Windows 2000 server issue

• Previous message: Daniel Field: "Microsoft Security Bulletin MS02-011 re-surface.... (EDIT)"
• In reply to: Greg Chapman: "NetBIOS Name resolver"
• Next in thread: Jeffrey Thomas: "Re: Windows 2000 server issue"
• Reply: Jeffrey Thomas: "Re: Windows 2000 server issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 23 Sep 2003 08:53:13 -0700
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Can anyone help me with this issue that I am having, I went and
installed SUS on my PDC yesterday and it created 2 users in IIS and
locked out the other 2 users that were on that particular machine
(Administrator and me)..when I try to login with either of the admin
accounts I get " The Local Policy of This System Does Not Permit You to
Log on Interactively"...I cant login to this machines at all, and again
its my PDC....from what I see it denied logon locally to all accounts
except the ones it created, If I knew the passwords for the IIS user
names it created I could login with that then go to the domain policy
editor and change that...but I don't know, anyone have any ideas on what
I can do short of reinstalling the OS?

Thanks for any help

Brian

-----Original Message-----
From: Windows NTBugtraq Mailing List
[mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM] On Behalf Of Greg Chapman
Sent: Thursday, September 11, 2003 10:07 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: NetBIOS Name resolver

Those of you on dynamically addressed networks may be having a little
bit of a headache in taking the contents of the vulnerable.log file
generated by Microsoft's scan tools for MS03-026 and MS03-039. The log
is very useful, but since it's contents are the IP addresses only, you
may be spending quite a bit of time at the console running nbtstat -a to
reverse resolve those addresses to NetBIOS names for your technicians in
their task of manually patching recalcitrant hosts.

To meet the need, I've tossed together a small VBScript, to be run by
cscript.exe, and made it available at
http://www.mousetrax.com/Downloads.html#NetBIOSNameResolver

The download is a 3k zip file containing GetNetBIOSName.vbs and
readme.txt

Usage is simple and so is the job. So here's a simple tool for the job
if you need it.

To save a little of your online time, I've included the contents of
readme.txt below my signature.

Thanks for your patience!

Greg Chapman
http://www.mousetrax.com
"Counting in binary is as easy as 01, 10, 11!
With thinking this clear, is coding really a good idea?"

-----------------------------------------------------------------------
GetNetBIOSName.vbs
Author: Greg Chapman
Contact: greg@mousetrax.com
Web: http://www.mousetrax.com

-----------------------------------------------------------------------
What's it for?
-----------------------------------------------------------------------
GetNetBIOSName.vbs is a tool for taking lists of IP Addresses and
resolving those addresses to Windows NetBIOS names. It is designed to
accurately parse the lists of vulnerable machines produced by the scan
tools offered by Microsoft to help administrators identify network hosts
in need of a security update patch.

-----------------------------------------------------------------------
How do I use it?
-----------------------------------------------------------------------
There are two ways to use this pup. On a system that has VBS files
associated with the Windows Script Host, you can drag and drop your list
of addresses directly on the script. The script will accept that file as
an argument and process the IP Addresses, one at a time.

Or, you can open a command Console, change to the directory containing
GetNetBIOSName.vbs and pass, as an argument, the path and file name of
your list.

For Example:
GetNetBIOSName.vbs "c:\vulnerable systems\vulnerable.log"

Will pass the file, c:\vulnerable systems\vulnerable.log, to the script.

-----------------------------------------------------------------------
Does it take any other arguments, say a single IP Address?
-----------------------------------------------------------------------
No, it doesn't. See, all you gotta do for one address is the same thing
GetNetBIOSName.vbs does for all the addresses in the list: nbtstat -a
<IP Address>

Simple, eh?

Yes, it might be useful to be able to specify a bit mask, say
192.168.0.0/16. Yep, that would be cool. Might get around to writing
that bit of logic one day.

For the meantime, this will have to do.

-----------------------------------------------------------------------
Is there a specific format for the IP list to have?
-----------------------------------------------------------------------
Oh, absolutely! The list of addresses must be arranged with one IP
Address per line, like this:

192.168.0.1
192.168.0.3
192.168.0.243

Any other arrangement will simply cause some sort of odd failure. No, it
won't be a damaging result. The result will merely be useless beyond
anything but entertainment.

-----------------------------------------------------------------------
Anything else I should know?
-----------------------------------------------------------------------
Only these points:
- NetBIOSNames.log will be created in the same folder in which the
script resides.

- NetBIOSNames.log contains output that is truly Comma Separated Value
format. In other words, the output in the file will look something like
this:

"192.168.0.152","KIDS01","MAC Address = 00-20-ED-5B-98-8E"
"192.168.0.159","POPPAS01","MAC Address = 00-E0-29-27-17-57"

- Instead of consuming your machine and network, the script will only
resolve one of the machines in the list at a time.

- Please, if you pass the script along, pass this readme file with it.
Not that I'm picky, but I'd prefer to get credit where it's due.

- If, instead of credit, you think I'm due some criticism, hold that
thought...to yourself! It's a tool, I wrote it, and I'm not responsible
for what you do with it. Got yourself fired for scanning your network
without talking to your network admin? Well, that's YOUR fault, right?
The script is well mannered, but this is software and getting the
results does mean you make some racket on your network.

----
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available.  And now,
for a limited time, you can save 33% off of the TICSA certification
exam! To learn more about the TICSA certification, and to register as a
TICSA candidate online, just go to
http://www.trusecure.com/offer/s0100/
----
----
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available.  And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to
http://www.trusecure.com/offer/s0100/
----

• Previous message: Daniel Field: "Microsoft Security Bulletin MS02-011 re-surface.... (EDIT)"
• In reply to: Greg Chapman: "NetBIOS Name resolver"
• Next in thread: Jeffrey Thomas: "Re: Windows 2000 server issue"
• Reply: Jeffrey Thomas: "Re: Windows 2000 server issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]