive stuff I don't really
understand why you would need a swap file that big. Seems to me that you would
want to add more RAM before it starts any kind of heavy swapping (and
Title: RE: Code Red Got me
Did the Eeye one when I patched it - showed not vulnerable then and does now - but what about this back door? Does this check for the back door that code red II might have left? The Symantec tool always says the server is not vulnerable and no trojans were present
The
main reason to set the pagefile to a static size is so that you don't incur a
performance penalty as it grows.
Of
course, depending on what you do, you may never even reach the 768MB number, so
it might be a moot point.
I
prefer static.
Win2K
likes a larger Pagefile, and the
I know a few people complained to Symantec about the false positive results.
If eeye's tool tells you that your not vulnerable then you're not.
If you think that you have the trojan then run Microsoft's cleaner
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsoluti
I
usually set the min and max the same. As the pagefile begins to grow, it may
become fragmented. Based on your system requirements,besure to set
your initial pagefile large enoughtoaccommodateyour
requirements, because when youhave to come back and increase it, the
system
Title: Message
I have
backups - but since I do not know when - or at this point even IF I am infected
I am loath to trust them.
thanks for
the help folks.
Jim Zangara, MCSE+I
Special Projects Engineer Premiere Radio Networks A
Division of Clear Channel Communications 15260 Ventura Blvd
Title: Message
When
you guys say backups, you do mean *system* backups that arent safe, right? I mean, both my
email and sql servers were hit with this (according to eEyes scanner, which
show them both as infected after application of the MS patch and reboot). I
assume I can still load
Title: Message
That is what
I am talking about. I have to restore the data from last night - no
choice.
So eeyes
scanner shows your system as infected? H maybe mine really isn't then
because I do not get that - only shows patched.
Did you get
the Hacked By Chinese page or does your
I just upgraded an nt 4 pdc to windows 2000 advanced server. Everything
works ok with one exception. The only administrator members can login
to metaframe. It gives the following error local policy doe not allow
users to login interactively I have checked both the local security
policy and
Title: RE: Metaframe post Active directory upgrade
In the Readme File for metaframe it mentions that this would happen - for non Admin members to login to a metaframe server the server must only be a member not server not running active directory.
I don't think there is a work around for
Title: Message
Update on my
possible code red -
I am getting
the same results on a different win2k Server. One time a scan by the
Symantec tools says the worm is in memory then sometimes it is not - I just
rebooted it and have left it's network cable unplugged - see if that scan comes
Title: Message
You
have already heard from a couple of people that the Symantec tool is unreliable.
Why do you keep punishing yourself like this?
/\/iels
-Original Message-From: Zangara, Jim
[mailto:[EMAIL PROTECTED]]Sent: Saturday, August 18, 2001
7:59 PMTo: NT System Admin
You are trying to detect a worm by using a virus disguised as a tool
(anything by Symantec).
The eeyes scan is likely reliable. The Symantec program should be very
carefully and very thoroughly removed (i.e. disinfected) from your
system.
No - I am not a Symantec fan.
-Original
Title: Message
have
you tried to use the coderedcleanup tool from microsoft. I have used it
succesfully, but because of the goof ups I have unistalled IIS and am now using
iPlanet free version until I feel comfortable with IIS
again.
-Original Message-From: Niels Christiansen
I usually set the pagefile to 1.5 times ram and put it on a different disk
than the OS if possible. Then monitor the machine after it is in
production. If the system is paging you either need more ram, or you have
an application with a memory leak. There are a lot of apps that will leak
Title: Message
you
are not comfortable with IIS, but you did not reformat your server after the
infection?? what am I missing in this picture?
Kevinm WLKMMAS*TM,
QWSZC, VRY+Y, NFH, SAD-VF, DERSDESDFG
~~~
More letters after my name makes me
Title: Installing RAS disabled keyboard/mice
Hello week-enders,
I installed RAS in order to enable a remote user to use her modem (read, I'm scrambling to survive the Rhythms shutdown) on a WinNT SP6a PC. After reboot, the keyboard and PS/2 mouse were inoperative. Connecting to the logs
Title: Message
Hardware? did you perhaps disable them in the
CMOS???
Kevinm WLKMMAS*TM,
QWSZC, VRY+Y, NFH, SAD-VF, DERSDESDFG
~~~
More letters after my name makes me
Smarter.
~~~
please respond
Title: Rhythms
I have several remote users on DSL, most of which affected by the Rhythms shut down. On Friday, two users in two different offices both lost their connection. The two users are served by the same LEC and depend from the same CO. A third user also on the same CO but on a
Title: Message
That one raised an eyebrow with me as
well.
Your statement about not being comfortable
with IIS struck me as odd.
Part of our job as sysadmins
in my opinion is not being pros on certain things (getting ready
for flame, he he) but being intuitive, self
learning, and just
24 matches
Mail list logo