Re: Has Microsoft recently introduced "Loopback check" functionality in Windows 2000?




Hi,
The patch *KB957097* is the one that adds it.
Also some of the following ones (still I did not have time to
investigate which one):
KB958215
960714
KB954600
KB956802

Rgds,
PabloV99

cemkeles@xxxxxxxxx;4113150 Wrote:
Hi,
We have faced same on our windows servers. Server can't access itself
using alias, but can with hostname or IP.
Recently installed patches are these:
- Security Update for Windows 2000 (KB957095)
- Security Update for Windows 2000 (KB958644)
- Security Update for Windows 2000 (KB957097)
- Security Update for Microsoft .NET Framework 1.1 Service Pack 1
(KB947742)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1
(KB956390)
- Security Update for Internet Explorer 6 for Windows 2000 (KB938464)
- Cumulative Security Update for ActiveX Killbits for Windows 2000
(KB956391)
- Security Update for Windows 2000 (KB954211)
And DisableLoopBackCheck is in registry now with value of 0
I'm sure one of these adds this in the registry, but I couldn't make
sure which. Actually I checked kb pages of all these on Microsoft's
homepage but couldnt find anything yet. If someone can help us, that
will be really appreciated.

Cem




On 24 Kasým, 18:38, "Trust No One®" <dana.scu...@xxxxxxxx> wrote:
Hi Folks,

I think the answer to my question is "Yes", but hopefully someone
can
confirm and/or point me to the particular security patch that
introduced it.

Recently - on the 14th of November when we rolled out a number of
Microsoft
patches, a number of our Windows 2000 servers had problems where
applications running on these servers were no longer able to map to
local
shares using an alias (DNS CNAME) for the server. Attempting the map
the
share resulted in a request for login credentials.

Up to this point this kind of drive mapping worked flawlessly in
Windows
2000, provided the DisableStrictNameChecking key was set as detailed
in:

http://support.microsoft.com/kb/281308

During my investigation I found that the registry value
DisableLoopBackCheck=0 now appears in the registry of our Windows
2000
servers. This is related to the LoopBack check functionality which
was first
introduced in Windows 2003 SP1.
(seehttp://support.microsoft.com/kb/896861)

If I set "DisableLoopBackCheck=1" or alternately specify the desired
alias
in a "BackConnectionHostNames" entry, then everything works, as per
the KB
article for Windows 2003 SP1.

So it looks like a recent security patch has introduced the loopback
check
functionality previously only applicable to Windows 2003 SP1
onwards.

Can anyone else confirm this behaviour?

Regds,

--
Peter <X-Files fan>


--
PabloV99
------------------------------------------------------------------------
PabloV99's Profile: http://forums.techarena.in/members/pablov99.htm
View this thread: http://forums.techarena.in/windows-2000-security/1076916.htm

http://forums.techarena.in

.



Relevant Pages

  • Re: Is running a patch that changes something in Windows XP permis
    ... again for a Microsoft MVP: I have been trying to understand what the ... Windows XP versions before SP2 the system was recognised as SP2 RC1. ... > some things to quote here that tell us that the patch probably does not ... > change the value of TcpNumConnections in the registry and that there isn't ...
    (microsoft.public.windowsxp.general)
  • Re: The 2007 Microsoft Office system does not support upgrading from a
    ... prerelease version of the 2007 Microsoft Office system. ... 2007 Microsoft Office Suite Service Pack 1 ... Hotfix for Windows Media Format 11 SDK ... Security Update for Step By Step Interactive Training ...
    (microsoft.public.office.misc)
  • The 2007 Microsoft Office system does not support upgrading from a
    ... I am trying to load Microsoft Project 2007 on my PC and I keep getting the ... prerelease version of the 2007 Microsoft Office system. ... Hotfix for Windows Media Format 11 SDK ... Security Update for Step By Step Interactive Training ...
    (microsoft.public.office.misc)
  • Re: Microsoft Update and BigFix
    ... free security updates for Microsoft Office Products as well as ... Windows XP and Windows 2000, and even Windows 98 and Me, and was ... -- Security Update for Windows XP ... -- Vulnerability in ART Image Rendering Could Allow Remote Code ...
    (microsoft.public.windowsupdate)
  • Re: windows update reporting info back to MS? (and .NET fw SP1)
    ... if a patch is on the system. ... It is very possible that the registry ... I have been working with HFNetChk Pro demo for a while now, ... way to connect that you the owner is patching windows. ...
    (Focus-Microsoft)