Re: Remotley managing XP Pro systems

From: Steven L Umbach (sumbach55_at_ameritech.net)
Date: 11/02/03

• Next message: Maximus: "Can you change the access rights for the limited account?"
• Previous message: Lanwench [MVP - Exchange]: "Re: Home Computer Invaders"
• In reply to: Roger Abell: "Re: Remotley managing XP Pro systems"
• Next in thread: Roger Abell: "Re: Remotley managing XP Pro systems"
• Reply: Roger Abell: "Re: Remotley managing XP Pro systems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 02 Nov 2003 17:25:39 GMT

I was thinking that too, but he can access administrative shares and manage
users which tells me that lan man level is compatible yet he can not access
Event Viewer logs or parts of the registry. I know there is a security
option for registry access paths via netwok, but the part about not
accessing Event Viewer is curious since he can access it locally?? Probably
a packet capture of the sequence would help. --- Steve

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:ur#4qFWoDHA.372@TK2MSFTNGP11.phx.gbl...
> Just curious on this, but in the XP policy for lanmanager
> protocols is the XP set to allow NTLM v2 or is it in
> the often seen default of LM and NTLM (which excludes
> NTLM v2) ?
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Jack Wray" <jackwray@cox.net> wrote in message
> news:%23pxD83LoDHA.2868@TK2MSFTNGP09.phx.gbl...
> > Steve,
> >
> > NT 4.0 domain.. Admin machine is windows 2000. And the local security
> > policies are pretty close to default. Still looking.. thanks agian for
> your
> > help
> >
> >
> > "Steven L Umbach" <n9rouz@nscomcast.net> wrote in message
> > news:6RRob.61000$ao4.161833@attbi_s51...
> > > You say you are in a NT domain - do you mean NT4.0? What is the
> operating
> > system is
> > > on the computer that you are using to try to access from? Are the XP
> > machines using
> > > default Local Security Policy configuration or close to it? ---
Steve
> > >
> > >
> > > "Jack Wray" <jackwray@cox.net> wrote in message
> > > news:utbSeeIoDHA.688@TK2MSFTNGP10.phx.gbl...
> > > > Steve,
> > > >
> > > > This is what i have come up with so far.
> > > >
> > > > Not able to access the following remotely
> > > > Event Logs
> > > > Registry keys beyond HKLM ( can see the subkeys but not able to open
> > them)
> > > > Processes
> > > >
> > > > I can access the following
> > > > User & Groups ( manage them as well )
> > > > User rights policies ( manage as well )
> > > > Admin shares ( full access )
> > > >
> > > > So, file and print sharing is working, remote registry service is
> > running
> > > > and the machine knows that i have admin rights. I will keep looking
> but
> > any
> > > > ideas would be helpful.
> > > >
> > > > "Jack Wray" <jackwray@cox.net> wrote in message
> > > > news:exkOLNCoDHA.424@TK2MSFTNGP10.phx.gbl...
> > > > > thanks Steve,
> > > > >
> > > > > I will give it a shot in the morning and let you know... BTW, i
can
> > access
> > > > > all the mentioned thing interactively so it is a remote access
> issue..
> > > > > Anyways, i will let you know.
> > > > >
> > > > > thanks again for the quick response.
> > > > >
> > > > > Jack
> > > > > "Steven L Umbach" <n9rouz@nscomcast.net> wrote in message
> > > > > news:h3Cob.71843$Fm2.57525@attbi_s04...
> > > > > > By logging on locally, I meant interactive logon with the same
> > domain
> > > > > administrators
> > > > > > account you are using to try to gain remote access. --- Steve
> > > > > >
> > > > > > "Steven L Umbach" <n9rouz@nscomcast.net> wrote in message
> > > > > > news:9_Bob.71991$HS4.630314@attbi_s01...
> > > > > > > I would first logon to one of those machines locally to see if
> you
> > can
> > > > > do those
> > > > > > > tasks. If you can then it is a network access problem and the
> > things
> > > > I
> > > > > would check
> > > > > > > are on XP computer are. -- The ICF firewall needs to be
disabled
> > or
> > > > any
> > > > > ipsec
> > > > > > > policies blocking ports for file and print sharing. File and
> print
> > > > > sharing needs to
> > > > > > > be installed/bound and the server service running. Remote
> registry
> > > > > service needs to
> > > > > > > be running. You need the user right to access this computer
from
> > the
> > > > > network on
> > > > > > those
> > > > > > > computers. If none of that pans out try temporarily disabling
> the
> > four
> > > > > security
> > > > > > > options for "digitally sign communications" if you are
accessing
> > from
> > > > a
> > > > > W2K
> > > > > > > chine. --- Steve
> > > > > > >
> > > > > > >
> > > > > > > "Jack Wray" <jackwray@cox.net> wrote in message
> > > > > > > news:%2356HgAAoDHA.1296@TK2MSFTNGP09.phx.gbl...
> > > > > > > > All,
> > > > > > > >
> > > > > > > > I am having an issue with xp systems on my network. All
> systems
> > are
> > > > > joined
> > > > > > > > to a NT domain. All systems have domain admins in the local
> > admin
> > > > > group.
> > > > > > > > However, all systems are showing the same problem, access
> denied
> > to
> > > > > the even
> > > > > > > > logs and registry. I use many scripts to monitor patches and
> > access
> > > > to
> > > > > the
> > > > > > > > registry is a must..Needless to say, access to the even logs
> is
> > nice
> > > > > too :)
> > > > > > > >
> > > > > > > > I have looked into the force guest policy and that's not
it..
> > Any
> > > > idea
> > > > > would
> > > > > > > > be great.
> > > > > > > >
> > > > > > > > Jack
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

---

• Next message: Maximus: "Can you change the access rights for the limited account?"
• Previous message: Lanwench [MVP - Exchange]: "Re: Home Computer Invaders"
• In reply to: Roger Abell: "Re: Remotley managing XP Pro systems"
• Next in thread: Roger Abell: "Re: Remotley managing XP Pro systems"
• Reply: Roger Abell: "Re: Remotley managing XP Pro systems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: dsclient - ntlm v2 ... Are you sure the problem is with authentication ... Microsoft MVP (Windows Security) ... > I need to know how make win 9x work with ntlm v2. ... The only way to this work is changing the registry ... (microsoft.public.security) dsclient - ntlm v2 ... I need to know how make win 9x work with ntlm v2. ... changed the registry like described in some ... > Clients will use LM and NTLM authentication, and never use NTLM 2 session ... > security; domain controllers accept LM, NTLM, and NTLM 2 authentication. ... (microsoft.public.security) RE: Extracting NT password hashes from registry export file ... Extracting NT password hashes from registry export file ... This list is provided by the SecurityFocus Security Intelligence Alert Service. ... (Pen-Test) [NT] Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Microsoft Management Console snap in, the System Attendant makes ... changes to the permissions on the Windows Registry to allow Exchange ... There is a flaw in how the System Attendant makes these Registry ... (Securiteam) Re: Unable to turn off or on "block images or other content in HTM ... I would backup the message store first and the registry ... Steve, what would you think about exporting the whole 5.0 subkey under ... John E. Van Kirk ... How long has a Norton application been ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)