clutch

Yes, and it wont host more than 10 concurrent connections. In addition, you can only host one site on it at a time (unlike NT/2K server, where you can add a good deal more).

Bummer. Well, if there are problems with the project you could always tell them it's because they can't code worth a damn.

They are saying that you need to upgrade to Office 2K SP2 on the server before the extensions will install? Odd, since I don't have office installed on my servers. And the clients that do have Office 2K installed are only SR-1a (as SP2 is a pain in the *** for our Palm Pilots).

I found this while searching for something else today, and I thought some others may find it interesting as well. http://support.microsoft.com/support/kb/articles/Q169/2/92.ASP

DosFreak, Is it "SMP Seesaw" from Mike Linn?

NT workstation has always been 10 (at least through 4.0 and 5.0), and I imagine this will carry through to WinXP. I never really considered Win98 PWS for anything other than development of ASP code locally before publishing to a "real" server. Oh, and server is considered "unlimited".

If it indeed happens more than "occasionally" on a given network, then there is a real problem. I would imagine that Uykucu may see it more often over several networks, and therefore may view it as something of a regular occurance.

Nahhh. I didn't even pay attention to it until I realized he was still here. So, you had nothing to do with.

ICS (Internet Connection Sharing) is built into Win2K and Win98, and you can also use software like Sygate and Wingate. You can even some little free ones at www.download.com if you do a search for "proxy".

http://www.microsoft.com/technet/treevie...tain/custom.asp Win2K Pro will usually work fine, however the OS is limited to 10 concurrent connections. That link will illustrate way to customize the service. Also, FTP servers tend to negotiate an alternate port with the client, and some NAT/PAT and firewall systems inhibit this ability. So, clients *may* have to connect via PASV (passive) mode. This should cover most of the issues that I have had in the past. Also, here's a cool little trick you can do in IIS so that a user is auto-magically redirected to his/her own home directory. http://iisanswers.com/Top10FAQ/t10-FTPuersfolder.htm

NP.

Why? Don't be.

Generally, this can happen if an account was deleted in one security context (domain, local, or trusted) and this action wasn't replicated throughout the domain. I have seen this in the past with accounts I have deleted, yet permissions on a given object (like a folder) still have his SID (which is the number you posted) attached to the object. In NT, you would "normally" see "Account Deleted", but for some reason in Win2K you will occasionally see the actual ID.

Set the NTFS permissions on the directory in question, and then set the directory security mode in IIS to clear text password: 1. Open IIS Console 2. Expand the site in question and right click on the desired directory, then select properties 3. Select the Directory Security tab 4. Select "Anonymous access and authentication control" 5. Select "Basic Authentication", while clearing "Anonymous Access" and "Integrated Windows authentication" 6. (Optional) Edit the "Basic Authentication" and enter the NT Domain name (or workgroup name) either directly or browsing to it That should cover it.

The only thing that I could guess, would be to check out www.winternals.com for Disk Commander. I haven't used it, but it seems to do what you are asking.

If you switch from NTLM to clear text/password, it should then permit Nutscra..., err, I mean Netscape users authenticate just dandy.

I am not sure why that would happen, as I have installed those extensions on 3 Win2K SP2 servers without a problem. You can still get them from a copy of Frontpage however, and then just upgrade them later. Or, install the extensions from the Win2K CD. Go to Add/Remove Programs, and then select Windows Components. You can then install the extensions from there. These will be the Frontpage 2000 extensions.

I guess that remains to be seen.

He has an MX-based card I believe.

I got this over the weekend at work: I am posting a message about a new variant of the Code Red virus that has started circulating. This one is much worse and if you are infected, probably ought to reformat. This morning, AFAIK, a new Code Red variant was released. ------------------------------------------------------------------------ -- Ok, here's the latest on this new variant. 1. It makes a copy of CMD.EXE called ROOT.EXE in the; \inetpub\scripts and \program files\common files\system\msadc directories. Does this on both drive C: and D: (doesn't fail if D: doesn't exist). 2. It then runs its attack program code to infect itself upon numerous other boxes. This is done randomly, although there is a bias to attack boxes that are part of the same class A as infected attacker (so it hits your own boxes sooner rather than later). Attack code runs for 24 hours, 48 hours on Chinese language systems. 3. After attack code runs (and it seems to be based on clock ticks, not date), it then writes out a Trojan. File Explorer.exe (8192bytes or 7K as displayed by Windows) is dropped (from the code in the original attacking URL) to the root of drive C: and D: (again, doesn't matter if D: doesn't exist). 4. The system is then rebooted (probably a forced reboot). 5. When the system restarts, it loads the trojan Explorer.exe from the root directory on the boot drive. This code then does several things; a) Launches the real Explorer.exe, so the system looks normal. Sets SFCDisable in hklm\software\microsoft\windows nt\currentversion\winlogon to some undocumented value. Presumably this disables Windows File Protection (so critical files could be overwritten) c) Creates two virtual directories (via the registry) in hklm\system\currentcontrolset\services\w3svc\parameters\virtual roots. Called "C" and "D", they are mapped to the root directories of the two drives and permissions are established in the virtual directory to allow script, read, and write access as well as setting execute permissions to scripts and executables. d) goes into an endless sleep loop. The end result of all of this action is to leave your box wide open to remote connection and total compromise. Unlike "Code Red", this worm doesn't attack any single target at any point, although its attack strength seems to be much higher (it launches 300 threads right off, although some may only launch 100), so its propagation seems much higher. The attack only works properly on Windows 2000 systems (preliminary analysis). ICSA Labs tested against an NT 4.0/IIS 4.0/SP3 box and received a standard error message. Reports from subscribers suggest that XP IIS 5.1 RC1 is invulnerable also. Its expected that it works on PWS and OWS equally to IIS (all on W2K). Its obviously a short-lived attack, at least the process of collecting victims. What would be done with them once collected is another story. No attempt is made by the worm to send anything "home", although detecting compromised boxes is far too easy (very unfortunately) for anyone outside your network. Cleaning a compromised box should really be done by reformatting. Although logging is left on for the new virtual directories created (meaning you'd see access in your IIS logs), there's really no way to be sure that files haven't been implanted to leave other backdoors (not as part of this worm, but as part of the use of the opening it creates). Credits: The bulk of the analysis was done by Nick Fitzgerald of Virus-L (and friends) and Roger Thompson of TruSecure. Additional help came from Bruce Hughes of the ICSA Labs. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor --------------------------------- Now Registering for IIS FastTrack http:/www.iistraining.com Brett Hill - IISAnswers.com brett@iisanswers.com (303) 543-7502 MCSE MCT A+ Net+ CIW-TT

CrazyKillerMan, Those "sorts" seem to have a habit of returning under alternate accounts anyway. Then, one day, they show their true colors... Right Gemfire?

I understand what you are asking, but I have not tried that either. It may just be a driver issue. Have you tried a couple of version levels? There may be a limitation in the ones that you are using.

I saw the link to this on www.voodooextreme.com. http://grc.com/x/talk.exe?cmd=article&group=grc.security&item=21298&utag= This describes the "X" variant a bit more. I REALLY hope everybody here is patched (and if not, patch and reboot damnit!)

You would need a fixed IP, and host your own name server(s). Then, register the server under your domain name account with the name registering body of your choice. Or, you could go to tzo.com and have them handle it. I would imagine that dynip.com would have the same function. Basically, if you have a dynamic IP, you would have a client running on your server that will post updates as to your current IP to tzo/dynip. Then, when someone asks for "yourdomain.com", it goes to their servers, which they will then forward to your computer. TZO also allows for the forwarding of all name server info to your personal name server. That way, you could have pc1.yourdomain.com, pc2.yourdomain.com, etc. (for extra cost of course).

Tnx bud.