Re: How to fix broken security in Windows 2000?

• Previous message: Kevin Davidson: "Weird session names"
• In reply to: Shannon Jacobs: "Re: How to fix broken security in Windows 2000?"
• Next in thread: Phillip Windell: "Re: How to fix broken security in Windows 2000?"
• Reply: Phillip Windell: "Re: How to fix broken security in Windows 2000?"
• Reply: Shannon Jacobs: "Re: How to fix broken security in Windows 2000?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 24 Jan 2005 12:00:40 -0500

"Shannon Jacobs" <shanen@my-deja.com> wrote in message
news:OvKU5AbAFHA.4044@TK2MSFTNGP11.phx.gbl...

> Several of my earliest attempts along the missing-security-certificate
path
> were to try to reinstall some of the recent security certificate updates
> that WindowsUpdate had provided. I was not able to do so from the
Microsoft
> site, and none of the MVPs even thought to suggest that approach.

Well, if reinstalling the patches didn't fix the problem, isn't it a good
thing we didn't suggest it?

Windows Update absolutely lets you see and re-install whatever patches are
on your system, but it has no possible way of knowing about patches that
were pushed down by your IT staff using who knows what method, nor would we.
You would have to contact your IT staff for that.

Your only statement in your OP regarding patches was this:

"Some possibility it may have been caused by a WindowsUpdate, possibly even
one that was pushed onto my machine by the corporate IT people."

With that vague level of detail, of course your IT people knew how to fix
the problem and we didn't. Your IT people knew which patch they had pushed
out to cause the problem, and we still don't.

Even now, you still haven't provided enough information about which patch or
file was the problem, but you expect us to magically know the answer in a
minute to a problem you've been struggling with for months. I can only
guess that the patch you're talking about might be the May 2004 root
certificates update over 7 months ago, but I would be hesitant to waste your
time offering suggestions like reinstalling this or that patch based on that
guess [and since this didn't fix your problem, it's a good thing I didn't
sugest it]. You still haven't shared enough detail about the fix to help
anyone else learn from your experience.

> Using the link I provided (which actually came from someone in my
company),
> I was able to find a file which fixed the damage.

How do you know your IT people didn't get the answer to this problem from
Microsoft, or from an MVP?

> I am not certain if that
> file is the same one that exists somewhere on the Microsoft site, or if it
> was a special version. However, I am absolutely certain the Microsoft
search
> engines failed to find it, and the MVP program participants also failed to
> find it--or even to suggest looking for it.

Most problems with Microsoft patches are due to pre-existing problems
with the configuration of the PC. If no one else on the planet has ever had
your problem, then why would you expect the solution to be in the Microsoft
knowledge base? Note that your problems [getting answers from the MS search
engine or from the newsgroups, your computer breaking in the first place]
always seem to be because someone at Microsoft has failed you, never because
of you, say, entering the wrong description or deleting root certificates.

> The part that is apparently rubbing you the wrong way is my general
comments
> about what Microsoft has done to the MVP program. If so, you should quit
> acting in a way that provides additional evidence. So far you are only
> reinforcing my belief that Microsoft has pretty much destroyed the MVP
> program by getting rid of the most technically competent people.

Which of the Microsoft MVPs do you think are not technically competent? Is
it Ed Skoudis? Stuart McClure? Roberta Bragg? Tom and Debra Littlejohn
Shinder? Mark Russinovich? Mark Minasi? I would like to know why you
think the MVP program has fewer or less competent MVPs. How and why exactly
would Microsoft want to spend money and time on the MVP program, but
intentionally choose the worst candidates? How and why would they destroy
the program by increasing their support for it?

If Microsoft is solely in it for the money, as you claim, then why spend a
single cent on the MVP program in the first place? You do realize that
Microsoft has given you access to pretty much the same knowledge database
that their paid support technicians use when you call them, correct? And
that Microsoft lists the phone numbers of other companies that offer cheaper
tech support on their support web site? There are certainly some valid
criticisms that can be levied at Microsoft, but your criticisms of Microsoft
make little sense and border on paranoia.

> Or perhaps
> they have simply changed the incentive system so the MVPs are encouraged
to
> post meaningless answers even when they have no idea of what the answer
is?

The link I posted may not have fixed your problem, but it is the answer to
what you asked: "what are the dependencies and troubleshooting steps for
certificate problems related to SFC?"

I also tried in my post to clear up some of your misconceptions about how
PKI certificates work that were causing you to angrily think Microsoft was
trying to re-write PKI specifications. You have yet to prove or suggest why
the link I posted was meaningless. What exactly was it in the link that did
not apply to the question you asked?

The award MVPs get from Microsoft is relatively small and hardly compensates
me for all the time I spend here. If you think I post thousands of posts
here every year because of this award or because it gets me some kind of
points, you are very mistaken.

> Certainly I admit that some of my queries are liable to be non-trivial.
> Whatever the reason, I also believe this negative change to the MVP
program
> is a deliberate policy on the part of Microsoft to discourage customers
from
> relying on no-cash-involved support.

I see. Microsoft has increased the number of MVPs over the past two or
three years in order to discourage relying on free support. That makes lots
of sense.

> In truth, the main technical value I get from the newsgroups in recent
> years, and the only reason I will sometimes resort to them (and usually
only
> after some weeks of struggle), is that the process of describing the
problem
> more precisely and completely for a public post is sometimes helpful in
> understanding the solution.

I see. So, you don't really need anything from us. You solve the problem
entirely on your own, just by typing it down here to us. Microsoft and the
MVPs caused the problem, hide the solution to the problem from you, solely
for monetary greed on the part of all of us, and you single-handedly solve
the problem. Might I recommend posting your next question to
microsoft.public.test? You'll get the same results.

I'm not sure how exactly coming back here to insult us and express your
disappointment in our not solving the answer fits in with this, given that
you didn't really expect us to solve the problem, but then again, I'm just
an MVP, so I have trouble tying my shoes in the morning.

> Not so in this particular case, however. This
> time it was just a lucky cross-reference that caught my eye. (I cannot
> provide a link to that source since it is internal to the corporate
> intranet, not public.)

That's convenient. And that prevents you from posting details about the fix
too?

> Today I do have a new technical problem from another friend, but I'm not
yet
> stumped or desperate enough to describe it here. Thanks, but no thanks.

No problem. When you encounter problems too tough for you to solve, we'll
be here to help.

kind regards,

Karl Levnson, CISSP

• Previous message: Kevin Davidson: "Weird session names"
• In reply to: Shannon Jacobs: "Re: How to fix broken security in Windows 2000?"
• Next in thread: Phillip Windell: "Re: How to fix broken security in Windows 2000?"
• Reply: Phillip Windell: "Re: How to fix broken security in Windows 2000?"
• Reply: Shannon Jacobs: "Re: How to fix broken security in Windows 2000?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]