Re: Unable to view/manage server roles (windows 2003 server)

From: bonset (bonset_at_discussions.microsoft.com)
Date: 03/12/05

  • Next message: Lil' Dave: "Re: Best freeware available?" 
    Date: Sat, 12 Mar 2005 00:35:02 -0800

    It is never too late to say thanks!!!!

    I thank you very much for your answer and your help!

    :)

    "Roger Abell" wrote:

    > Some websites over recent months have posted various
    > suggestions at how to block exploitations from IE and OE
    > usage. Some of these have focused on crippling hta use.
    > Perhaps someone tried the suggestions for one such hta
    > workaround on that one machine ?
    >
    > If your server is, as IMO servers should, not used for
    > email and web site browsing, and as you indicate it is
    > now up to date on security patches, you could just set
    > the NTFS permissions so that they match those on the
    > mshta.exe file of the server where the management
    > application does work.
    >
    > Remember Everyone includes all authenticated accounts,
    > including members of the administrative groups; and, a
    > Deny overrides grants.
    >
    > --
    > Roger Abell
    > Microsoft MVP (Windows Security)
    > MCSE (W2k3,W2k,Nt4) MCDBA
    > "bonset" <bonset@discussions.microsoft.com> wrote in message
    > news:168CA1E3-9AF8-4697-BD4F-7D410304E85A@microsoft.com...
    > > Hello all,
    > >
    > > I cannot run anymore the "MANAGE YOUR SERVER" utility on my windows 2003
    > > server standard edition. When I run the utility I get the message "Windows
    > > cannot access the specified device, path, or file. You may not have
    > > permission to access the item".
    > >
    > > The item in question is the C:\windows\system32\mshta.exe. I checked its
    > > permissions and the only group that can access it is EVERYONE but the READ
    > > right is set to DENY.
    > >
    > > I know this is wrong and I cannot understand what happened and the rights
    > > are changed to this file.
    > >
    > > I never had problems in the past and my other 2003 server has no problem
    > > with running the utility (both systems have installed the latest microsoft
    > > patches released on February 9).
    > >
    > > Please help me with this, any suggestion is valuable, I don't have much
    > > experience and I am completly stuck.
    > >
    > > I thank you very much for your time and help.
    > >
    > >
    > >
    >
    >
    >

  • Next message: Lil' Dave: "Re: Best freeware available?"

    Relevant Pages

    • Re: Downloading critical updates.
      ... As SUS server needs nothing except ports Tcp 80/443 available ... >> Roger Abell ... >> Microsoft MVP (Windows Security) ...
      (microsoft.public.security)
    • Re: Advice request: Backdoor hack on Windows Small Business Server
      ... I was fortunate that nothing was actually damaged. ... >> be similar to accounts used upon that machine have had password changes ... >> Roger Abell ... >>> traffic back and forth on the server stopped. ...
      (microsoft.public.windows.server.security)
    • Re: Unauthorized use of Server 2003
      ... Roger Abell wrote: ... failure to patch the operating system and any network-active ... flatten the server immediately and scan any workstations that were ... and good security practices (including strong passwords); ...
      (microsoft.public.security)
    • Re: Password complexity vs Brute Force
      ... but that password is a user with almost no permissions so I am not ... "Roger Abell" wrote: ... > but surely you sleep longer than 2.11 hrs per night. ... >> run a brute force attack on my my server. ...
      (microsoft.public.security)