Re: hisecweb.inf

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/08/05

• Next message: Steven L Umbach: "Re: Securing a 2k client in a NT4 Domain"
• Previous message: Steven L Umbach: "Re: Losing Folder Permissions"
• In reply to: Mary S: "Re: hisecweb.inf"
• Next in thread: Mary S: "Re: hisecweb.inf"
• Reply: Mary S: "Re: hisecweb.inf"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 8 Mar 2005 16:29:42 -0600

It looks like your server is configured properly as far as the server
service running and the share existing and ping shows that you have basic
network connectivity. You said that you have not actually applied the
security template yet?? Make sure you are using the correct IP address to
connect to the share. I see that you have two IP addresses listed in your
screendumps? If name resolution is correct you should be able to use the
computer name as in \\p4\exchange. Were you as an administrator able to
access an administrative share such as C$ on that computer from a problem
client?? Also If possible show me a screendump that shows the security
options for the server and the client that you are trying to access the
server from. At least the security options from the server would be helpful.
There are two security options - digitally sign communications and lan
manger authentication level that need to be compatible.

What you could try is on the server make sure that the security option for
Microsoft network server:digitally sign communications(always) is set to
disabled and lan manager authentication level is set to send ntlmv2 reponses
only. Make sure those settings show as "effective" settings in Local
Security Policy after running " secedit /refreshpolicy machine_policy
/enforce on it. From a client computer make sure that port 139 TCP or 445
TCP is open on the server to the client. A quick way to do this is to use
telent as in " telnet xxx.xxx.xxx.xxx 139" where xxx.xxx.xxx.xxx is the IP
address of the server you are trying to access. If the port is open you will
get a blank command screen with a blinking cursor. If the port is closed you
will get an access denied message. If you think the problem could be a
security update, you can uninstall most of them in add and remove
rograms. --- Steve

"Mary S" <nomail@forme.com> wrote in message
news:rhgr21tb20rcs5cgcf6qv5phvi4k99kfsu@4ax.com...
> Hi again
>
> Ok! I'm in big trouble now! Somewhere during the journey of securing
> the server I must have
> done something wrong. And I'm almost sure that it has to do with the
> hisecweb.inf policy or the 6 or 7 latest hotfixes, which I installed
> via windows update all at the same time.
>
> I have made some screendumps here http://web.telia.com/~u42115338/ and
> maybe it could give you some new ideas.
>
> Yor reply highly appreciated
> Thanks
>
>
>
>
>
> On Mon, 7 Mar 2005 21:20:02 -0600, "Steven L Umbach"
> <n9rou@nospam-comcast.net> wrote:
>
>>What exactly do you mean that the share disappeared? Is this the only
>>share
>>on the server and if not can the other shares be accessed? When you go to
>>the server does it still show that the share exists? Verify that file and
>>print sharing is enabled and that the server service is running on the
>>server. Run the command net config server to see if it reports that the
>>computer is configured to share resources and the command net share to see
>>if the share and IPC$ are shown. Try to ping the server from the clients
>>by
>>name and IP address. See if you can access administrative shares from a
>>client computer that is showing the problem such as C$. Run the support
>>tool
>>netdiag and that server to see if it reports any particular problems. It
>>is
>>possible that incompatible security options for digitally sign
>>commumications, lan manager authentication level, or other security
>>options
>>could be causing a problem if they were changed on the server. -- Steve
>>
>>
>

• Next message: Steven L Umbach: "Re: Securing a 2k client in a NT4 Domain"
• Previous message: Steven L Umbach: "Re: Losing Folder Permissions"
• In reply to: Mary S: "Re: hisecweb.inf"
• Next in thread: Mary S: "Re: hisecweb.inf"
• Reply: Mary S: "Re: hisecweb.inf"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: UnauthorizedAccessException when using MSDTC ... dispatcher2 is the user logged on the client pc. ... Event Source: Security ... Object Server: SC Manager ... Primary Domain: BLITZ ... (microsoft.public.data.ado) Re: WCF security advice (and clarification) needed ... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ... (microsoft.public.dotnet.framework.webservices) RE: Problems with security requirements in Windows WorkGroups. ... "A remote side security requirement was not fulfilled during authentication. ... small chat application between a client and a server ... When I try to use the TCP channel I get the error (with NO inner exception ... (microsoft.public.dotnet.languages.csharp) Re: VPN -- the next consumer "turnkey"? ... I'm not a security expert. ... "A Hamachi system is comprised of backend servers and end-node ... Server nodes track client's locations and provide ... services without providing Hamachi with a list of client IP's. ... (alt.internet.wireless) Re: WCF security advice (and clarification) needed ... party to spoof the servers identity when the server is not authenticated ... and whenever a client connects to that webserver he's in fact validating the ... all this HTTP talk mentioned a single security token supported by the ... client (Kerberos or Windows) + server ... (microsoft.public.dotnet.framework.webservices)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint