http://www.sqlmag.com/authors/author/author/5777416/rsscomment/5777416en-USFri, 25 May 2012 08:35:41 GMTFri, 25 May 2012 08:35:41 GMThttp://www.sqlmag.com/article/permissions/auditing-permission-changes-on-a-folder#commentsAnchorThu, 17 May 2012 21:17:54 GMT
We use NetWrix File Sevrer Change Reporter for thisit sends automated reports on changes and access to file servers, including changes and access attempts to files, folders, shares, and permissions. There is a freeware version that reports on the changes, but for your purposes, the enterprise version would work best because it will tell you whos making the changes.]]>Lorenzo0o0Thu, 17 May 2012 21:17:54 GMThttp://www.sqlmag.com/article/permissions/auditing-permission-changes-on-a-folder#commentsAnchorhttp://www.sqlmag.com/article/log-files/access-denied-letting-users-view-security-logs#commentsAnchorThu, 28 Apr 2011 14:27:42 GMT
this article is obsolete as of windows 2003 server. if your still running windows 2000 its correct, otherwise its just misleading and should be removed or updated]]>jpmillerx77Thu, 28 Apr 2011 14:27:42 GMThttp://www.sqlmag.com/article/log-files/access-denied-letting-users-view-security-logs#commentsAnchorhttp://www.sqlmag.com/article/windows-server-2003/understanding-managed-computers#commentsAnchorWed, 16 Mar 2011 05:52:55 GMT
Thank your for the information, cheers :)]]>MoubasherWed, 16 Mar 2011 05:52:55 GMThttp://www.sqlmag.com/article/windows-server-2003/understanding-managed-computers#commentsAnchorhttp://www.sqlmag.com/article/windows-server-2003/understanding-managed-computers#commentsAnchorWed, 26 Jan 2011 00:17:07 GMT
Where’s the Beef! I really expecterd more depth than this!]]>RowlandWed, 26 Jan 2011 00:17:07 GMThttp://www.sqlmag.com/article/windows-server-2003/understanding-managed-computers#commentsAnchorhttp://www.sqlmag.com/article/windows-server-2003/setting-up-a-secure-offsite-backup#commentsAnchorThu, 02 Dec 2010 12:19:10 GMT
Our firm uses www.myfilessecured.com to backup our servers and our CEO’s laptop.
Good stable company, good retention period.
We had to use their recovery twice and very happy with quality of service.
They use SSH to transmit data to their servers with encrypted communication and disk encryption within the servers. Backups are also encrypted and mirrored all over the US.
Check them out.
just an fyi]]>James MorallesThu, 02 Dec 2010 12:19:10 GMThttp://www.sqlmag.com/article/windows-server-2003/setting-up-a-secure-offsite-backup#commentsAnchorhttp://www.sqlmag.com/article/authentication/letting-a-user-log-on-from-only-a-specific-computer99733#commentsAnchorSun, 09 May 2010 08:23:16 GMT
how can set this setting by powershell or some thing like powershell such as Quest Active Directory PowerShell.

Thanks in advanced
]]>Sasan HeydariSun, 09 May 2010 08:23:16 GMThttp://www.sqlmag.com/article/authentication/letting-a-user-log-on-from-only-a-specific-computer99733#commentsAnchorhttp://www.sqlmag.com/article/encryption2/lock-down-your-pda#commentsAnchorTue, 16 Feb 2010 22:56:22 GMT
wnt to download]]>swapnilTue, 16 Feb 2010 22:56:22 GMThttp://www.sqlmag.com/article/encryption2/lock-down-your-pda#commentsAnchorhttp://www.sqlmag.com/article/registry2/access-denied-disabling-group-policy#commentsAnchorTue, 02 Feb 2010 06:13:06 GMT
Remotely reset and Re-apply user’s group policy with Smart-x’s GP-Remover http://www.smart-x.com/?CategoryID=246&ArticleID=253]]>SmartTue, 02 Feb 2010 06:13:06 GMThttp://www.sqlmag.com/article/registry2/access-denied-disabling-group-policy#commentsAnchorhttp://www.sqlmag.com/article/internet/webdav-for-remote-access#commentsAnchorTue, 22 Dec 2009 23:57:09 GMT
A more secure solution for remote access that I know of is RHUB (http://www.rhubcom.com/) system. It doesn’t necessitate opening of any TCP ports for remote access. You get on-premise security of your own firewall, and in addition the System utilizes an advanced security feature that blocks access by IP address.]]>johnTue, 22 Dec 2009 23:57:09 GMThttp://www.sqlmag.com/article/internet/webdav-for-remote-access#commentsAnchorhttp://www.sqlmag.com/article/internet/webdav-for-remote-access#commentsAnchorTue, 22 Dec 2009 23:54:21 GMT
A more secure solution for remote access that I know of is RHUB (http://www.rhubcom.com) system. It doesn’t necessitate opening of any TCP ports for remote access. You get on-premise security of your own firewall, and in addition the System utilizes an advanced security feature that blocks access by IP address.]]>johnTue, 22 Dec 2009 23:54:21 GMThttp://www.sqlmag.com/article/internet/webdav-for-remote-access#commentsAnchorhttp://www.sqlmag.com/article/ip-security-ipsec2/disabling-unnecessary-services-by-default#commentsAnchorWed, 01 Apr 2009 17:32:02 GMT
..]]>BillWed, 01 Apr 2009 17:32:02 GMThttp://www.sqlmag.com/article/ip-security-ipsec2/disabling-unnecessary-services-by-default#commentsAnchorhttp://www.sqlmag.com/article/mobile-and-wireless2/beef-up-security-for-your-mobile-device-fleet#commentsAnchorMon, 09 Feb 2009 14:46:05 GMT
I use a lost and found recovery service to protect my mobile devices. I recommend trackitback to anyone who owns a cell phone, or laptop. They have managed to save me hundred of dollars in the past few years that I would have had to pay to replace my lost cell phone (twice) and laptop.]]>SheilaMon, 09 Feb 2009 14:46:05 GMThttp://www.sqlmag.com/article/mobile-and-wireless2/beef-up-security-for-your-mobile-device-fleet#commentsAnchorhttp://www.sqlmag.com/article/encryption2/encrypting-rdp-traffic-when-you-use-terminal-services-to-remotely-manage-your-servers44737#commentsAnchorMon, 17 Nov 2008 08:10:14 GMT
EXCELLENT]]>NickMon, 17 Nov 2008 08:10:14 GMThttp://www.sqlmag.com/article/encryption2/encrypting-rdp-traffic-when-you-use-terminal-services-to-remotely-manage-your-servers44737#commentsAnchorhttp://www.sqlmag.com/article/certificates/configuring-iis-to-require-client-certificates-from-users#commentsAnchorSun, 16 Nov 2008 18:32:52 GMT
In a user environment where they may have multiple client certificates (exp: U.S. DOD, uses CAC with an Identity certificate and an Email certificate located on the same CAC), is it possible, through IIS, to limit the presentation of one or the other certificate, but not both during the client authentication process?]]>brucecmcSun, 16 Nov 2008 18:32:52 GMThttp://www.sqlmag.com/article/certificates/configuring-iis-to-require-client-certificates-from-users#commentsAnchorhttp://www.sqlmag.com/article/services/using-ipsec-to-prevent-workstation-to-workstation-communication#commentsAnchorSat, 08 Nov 2008 23:55:03 GMT
how to view full article?]]>YiSat, 08 Nov 2008 23:55:03 GMThttp://www.sqlmag.com/article/services/using-ipsec-to-prevent-workstation-to-workstation-communication#commentsAnchorhttp://www.sqlmag.com/article/kerberos/access-denied-edit-ticket-lifetime#commentsAnchorTue, 04 Nov 2008 09:26:36 GMT
Randy, Hi. This is the clearest explanation of the ticketing process I’ve managed to find so far (and I’ve been searching a while) - thanks - but it still leaves me with a few unanswered questions: If error 32 is benign, what’s the point of the 7 day user ticket max renewal period? What happens at the end of 10 hours (ticket auto renewal)? Does the user need to re-authenticate against AD ? or does the fact that the TGT is still valid remove the need for authentication? What happens at the end of 7 days ? a re-authentication against AD? Finally, does the whole mechanism allow a user to be logged on indefinitely, able to access services infrequently and without timing out? Thanks very much. Michael]]>MichaelTue, 04 Nov 2008 09:26:36 GMThttp://www.sqlmag.com/article/kerberos/access-denied-edit-ticket-lifetime#commentsAnchorhttp://www.sqlmag.com/article/auditing/windows-2003-security-log-account-management#commentsAnchorWed, 29 Oct 2008 09:32:22 GMT
1111]]>GwynnWed, 29 Oct 2008 09:32:22 GMThttp://www.sqlmag.com/article/auditing/windows-2003-security-log-account-management#commentsAnchorhttp://www.sqlmag.com/article/internals-and-architecture/learning-about-default-class-permissions#commentsAnchorFri, 24 Oct 2008 03:14:16 GMT
ER]]>jFri, 24 Oct 2008 03:14:16 GMThttp://www.sqlmag.com/article/internals-and-architecture/learning-about-default-class-permissions#commentsAnchorhttp://www.sqlmag.com/article/windows-server-20082/the-advantage-of-using-an-rodc-rather-than-a-dc#commentsAnchorThu, 09 Oct 2008 14:32:03 GMT
Note that the statement regarding attacking an RODC is misleading as it doesn’t account for all the extra measures that were built into RODC to ensure that attacks that happen within a site don’t have any reach to resources elsewhere. Note that a site is typically a branch site that only contains resources from a single domain (even in a multi-domain deployment). The main measures are the enhancements in the Kerberos authentication logic, that are ignored by the author. The fact is that RODCs don’t share the same krbtgt account and password as writeable DCs do - instead every RODC has its own krbtgt account. So when a computer or user that has been authenticated by an RODC wants to access a resources outside of the scope of that RODC (for example a resource in a different site), it will - as always - have to request a Kerberos service ticket for that resource. Since the RODC can’t generate this, the request is forwarded to a writeable DC, which strips away the whole PAC of the Kerberos ticket coming from the RODC (as it could include a forged group membership) and regenerates it based on its own AD data. Se even if a site contained resources from multiple domains (let’s say DOM1 and DOM2), a successful attack of RODC of DOM1 would only allow to elevate privileges on computers in THAT site from THAT domain - i.e. from DOM1. For example, a skilled attacker might be able to add himself to an AD group on the RODC that grants access to DOM1 computers in that site. However, a computer from DOM2 does not trust the RODC of DOM1 and thus would not be vulnerable to this attack. Instead - to receive a service ticket for the resource from DOM2 (even if it’s in the same site), the RODC of DOM1 would forward the request of the kerb service ticket to a hub-DC, which would re-generate the kerberos ticket and then follow the trust path to a DC from DOM2. So while an attacked RODC doesn’t save you from every harm, it saves you from much more than the author suggests.]]>GuidoThu, 09 Oct 2008 14:32:03 GMThttp://www.sqlmag.com/article/windows-server-20082/the-advantage-of-using-an-rodc-rather-than-a-dc#commentsAnchorhttp://www.sqlmag.com/article/monitoring-and-analysis/audit-account-logon-events#commentsAnchorMon, 06 Oct 2008 07:03:21 GMT
Very helpfull indeed]]>SimonMon, 06 Oct 2008 07:03:21 GMThttp://www.sqlmag.com/article/monitoring-and-analysis/audit-account-logon-events#commentsAnchorhttp://www.sqlmag.com/article/kerberos/discovering-the-cause-of-an-event-id-675#commentsAnchorMon, 29 Sep 2008 17:30:16 GMT
This is a test.]]>mhinojosa Mon, 29 Sep 2008 17:30:16 GMThttp://www.sqlmag.com/article/kerberos/discovering-the-cause-of-an-event-id-675#commentsAnchorhttp://www.sqlmag.com/article/log-files/disabling-logging-of-anonymous-logon-events#commentsAnchorSun, 28 Sep 2008 18:26:38 GMT
THANKS. HELPED]]>RichardSun, 28 Sep 2008 18:26:38 GMThttp://www.sqlmag.com/article/log-files/disabling-logging-of-anonymous-logon-events#commentsAnchorhttp://www.sqlmag.com/article/security/access-denied-locking-down-pcs-portable-media-drives#commentsAnchorSun, 28 Sep 2008 00:55:38 GMT
VERY USEFUL]]>reneSun, 28 Sep 2008 00:55:38 GMThttp://www.sqlmag.com/article/security/access-denied-locking-down-pcs-portable-media-drives#commentsAnchorhttp://www.sqlmag.com/article/passwords/access-denied-delegating-the-right-to-unlock-user-accounts#commentsAnchorMon, 22 Sep 2008 13:14:49 GMT
sdhbtfgmkjyh,n,]]>ods_twigMon, 22 Sep 2008 13:14:49 GMThttp://www.sqlmag.com/article/passwords/access-denied-delegating-the-right-to-unlock-user-accounts#commentsAnchorhttp://www.sqlmag.com/article/certificates/creating-a-new-certificate-template-in-windows-server-2003-standard-edition#commentsAnchorSun, 21 Sep 2008 01:56:48 GMT
good]]>DavidSun, 21 Sep 2008 01:56:48 GMThttp://www.sqlmag.com/article/certificates/creating-a-new-certificate-template-in-windows-server-2003-standard-edition#commentsAnchorhttp://www.sqlmag.com/article/authentication/letting-a-user-log-on-from-only-a-specific-computer99733#commentsAnchorSat, 20 Sep 2008 05:34:45 GMT
good]]>swapnilSat, 20 Sep 2008 05:34:45 GMThttp://www.sqlmag.com/article/authentication/letting-a-user-log-on-from-only-a-specific-computer99733#commentsAnchorhttp://www.sqlmag.com/article/services/understanding-the-local-service-and-network-service-accounts#commentsAnchorFri, 19 Sep 2008 08:42:07 GMT
OK]]>klikar Fri, 19 Sep 2008 08:42:07 GMThttp://www.sqlmag.com/article/services/understanding-the-local-service-and-network-service-accounts#commentsAnchorhttp://www.sqlmag.com/article/authentication/letting-a-user-log-on-from-only-a-specific-computer99733#commentsAnchorSun, 14 Sep 2008 00:35:11 GMT
How does this work for IAS? We use it to verify account information for VPN users. We would like to allow a temporary contractor RDP access to a specific server. Would restricting it like this allow them to still authenticate?]]>JoseSun, 14 Sep 2008 00:35:11 GMThttp://www.sqlmag.com/article/authentication/letting-a-user-log-on-from-only-a-specific-computer99733#commentsAnchorhttp://www.sqlmag.com/article/terminal-server-and-services/access-denied-understanding-event-ids-683-and-682#commentsAnchorFri, 12 Sep 2008 15:18:17 GMT
what]]>TimFri, 12 Sep 2008 15:18:17 GMThttp://www.sqlmag.com/article/terminal-server-and-services/access-denied-understanding-event-ids-683-and-682#commentsAnchorhttp://www.sqlmag.com/article/auditing/using-audit-policies-to-track-activities-performed-by-specific-users#commentsAnchorThu, 11 Sep 2008 20:29:48 GMT
So far so good]]>prock2008 Thu, 11 Sep 2008 20:29:48 GMThttp://www.sqlmag.com/article/auditing/using-audit-policies-to-track-activities-performed-by-specific-users#commentsAnchorhttp://www.sqlmag.com/article/kerberos/discovering-the-cause-of-an-event-id-675#commentsAnchorThu, 04 Sep 2008 13:37:54 GMT
want to see more on this article]]>BarbaraThu, 04 Sep 2008 13:37:54 GMThttp://www.sqlmag.com/article/kerberos/discovering-the-cause-of-an-event-id-675#commentsAnchorhttp://www.sqlmag.com/article/microsoft-management-console-mmc/access-denied-understanding-windows-server-2003-s-local-security-settings#commentsAnchorThu, 04 Sep 2008 03:39:38 GMT
Great Jobn]]>RamThu, 04 Sep 2008 03:39:38 GMThttp://www.sqlmag.com/article/microsoft-management-console-mmc/access-denied-understanding-windows-server-2003-s-local-security-settings#commentsAnchorhttp://www.sqlmag.com/article/authentication/letting-a-user-log-on-from-only-a-specific-computer99733#commentsAnchorMon, 01 Sep 2008 09:52:25 GMT
what is this? the info is so trivial.]]>MuratMon, 01 Sep 2008 09:52:25 GMThttp://www.sqlmag.com/article/authentication/letting-a-user-log-on-from-only-a-specific-computer99733#commentsAnchorhttp://www.sqlmag.com/article/services/understanding-the-local-service-and-network-service-accounts#commentsAnchorTue, 26 Aug 2008 13:35:39 GMT
Network Service is validated using the computer’s domain account permissions. What about trying to access a standalone server that doen’t belong to the domain ?]]>JulioTue, 26 Aug 2008 13:35:39 GMThttp://www.sqlmag.com/article/services/understanding-the-local-service-and-network-service-accounts#commentsAnchorhttp://www.sqlmag.com/article/tips/7-things-you-need-to-know-about-sharepoint-services#commentsAnchorTue, 12 Aug 2008 07:43:08 GMT
NOt much]]>NTTue, 12 Aug 2008 07:43:08 GMThttp://www.sqlmag.com/article/tips/7-things-you-need-to-know-about-sharepoint-services#commentsAnchorhttp://www.sqlmag.com/article/certificates/access-denied-using-windows-server-2003-s-certificate-templates#commentsAnchorTue, 15 Jul 2008 04:17:08 GMT
this article is more focused on information than solution]]>MikeTue, 15 Jul 2008 04:17:08 GMThttp://www.sqlmag.com/article/certificates/access-denied-using-windows-server-2003-s-certificate-templates#commentsAnchorhttp://www.sqlmag.com/article/auditing/monitoring-important-security-events#commentsAnchorMon, 23 Jun 2008 11:15:57 GMT
Commet here]]>NeronMon, 23 Jun 2008 11:15:57 GMThttp://www.sqlmag.com/article/auditing/monitoring-important-security-events#commentsAnchorhttp://www.sqlmag.com/article/antivirus/security-annoyances#commentsAnchorThu, 19 Jun 2008 14:40:53 GMT
Sorry about the broken link; it’s fixed now.]]>AnneThu, 19 Jun 2008 14:40:53 GMThttp://www.sqlmag.com/article/antivirus/security-annoyances#commentsAnchorhttp://www.sqlmag.com/article/microsoft-management-console-mmc/access-denied-understanding-windows-server-2003-s-local-security-settings#commentsAnchorWed, 11 Jun 2008 08:25:00 GMT
Very useful information forme. Thanks]]>asilososten Wed, 11 Jun 2008 08:25:00 GMThttp://www.sqlmag.com/article/microsoft-management-console-mmc/access-denied-understanding-windows-server-2003-s-local-security-settings#commentsAnchorhttp://www.sqlmag.com/article/antivirus/security-annoyances#commentsAnchorWed, 11 Jun 2008 04:19:58 GMT
the link for Killbits contains a space and does not open]]>akisWed, 11 Jun 2008 04:19:58 GMThttp://www.sqlmag.com/article/antivirus/security-annoyances#commentsAnchorhttp://www.sqlmag.com/article/user-management-and-profiles/understanding-the-authenticated-users-group#commentsAnchorTue, 27 May 2008 08:02:52 GMT
Useful]]>zamijTue, 27 May 2008 08:02:52 GMThttp://www.sqlmag.com/article/user-management-and-profiles/understanding-the-authenticated-users-group#commentsAnchorhttp://www.sqlmag.com/article/registry2/access-denied-understanding-the-anonymous-enumeration-policies#commentsAnchorThu, 08 May 2008 18:11:02 GMT
top]]>AleksandarThu, 08 May 2008 18:11:02 GMThttp://www.sqlmag.com/article/registry2/access-denied-understanding-the-anonymous-enumeration-policies#commentsAnchorhttp://www.sqlmag.com/article/user-management-and-profiles/understanding-the-authenticated-users-group#commentsAnchorThu, 08 May 2008 03:03:11 GMT
Very good]]>GeorgeThu, 08 May 2008 03:03:11 GMThttp://www.sqlmag.com/article/user-management-and-profiles/understanding-the-authenticated-users-group#commentsAnchorhttp://www.sqlmag.com/article/security/avoiding-winzapper-s-sting#commentsAnchorMon, 05 May 2008 06:27:42 GMT
ddd]]>JosMon, 05 May 2008 06:27:42 GMThttp://www.sqlmag.com/article/security/avoiding-winzapper-s-sting#commentsAnchorhttp://www.sqlmag.com/article/windows-server-20082/the-advantage-of-using-an-rodc-rather-than-a-dc#commentsAnchorFri, 02 May 2008 16:43:01 GMT
Thanks for taking the time to give us your feedback. Glad you found this article helpful!]]>AnneFri, 02 May 2008 16:43:01 GMThttp://www.sqlmag.com/article/windows-server-20082/the-advantage-of-using-an-rodc-rather-than-a-dc#commentsAnchorhttp://www.sqlmag.com/article/group-policy/access-denied-blocking-inheritance-and-overrides-of-group-policies#commentsAnchorMon, 28 Apr 2008 17:47:03 GMT
Thanks, Graham. I’ve changed the title to better fit the Q&A. Renee Munshi, senior editor, Windows IT Pro]]>ReneeMon, 28 Apr 2008 17:47:03 GMThttp://www.sqlmag.com/article/group-policy/access-denied-blocking-inheritance-and-overrides-of-group-policies#commentsAnchorhttp://www.sqlmag.com/article/group-policy/access-denied-blocking-inheritance-and-overrides-of-group-policies#commentsAnchorMon, 28 Apr 2008 08:10:00 GMT
Nice article. But as far as I can see there’s some kind of mismatch between article’s header and contents. The header states ’Access Denied: Properly Applying Security Settings in GPOs’ where’s the article itself discusses group policy precedence and appliance procedures isn’t it?]]>GrahamMon, 28 Apr 2008 08:10:00 GMThttp://www.sqlmag.com/article/group-policy/access-denied-blocking-inheritance-and-overrides-of-group-policies#commentsAnchorhttp://www.sqlmag.com/article/windows-server-20082/the-advantage-of-using-an-rodc-rather-than-a-dc#commentsAnchorThu, 17 Apr 2008 12:40:27 GMT
Excellent Article]]>Sharath chandraThu, 17 Apr 2008 12:40:27 GMThttp://www.sqlmag.com/article/windows-server-20082/the-advantage-of-using-an-rodc-rather-than-a-dc#commentsAnchorhttp://www.sqlmag.com/article/group-policy/creating-a-domain-global-group-called-member-computer-local-admins#commentsAnchorWed, 16 Apr 2008 10:21:58 GMT
malcomw, I’m sorry you’ve been having trouble with the site. If you could describe the problem more specifically, I’d be happy to try and help you. You can email me at agrubb@windowsitpro.com. Anne Grubb, Web strategic editor, Windows IT Pro]]>AnneWed, 16 Apr 2008 10:21:58 GMThttp://www.sqlmag.com/article/group-policy/creating-a-domain-global-group-called-member-computer-local-admins#commentsAnchorhttp://www.sqlmag.com/article/group-policy/creating-a-domain-global-group-called-member-computer-local-admins#commentsAnchorTue, 15 Apr 2008 22:09:08 GMT
This website is such a CON and this department will never visit the site again. Useless!!!!!]]>MalcolmTue, 15 Apr 2008 22:09:08 GMThttp://www.sqlmag.com/article/group-policy/creating-a-domain-global-group-called-member-computer-local-admins#commentsAnchorhttp://www.sqlmag.com/article/terminal-server-and-services/terminal-services-part-3#commentsAnchorMon, 07 Apr 2008 15:39:52 GMT
Haven’t read it yet]]>JAMESMon, 07 Apr 2008 15:39:52 GMThttp://www.sqlmag.com/article/terminal-server-and-services/terminal-services-part-3#commentsAnchorhttp://www.sqlmag.com/article/firewalls3/installing-and-using-isa-server-as-a-firewall#commentsAnchorThu, 03 Apr 2008 23:44:00 GMT
send me more information about ISA server]]>avinashThu, 03 Apr 2008 23:44:00 GMThttp://www.sqlmag.com/article/firewalls3/installing-and-using-isa-server-as-a-firewall#commentsAnchorhttp://www.sqlmag.com/article/auditing/audit-your-organization-s-password-strength-with-l0phtcrack#commentsAnchorMon, 31 Mar 2008 08:48:06 GMT
i’d like to read the entire article]]>JaniceMon, 31 Mar 2008 08:48:06 GMThttp://www.sqlmag.com/article/auditing/audit-your-organization-s-password-strength-with-l0phtcrack#commentsAnchorhttp://www.sqlmag.com/article/auditing/windows-2003-security-log-account-management#commentsAnchorWed, 12 Mar 2008 09:36:25 GMT
no comment]]>htckav Wed, 12 Mar 2008 09:36:25 GMThttp://www.sqlmag.com/article/auditing/windows-2003-security-log-account-management#commentsAnchorhttp://www.sqlmag.com/article/terminal-server-and-services/access-denied-tracking-terminal-services-logons#commentsAnchorSun, 09 Mar 2008 16:36:09 GMT
YOu can user third party solution to log user times. www.terminalserviceslog.com Data that is captured: Connection start (date and hour) User Duration IDLE time Active time Disconnected session time Connection end (date and hour) Status]]>FraneSun, 09 Mar 2008 16:36:09 GMThttp://www.sqlmag.com/article/terminal-server-and-services/access-denied-tracking-terminal-services-logons#commentsAnchorhttp://www.sqlmag.com/article/microsoft-management-console-mmc/requiring-a-password-when-resuming-from-hibernation-or-stand-by-mode#commentsAnchorFri, 29 Feb 2008 20:28:21 GMT
The answer is ??]]>JeffFri, 29 Feb 2008 20:28:21 GMThttp://www.sqlmag.com/article/microsoft-management-console-mmc/requiring-a-password-when-resuming-from-hibernation-or-stand-by-mode#commentsAnchorhttp://www.sqlmag.com/article/tips/7-things-you-need-to-know-about-sharepoint-services#commentsAnchorThu, 21 Feb 2008 09:07:16 GMT
xx]]>koldkiwiThu, 21 Feb 2008 09:07:16 GMThttp://www.sqlmag.com/article/tips/7-things-you-need-to-know-about-sharepoint-services#commentsAnchorhttp://www.sqlmag.com/article/malware/how-uac-secures-workstations#commentsAnchorFri, 15 Feb 2008 15:04:45 GMT
Testing Security Pro VIP comments]]>ChristanFri, 15 Feb 2008 15:04:45 GMThttp://www.sqlmag.com/article/malware/how-uac-secures-workstations#commentsAnchorhttp://www.sqlmag.com/article/monitoring-and-analysis/monitoring-privileges-and-administrators-in-the-nt-security-log#commentsAnchorMon, 11 Feb 2008 07:24:32 GMT
Hi Randy, I have been asked to monitor the windows security logs. I would like to know in detail about the privilege escalation and what are the event IDs that i should be tracking for privilege esclation.]]>anantMon, 11 Feb 2008 07:24:32 GMThttp://www.sqlmag.com/article/monitoring-and-analysis/monitoring-privileges-and-administrators-in-the-nt-security-log#commentsAnchorhttp://www.sqlmag.com/article/administration-tools2/the-ldif-directory-exchange-tool#commentsAnchorThu, 10 Jan 2008 09:00:21 GMT
This was the best article I have found on LDIFDE. It gets past the basics and into real world uses. Thanks!]]>BRADLEYThu, 10 Jan 2008 09:00:21 GMThttp://www.sqlmag.com/article/administration-tools2/the-ldif-directory-exchange-tool#commentsAnchorhttp://www.sqlmag.com/article/auditing/new-security-log-illuminates-windows-events#commentsAnchorTue, 08 Jan 2008 12:28:14 GMT
I’ve replaced the other link (the event schema one)with another link that I think should be helpful. Thanks for pointing out the problem. Renee Munshi, Windows IT Pro editor]]>ReneeTue, 08 Jan 2008 12:28:14 GMThttp://www.sqlmag.com/article/auditing/new-security-log-illuminates-windows-events#commentsAnchorhttp://www.sqlmag.com/article/auditing/new-security-log-illuminates-windows-events#commentsAnchorMon, 07 Jan 2008 16:00:55 GMT
Thanks for pointing out the errors. The Security Log Encyclopedia link is now working. We’ll get the other one fixed ASAP.]]>AnneMon, 07 Jan 2008 16:00:55 GMThttp://www.sqlmag.com/article/auditing/new-security-log-illuminates-windows-events#commentsAnchorhttp://www.sqlmag.com/article/auditing/new-security-log-illuminates-windows-events#commentsAnchorMon, 07 Jan 2008 13:41:40 GMT
http://www.windowsitpro.com/Windows/Articles/ArticleID/96799/pg/2/2.html Two hyperlinks identified on page two of the article are invalid!]]>BrianMon, 07 Jan 2008 13:41:40 GMThttp://www.sqlmag.com/article/auditing/new-security-log-illuminates-windows-events#commentsAnchorhttp://www.sqlmag.com/article/mobile-and-wireless2/a-secure-wireless-network-is-possible-42273#commentsAnchorFri, 21 Dec 2007 20:52:37 GMT
Ok article however i CANNOT get the EAP to see the certificate in the IAS configuration. this is what EVERYone is having issues with and its not allowing my clients to connect. any resolutions?]]>AndrewFri, 21 Dec 2007 20:52:37 GMThttp://www.sqlmag.com/article/mobile-and-wireless2/a-secure-wireless-network-is-possible-42273#commentsAnchorhttp://www.sqlmag.com/article/registry2/access-denied-restricting-users-ability-to-install-printer-drivers#commentsAnchorThu, 08 Nov 2007 08:52:45 GMT
I also registered solely to see the answer to this question only to see it is completely incorrect. Very disappointing.]]>danbeck Thu, 08 Nov 2007 08:52:45 GMThttp://www.sqlmag.com/article/registry2/access-denied-restricting-users-ability-to-install-printer-drivers#commentsAnchorhttp://www.sqlmag.com/article/registry2/access-denied-restricting-users-ability-to-install-printer-drivers#commentsAnchorTue, 23 Oct 2007 08:27:13 GMT
So I registered to see the end of the answer and it’s totally wrong....]]>atronicTue, 23 Oct 2007 08:27:13 GMThttp://www.sqlmag.com/article/registry2/access-denied-restricting-users-ability-to-install-printer-drivers#commentsAnchorhttp://www.sqlmag.com/article/windows-server-2003/understanding-managed-computers#commentsAnchorTue, 11 Sep 2007 21:27:33 GMT
I second the frustration expressed by kschantz. I’m going elsewhere.]]>MARCTue, 11 Sep 2007 21:27:33 GMThttp://www.sqlmag.com/article/windows-server-2003/understanding-managed-computers#commentsAnchorhttp://www.sqlmag.com/article/permissions/granting-users-read-access-to-the-registry#commentsAnchorTue, 04 Sep 2007 03:45:54 GMT
Very clearly Article]]>RonaldTue, 04 Sep 2007 03:45:54 GMThttp://www.sqlmag.com/article/permissions/granting-users-read-access-to-the-registry#commentsAnchorhttp://www.sqlmag.com/article/registry2/access-denied-restricting-users-ability-to-install-printer-drivers#commentsAnchorMon, 27 Aug 2007 08:20:07 GMT
I’ll have to test this further myself, but I agree - this site comes up all the time in Google searches... I finally register (probably going to get spammed to the Bejesus-Belt), and the answer to the question doesn’t even appear to be (fully_ accurate. Weak.]]>HelpMon, 27 Aug 2007 08:20:07 GMThttp://www.sqlmag.com/article/registry2/access-denied-restricting-users-ability-to-install-printer-drivers#commentsAnchorhttp://www.sqlmag.com/article/permissions/granting-users-read-access-to-the-registry#commentsAnchorThu, 23 Aug 2007 02:58:24 GMT
This artikel very full to undestanding Thanks]]>rayThu, 23 Aug 2007 02:58:24 GMThttp://www.sqlmag.com/article/permissions/granting-users-read-access-to-the-registry#commentsAnchorhttp://www.sqlmag.com/article/server-management/access-denied-windows-server-2003-s-permissions-to-cmd-exe#commentsAnchorMon, 20 Aug 2007 10:50:07 GMT
This had me stumped for a while!]]>williamMon, 20 Aug 2007 10:50:07 GMThttp://www.sqlmag.com/article/server-management/access-denied-windows-server-2003-s-permissions-to-cmd-exe#commentsAnchorhttp://www.sqlmag.com/article/terminal-server-and-services/access-denied-understanding-logon-type-10#commentsAnchorMon, 20 Aug 2007 08:10:30 GMT
not complete]]>PatrikMon, 20 Aug 2007 08:10:30 GMThttp://www.sqlmag.com/article/terminal-server-and-services/access-denied-understanding-logon-type-10#commentsAnchorhttp://www.sqlmag.com/article/configuration/set-up-multiple-email-identities-for-a-single-account#commentsAnchorFri, 17 Aug 2007 14:16:24 GMT
exchange pop3 service is started. Mailbox pop3 service is enabled. already configured POP3 access to Exchange 2003 servers by this command : Set-PopSettings -ProxyTargetPort 110]]>KanFri, 17 Aug 2007 14:16:24 GMThttp://www.sqlmag.com/article/configuration/set-up-multiple-email-identities-for-a-single-account#commentsAnchorhttp://www.sqlmag.com/article/configuration/set-up-multiple-email-identities-for-a-single-account#commentsAnchorFri, 17 Aug 2007 14:10:00 GMT
I tried it for exchange 2007. My outlook can’t send an email through POP3. I got an error msg like " sending reported error(0x800CCC80). None of the authentication methods supplied bu this client are supported by your server". Do you have any idea? Please help me]]>KanFri, 17 Aug 2007 14:10:00 GMThttp://www.sqlmag.com/article/configuration/set-up-multiple-email-identities-for-a-single-account#commentsAnchorhttp://www.sqlmag.com/article/registry2/access-denied-disabling-group-policy#commentsAnchorMon, 06 Aug 2007 21:56:33 GMT
Since most policies are simply changes to the registry a particular policy can be overridden by changing the registry to the desired value then denying access to the key from SYSTEM. I would think the same would work for the files. Deny execute privilege for SYSTEM. But haven’t tested it.]]>STEVEMon, 06 Aug 2007 21:56:33 GMThttp://www.sqlmag.com/article/registry2/access-denied-disabling-group-policy#commentsAnchorhttp://www.sqlmag.com/article/encryption2/lock-down-your-pda#commentsAnchorSat, 21 Jul 2007 05:12:05 GMT
Your Comments (required):]]>Name (required): Sat, 21 Jul 2007 05:12:05 GMThttp://www.sqlmag.com/article/encryption2/lock-down-your-pda#commentsAnchorhttp://www.sqlmag.com/article/encryption2/lock-down-your-pda#commentsAnchorSat, 21 Jul 2007 05:12:05 GMT
Your Comments (required):]]>Name (required): Sat, 21 Jul 2007 05:12:05 GMThttp://www.sqlmag.com/article/encryption2/lock-down-your-pda#commentsAnchorhttp://www.sqlmag.com/article/terminal-server-and-services/access-denied-understanding-event-ids-683-and-682#commentsAnchorThu, 28 Jun 2007 03:12:29 GMT
Raw description of event meaning with little reference to possible next steps in investigating the cause of the disconnections.]]>PhillipThu, 28 Jun 2007 03:12:29 GMThttp://www.sqlmag.com/article/terminal-server-and-services/access-denied-understanding-event-ids-683-and-682#commentsAnchorhttp://www.sqlmag.com/article/encryption2/lock-down-your-pda#commentsAnchorTue, 26 Jun 2007 07:51:50 GMT
Your Comments (required):]]>fekadu Tue, 26 Jun 2007 07:51:50 GMThttp://www.sqlmag.com/article/encryption2/lock-down-your-pda#commentsAnchorhttp://www.sqlmag.com/article/security/archiving-and-analyzing-the-nt-security-log#commentsAnchorFri, 15 Jun 2007 13:01:03 GMT
I’m trying to find a couple of thing. 1) what event number will tell me when a users has entered a bad password? I know 529 will but it also shows up under other actions. What about 675? 2) What is a good tool to report on the Security log? I need a could of all bad password by user and then a listing of each. Something automated.]]>MorganFri, 15 Jun 2007 13:01:03 GMThttp://www.sqlmag.com/article/security/archiving-and-analyzing-the-nt-security-log#commentsAnchorhttp://www.sqlmag.com/article/permissions/securing-a-wireless-network#commentsAnchorFri, 01 Jun 2007 10:35:54 GMT
I ran into this problem using eap-tls under 2003. This solution didn’t work for me. After beating on it for a week, I called microsoft and they experimented for 3.5 hours until we had a solution. What we had to do was: Go to the web site on the certificate server with the browser of the IAS server, click request certificate, click advanced certificate request, click create and submit a request for this ca. On the next page under certificate template: select "web server". Type in something for identifying information. In the "key options" section click the check box for "store certificate in the local computer certificate store". Click submit and then install the certificate. Once the certificate is installed, restart the IAS service and it will see the new certificate. During my lab experiments before deployment to the production net I also ran into this problem. My fix in the lab was to blow away the server/domain and re-install from scratch. Then I made sure I installed the enterprise root certificate server package before installing IAS. When done in this order, IAS gets the certificate it needs. Unfortunately, I couldn’t use this method in the production domain. I also discovered it doesn’t help to uninstall then re-install IAS. I hope this helps others avoid my frustration. This is the only reason I registered at this site. rt]]>rossFri, 01 Jun 2007 10:35:54 GMThttp://www.sqlmag.com/article/permissions/securing-a-wireless-network#commentsAnchorhttp://www.sqlmag.com/article/services/wsus-serves-the-enterprise#commentsAnchorFri, 01 Jun 2007 05:36:44 GMT
jnj]]>ianFri, 01 Jun 2007 05:36:44 GMThttp://www.sqlmag.com/article/services/wsus-serves-the-enterprise#commentsAnchorhttp://www.sqlmag.com/article/log-files/essential-network-monitoring-part-2-the-tools#commentsAnchorWed, 30 May 2007 09:24:24 GMT
When I first subscribed to your mag I really enjoyed it. Currently I find that you guys are more in the interest to make more money. I used to have access to all types of articles which Windows IT Pro used to consist. Now in the interest of making money you have broken out everything into various categories that require a subscription to each individual area. This Sucks! I have tried some of the other subscriptions and find that they are not worth the outrageous amount of money that you charge for them. The scripting subscription was not worth it, because the same information is available online in much more detail. Not happy with this at all.]]>DOMINICWed, 30 May 2007 09:24:24 GMThttp://www.sqlmag.com/article/log-files/essential-network-monitoring-part-2-the-tools#commentsAnchorhttp://www.sqlmag.com/article/microsoft-management-console-mmc/stopping-and-starting-services-on-a-remote-computer#commentsAnchorFri, 04 May 2007 09:53:43 GMT
... That wasn’t helpful at all. I was looking for a way to automate the task]]>ms118Fri, 04 May 2007 09:53:43 GMThttp://www.sqlmag.com/article/microsoft-management-console-mmc/stopping-and-starting-services-on-a-remote-computer#commentsAnchorhttp://www.sqlmag.com/article/microsoft-management-console-mmc/stopping-and-starting-services-on-a-remote-computer#commentsAnchorFri, 04 May 2007 09:53:42 GMT
... That wasn’t helpful at all. I was looking for a way to automate the task]]>ms118Fri, 04 May 2007 09:53:42 GMThttp://www.sqlmag.com/article/microsoft-management-console-mmc/stopping-and-starting-services-on-a-remote-computer#commentsAnchorhttp://www.sqlmag.com/article/activex/access-denied94986#commentsAnchorThu, 26 Apr 2007 18:30:17 GMT
no comment]]>suharjuhadi Thu, 26 Apr 2007 18:30:17 GMThttp://www.sqlmag.com/article/activex/access-denied94986#commentsAnchorhttp://www.sqlmag.com/article/registry2/access-denied-restricting-users-ability-to-install-printer-drivers#commentsAnchorMon, 23 Apr 2007 13:57:50 GMT
So I registered to see the end of the answer and it’s totally wrong? Sad...]]>benevelous Mon, 23 Apr 2007 13:57:50 GMThttp://www.sqlmag.com/article/registry2/access-denied-restricting-users-ability-to-install-printer-drivers#commentsAnchorhttp://www.sqlmag.com/article/user-management-and-profiles/access-denied-keeping-users-from-running-unauthorized-commands#commentsAnchorWed, 04 Apr 2007 12:34:59 GMT
Another problem is this. I basically denied access to command prompt CMD.EXE through the GPO as you described but I also added command.com to DISALLOWED windows app. So even if they search adn run CMD.EXE or COMMAND.COM they get ACCESS DENIED. But guess what! The can right click desktop or in a flder and CREAT NEW... SHORTCUT and call it command and it morphs into MS-DOS shortcut. If they run the shortcut it will indeed open a DOS prompt. It get’s uglier. They can then run SERVICES.MSC and others from that prompt. Now get your head around that one. C.]]>CharlesWed, 04 Apr 2007 12:34:59 GMThttp://www.sqlmag.com/article/user-management-and-profiles/access-denied-keeping-users-from-running-unauthorized-commands#commentsAnchorhttp://www.sqlmag.com/article/permissions/ask-the-experts48884#commentsAnchorThu, 29 Mar 2007 07:57:17 GMT
I have an application that loads own services, when trying to change the permission so that a user account can raise and to lower services makes respect to the Microsoft services well, nevertheless the user account cannot make it in the services of this application. Execute subinacl and I make it well with the Microsoft services except with the services of this application.]]>gabrielThu, 29 Mar 2007 07:57:17 GMThttp://www.sqlmag.com/article/permissions/ask-the-experts48884#commentsAnchorhttp://www.sqlmag.com/article/permissions/access-denied-remove-users-from-local-admin-group#commentsAnchorTue, 20 Mar 2007 09:52:49 GMT
That’s good. But how do I add just one or two users as local admin to their partcular machines? "This policy will cause your domain’s member servers and workstations to delete any members other than Domain Admins from each computer’s local Administrators group. " I want the opposite to happen. i would like to add domain admins as local admins and then add random domain user as local admin as well without having the domain user account deleted each the system refreshes the GPO]]>zookflash Tue, 20 Mar 2007 09:52:49 GMThttp://www.sqlmag.com/article/permissions/access-denied-remove-users-from-local-admin-group#commentsAnchorhttp://www.sqlmag.com/article/windows-server-2003/understanding-managed-computers#commentsAnchorMon, 19 Mar 2007 10:38:10 GMT
I am geting very annoyed!! I have a logon, I am a subscriber, but I can’t get to any articles!! AAAAAAARRRGGHH!!!]]>kschantzMon, 19 Mar 2007 10:38:10 GMThttp://www.sqlmag.com/article/windows-server-2003/understanding-managed-computers#commentsAnchorhttp://www.sqlmag.com/article/dhcp2/access-denied-securing-dhcp-so-that-it-leases-addresses-only-to-clients-with-reservations#commentsAnchorThu, 08 Mar 2007 09:38:58 GMT
A usefull insight into different approaches to securing DHCP]]>DavidThu, 08 Mar 2007 09:38:58 GMThttp://www.sqlmag.com/article/dhcp2/access-denied-securing-dhcp-so-that-it-leases-addresses-only-to-clients-with-reservations#commentsAnchorhttp://www.sqlmag.com/article/group-policy/creating-a-domain-global-group-called-member-computer-local-admins#commentsAnchorWed, 28 Feb 2007 02:47:43 GMT
ACCESS DENIED]]>JohnWed, 28 Feb 2007 02:47:43 GMThttp://www.sqlmag.com/article/group-policy/creating-a-domain-global-group-called-member-computer-local-admins#commentsAnchorhttp://www.sqlmag.com/article/permissions/access-denied-remove-users-from-local-admin-group#commentsAnchorMon, 26 Feb 2007 04:03:58 GMT
Great article! My problem of controlling the local admin rights is solved!! Thank you so much.]]>kentoh Mon, 26 Feb 2007 04:03:58 GMThttp://www.sqlmag.com/article/permissions/access-denied-remove-users-from-local-admin-group#commentsAnchorhttp://www.sqlmag.com/article/group-policy/understanding-two-security-policy-shortcuts#commentsAnchorTue, 13 Feb 2007 14:46:27 GMT
hi]]>marioTue, 13 Feb 2007 14:46:27 GMThttp://www.sqlmag.com/article/group-policy/understanding-two-security-policy-shortcuts#commentsAnchorhttp://www.sqlmag.com/article/kerberos/access-denied-cracking-kerberos-packets#commentsAnchorWed, 07 Feb 2007 02:58:42 GMT
mast hai]]>abhinavbharti Wed, 07 Feb 2007 02:58:42 GMThttp://www.sqlmag.com/article/kerberos/access-denied-cracking-kerberos-packets#commentsAnchorhttp://www.sqlmag.com/article/permissions/granting-permission-to-add-workstations#commentsAnchorThu, 01 Feb 2007 15:59:42 GMT
Only one thing to keep in mind When using the container to give permission to add accounts instead of user permissions, the Owner of the new computer account is the creator not the Domain Admins group. Not everyone may want this. -- CNK]]>KENNETHThu, 01 Feb 2007 15:59:42 GMThttp://www.sqlmag.com/article/permissions/granting-permission-to-add-workstations#commentsAnchorhttp://www.sqlmag.com/article/permissions/access-denied-controlling-the-right-to-add-new-computers-to-a-domain#commentsAnchorTue, 30 Jan 2007 08:59:12 GMT
more detail please]]>robinham Tue, 30 Jan 2007 08:59:12 GMThttp://www.sqlmag.com/article/permissions/access-denied-controlling-the-right-to-add-new-computers-to-a-domain#commentsAnchorhttp://www.sqlmag.com/article/services/understanding-the-local-service-and-network-service-accounts#commentsAnchorThu, 25 Jan 2007 09:27:00 GMT
Excellent article. It totally cleared all my doubts about this topics Thanks for sharing your knowledge]]>GERARDOThu, 25 Jan 2007 09:27:00 GMThttp://www.sqlmag.com/article/services/understanding-the-local-service-and-network-service-accounts#commentsAnchorhttp://www.sqlmag.com/article/mobile-and-wireless2/limiting-risks-associated-with-company-data-on-mobile-devices#commentsAnchorThu, 11 Jan 2007 10:50:02 GMT
This is nice information but old. The big problem is not the memory in the device itself, but additional memory added via a SD card. WM5 SFP can only wipe the local storage, not the additional storage of an SD card. Thus, if an associate losses a device and a wipe is issued, it will get all the data on the device but not the memeory card. Because of that, all a hacker need do is remove the memory card and pull the data off it. We have talked extensively with Microsoft about this and their solution is to use a third-party solution. Most of the ones they recommended are more expensive than just added a BlackBerry Server to your Enterprise. This is a nice feature for small businesses but not really for security concious Enterprises.]]>WILLThu, 11 Jan 2007 10:50:02 GMThttp://www.sqlmag.com/article/mobile-and-wireless2/limiting-risks-associated-with-company-data-on-mobile-devices#commentsAnchor