clutch
Moderators-
Content count
3857 -
Joined
-
Last visited
-
Days Won
1
Everything posted by clutch
-
Orphan ACLs remain on files/dirs after account removal
clutch replied to Curley_Boy's topic in Customization & Tweaking
No, the only adverse effect that I have seen from it is when you want to see what permissions have been set, it make take a little bit longer for the system to give up and show you just the SID. Many times, I just remove them if I come across any. -
That's ok, it doesn't look like they're completely aware of what their stuff works in. On this link, W2K has an X mark, yet in the description it's an "NT/2000 utility". http://space.dolphin.free.fr/Windows/split.html
-
Have 2000 or Xp and internet? Disable Netbios over TCP/IP!
clutch replied to duhmez's topic in Security
We covered that here: http://www.ntcompatible.com/forums/viewt...asc&start=0 although I am curious why you think next week is so special. Is there some sort of time bomb worm out there? Not that it matters, many ISPs stopped allowing NetBIOS traffic a *long* time ago because of people browsing other people's computers (this was problematic on cable-based broadband). But, you shouldn't be using it anyway on an external interface so it's good practice to disable it. -
That would be cool, because honestly, I have never heard of it.
-
OK, yes it can be done, and hopefully DosFreak has shown that. Now, why would someone do that? Many reasons. First, if you are replacing a NIC in a system that has the MAC bound for a network function (DHCP reservation for instance) and rather than adjusting everything else to compensate, you can just reflash the NIC with a new MAC (just like it's done at the factory, but most of the time it's a one-shot deal). Another (and more common) reason is there are many software packages out there that bind licenses to NICs, and rather than going through many hoops to get a new license for the new NIC (which might be very difficult/impossible) you just throw in a replacement NIC with the same MAC. While there has been some rough standardization (like the vendor code and whatnot being part of the resulting MAC), it isn't what I would call "strictly enforced" and while rare, you can end up with multiples of the same MAC on the same network. In the first link that DF posted, that's an OS level solution to spoof the NIC MAC, while the ones that I mention go right to the chip and are not dependent on the OS, and will *always* show that MAC no matter what is done (unless the OS wants to spoof that one). In short, yes you can do it, yes it's at the hardware level, and yes there are many good reasons for doing it.
-
Just use the path that he posted (/etc/X11/XF86Config). The last part is the file itself, XF86Config. The file might also be named XF86Config-4.
-
That isn't entirely correct, as I have a Soyo motherboard that can have the MAC flashed to a different number, and if it isn't flashed it will only show up as all 0s. Also, this applies to the Linksys (and several other) NAT/router where you can cheange it from the defualt MAC. Now, while the latter *might* be construed as a "software trick", the former is not. The NIC is normally flashed out of the box, but can be changed by the user unlike most other NICs where you are not permitted to change the MAC after its been flashed from the factory.
-
I just got the email from MS; it's out.
-
"SYSTEM" is an account, but the Admin has little control over it (hence being unable to kill dead processes launched under SYSTEM). Root is sort of a hybrid of SYSTEM and Administrator in NT, as duties under NT are split up between them while their comparitive functions in Linux simply run as "Root". In this case, a properly configured service under Windows could be more secure than the *nix counterpart, since most processes/services in *nix run as Root and if compromised have Root-level access to the system (unless you are using a hardened/split-level kernel to reduce this hazard, but many are not). Just remember that some services might need to load and unload drivers or some other high-priviledge tasks, and if the "Power Users" group can't do it, then you might have to adjust its user rights to allow for this.
-
Most of the core ones (the MS defaults) don't need to be bothered with (and probably shouldn't) so I wouldn't worry about those. The real need to adjust these is with applications that run a service in which you have installed after the fact (RDBMS systems, web servers, ftp servers, etc) that you want full control over. What I have done is created accounts for each of these services, then give them only what they need for permissions (such as "Power Users" so they can launch but not install anything on their own). Also, whenever in a domain environment, I make these accounts locally on the machine rather than in the domain so that if a service is compromised, it can't be used to move across the network or create accounts in the domain.
-
The install process is actually really simple, if you find a how to on your system (or a generic one) first. However, it can be very intimi[censored]. That's why trying something like Lindows, Xandros, or Knoppix is a much better alternative. You get all the power and stability of Debian, but with a much better install (or in the case of Knoppix, it can just run from the CD and be copied to the harddrive if you want to keep it) system. There is another friendly installer that handles the setup duties for Debian, and you can get it for free as well (it's a basic Debian distro, but with a graphical installer) but I can't think of it's name right now. Unless there's a real method to handling dependencies in RPMs, then it will always be a major failure and thorn to Linux users everywhere. Oh, and your account here is also valid at www.linuxcompatible.org, in case you or others didn't already know .
-
Firstly, we have www.linuxcompatible.org if you would like to have a heavy duty Linux discussion, but I don't mind talking Linux here . Second, all RPM-based distros suck. I'm sorry, I'm a Debian guy, and I can't stand having to hunt around for stupid libraries when the packager is too lazy to either include them or at least give good documentation as to what it needed. And this includes several mainstream packages as well, such as CD burning front-ends. The worst was trying to install the knock off of APT for RH/RPMs, known as "apt4rpm", and that was a nightmare. It took me 2 hours or searching all over the place to get what I needed for a RH8 install, and when I finally got it loaded it would still break (just as much as the normal RPM installer would). In addition, with apt in the Debian distros (Debian, Lindows, Xandros, Libranet, etc) you can install multiple packages at once by simply using "apt-get install package1 package2 package3..." and it will resolve all the dependencies and install them in order. With this ability, this type of OS lends itself to upgrading while RH, Drake, SuSE, etc. really need to be upgraded with CD images (at best) or simply formatted and reinstalled. Another type of distro with great promise is the compiling style (as a friend calls it, a "glorified installer"), such as Gentoo and Sourcerer. With these you run *very* close to the core of the OS (almost as geeky as the LFS, Linux From Scratch, guys but with a little less headache). In Gentoo, you can tune your make.conf to the needs of yourself and your machine, and then compile *everything* that goes on it. Of course, this level of customization doesn't come without its price. I have a P2 400 workstation that has been "emerging" KDE since 8:30 yesterday morning, and it took 6 hours to compile and install Gnome with nothing else installed in it. Personally, I will be sticking with Debian for the now, since I don't have that kind of time to install everything I need . However, RH, Drake, and SuSE are really great for newbies, or people that don't want to futz with their system much. They are "easier" to install (I can install Debian in half the time it takes me to get RH8 going though) for new people, and have friendly interfaces overall with more control panel type utilities. To all those that like them, don't be offended. This is just my up-in-yan of them . With respect to the security layouts, I find the *nix model to be rather limited. You can setup objects, and then use those objects (such as users) as containers (groups) for other objects. And that's about where it stops. In NT, you can add people to groups, and easily manage multiple groups AND users with all kinds of permissions, while in *nix you have the 3x3 system (owner, group, world and read, write, delete) which doesn't quite cover what I need unless I make a ton of groups and criss-cross membership all over the place. brblueser, In order to change the logon credentials of a service, you just go to the services panel (right click on "my computer", select "manage", then go to "services") and open the properties of a given services. At that point, you should see a log on tab, and you can change the credentials of the service. You know when you have a spun (failed) process, and you can't kill it? Normally, it's because the process is running under "System", which has a higher level of credentials than "Administrator/Admins", and the admin has no right to kill it. This is a major reason why you see people rebooting NT boxes when there's a problem. The next biggest issue is if explorer is slowing down, and you can just kill that process and restart it using Task Manager. Both of these functions have been around a *long* time in the Windows world, and directly translate to using ps -aux and kill in *nix, and using ctrl-alt-backspace to kill X-server (and hence, your window manager) when there's problems. HTH
-
The security models are completely different, and many of the exploits/viruses/worms attack services that are already running with admin (or worse, "system" priveledges if never changed by the admin) credentials and thus makes no difference what account was logged in at the time. Few people have made a point to really understand both models, and these misconceptions about not using admin privies on Windows systems keep rolling foward. Just setup another account for yourself, and make it a member of the administrators group. And then rename the "administrator" account to something else to help slow down the more obvious attacks.
-
It falls off a lot, actually. Rough handling of systems in transport (or poor packaging) combined with less than competent users leaves you with a great chance of that happening. I remember reading many times about people forgetting to properly mount their Athlons (or leaving the fan unplugged on accident, which happens to everyone at some point) and with the rate those things heat up they simply cook.
-
Did you see the clip on Tom's Hardware showing the performance between a 3Ghz clocked to 3.6GHz and the 3GHz with Hyperthreading enabled? It's rather interesting, and shows that there's a bit of merit to this when heavily loading the system down.
-
A questions on network utilization (windows taskman)
clutch replied to dbgg1979's topic in Networking
Hubs and poor switches have the same effect as well, with poor bandwidth/collision management and a weak backplane they can adversly affect both latency and bandwidth. -
.NET and MSSQL is a *very* fast combination, but they come with a fairly hefty price tag (W2K/.NET Server and MSSQL Server licenses). You can use the much nicer IDEs for them as well, such as VS.NET for many languages or the freebie "Matrix" from MS that handles ASP.NET (VB.NET and C#, but some others are coming for it I think) only. PHP and PostgreSQL might be a better combination, as I have read that PostgreSQL supports more RDBMS functions than MySQL does.
-
MSSQL is way more powerful than MySQL, but most RDBMS systems are similar to one another in their core aspects. Now, for the best language to connect to the DB, that's generally ADO (ActiveX Data Objects)/ADO.NET. VB and ASP both use ADO, while the .NET languages use ADO.NET.
-
The Intel systems are very snappy indeed, and they take less additional drivers to accomplish optimum performance. Basically, it's a lot less hassle to maintain. You'll appreciate this more and more as you install new software.
-
Win2k Pro and build-in FTP server licensing.
clutch replied to Igor's topic in Everything New Technology
Windows clients are limited to 10 connections, regardless of the service. This extends from IIS to File and Printer Sharing as well. -
The flamethrower was awesome. That pretty much made the game for me.
-
It might have run fine before, but does it run fine after you remove the new memory? The board could have been damaged during the installation of the memory, and this would go a long way to determining that. Also, if it does work properly, try swapping out the existing module with your new one.
-
I was having problems with Unreal Tournament 2003 not allowing me to switch CDs when installing it from the CD set. So, here's a tip that I found from digging all over the place; don't install from your mountpoint since the executing process will tie up your device and you'll get a "device is busy" response when you try to eject/umount it. What you can do is just copy the linux installation script from the third disc to your home dir, and execute it from there. It will then prompt you for the CDs and installation should work fine from then on. Also, there was a bit of a mixup just as the discs were going gold, so the prompts will not have the proper CD names. If you use my directions, then all you have to do is insert the first CD after you copy over the installer script, and then the second, and third as prompted. Thanks to Toby for pointing out the installer was on the third CD, and sending me off on the wild trek.
-
Getting DHCP Server to ignore range of MAC addresses
clutch replied to BladeRunner's topic in Networking
OK, I get what you're driving at now. Unfortunately, the only way I can think of at the moment would be to reserve the IPs of your regular workstations in a specific address range, and assign that to the 2K DHCP servers. I know that isn't what you're looking for, and that would be a pretty bad idea from an administration angle. I just don't see any option enabling MAC filtering right now. Do any of the Linux boxes allow for this? Are the Linux boxes already using this sort of filtering mechanism? Also, what's to prevent some developer A's Linux box from assigning an IP to developer B's set-top box when he's roving the network? If the Linux boxes can perform this kind of filtering, maybe they can take the place of the 2K DHCP servers. -
Getting DHCP Server to ignore range of MAC addresses
clutch replied to BladeRunner's topic in Networking
You can't just assign static IPs to the Linux boxes, or reserve an IP range for their specific MAC addresses? I guess I am missing what you want to do.