Search results matching tag 'administrator'

What to do for a rootkit...

rgsnowman — Sun, 14 Jun 2009 13:01:38 GMT

I have recently found a rootkit on my computer through AVG and am wondering how to get this thing off. I tried to get AVG to delete it but it said it cannot. I heard you can re-install windows vista and also restore default settings but I am not sure if that deletes everything and I'll have to get external hd and if the rootkit would get itself into there and I'd be re-installing a rootkit. This rootkit is screwing up my xps one it tiny ways, it changed all my security setting and turned my anti-viruses off and I can't turn them back on, messed up background, screwed up start menu and toolbar, and the side panel. I just want to know the best way to get this off computer. Thanks in advance.

SQL Injection Attacks on IIS Web Servers

bills — Sat, 26 Apr 2008 03:41:33 GMT

This thread will contain the latest information regarding recent reports that have surfaced stating that web sites running on Microsoft’s Internet Information Services (IIS) 6.0 have been compromised. These reports allude to a possible vulnerability in IIS or issues related to Security Advisory 951306 which was released last week.

Microsoft has investigated these reports and determined that the attacks are not related to the recent Microsoft Security Advisory (951306) or any known security issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies.

Instead, attackers have crafted an automated attack that can take advantage of SQL injection vulnerabilities in web pages that do not follow security best practices for web application development. While these particular attacks are targeting sites hosted on IIS web servers, SQL injection vulnerabilities may exist on sites hosted on any platform. More information on SQL injection attacks can be found here and here.

Guidance from Microsoft for web application development best practices can also be found on this MSDN page. Best practices guidelines that developers may follow to mitigate SQL injection, can be located here. As we continue to make progress in our investigation on this attack, we will provide updated guidance and information on the IIS.net site. For the latest information on this issue, please subscribe or visit the IIS security forum.

For end-users, the investigation also shows no indication of an un-patched vulnerability in IIS, SQL Server, Internet Explorer or any other Microsoft client software, so we recommend customers apply the latest updates to be protected from these attacks.

To further protect themselves from reported attacks, we encourage all customers to apply our most recent security updates to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit: www.microsoft.com/protect.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov

Subscribe to this thread, or check back later for the latest information from the community.

IIS 5.1 not manageable by non-Administrators?!

Techie_Jones — Tue, 18 Mar 2008 17:34:11 GMT

I have a problem that has been killing my I.T. support team for some time now. We are currently fighting off an internal development team that is pushing for local Administrator privileges for their staff. Their contention is that they cannot run IIS 5.1 (XP Pro SP2) without having local Administrator privileges.

Help! I have not come across any built-in security groups or IIS-installed security groups to manage IIS 5.1. This is frustrating. In an effort to delegate two main functions (IIS service restarting and the ability to view installed virtual directories) I have given Full Control NTFS permissions to C:\Inetpub and C:\Windows\System32\inetsrv and C:\Windows\System32\iisreset.exe to the Development Team. No luck. I have also added the Development Team to the Power Users group. No luck.

Has anyone seen this before. I will happily accept ridicule, degradation and/or uncertain punishment if someone can please explain to me how to get around this - or better yet, WHY Microsoft has restricted this ability so.

THANK YOU!

Techie_Jones

Security Files for IIS6.0

makeshn — Thu, 22 Nov 2007 07:08:06 GMT

Hi Everybody,

For my project I need to collect all the security settings informations (key/value) for IIS6.0

I want to know the list of IIS6.0 security related files and their locations for both default as well as .Net. And also need to collect registry entries related to security settings for IIS6.0

Reference URLs, Books also welcome.

Thanks in advance.

Regards,

Makesh

Cannot able to login the Application

rakeshvarma21 — Tue, 14 Aug 2007 13:50:03 GMT

Hi, iam getting a problem and need some help.

I installed .net application in windows 2003 server and IIs6.0, the file server is located in another server. Under security Iam giving full permissions to Network Service for that shared folde. the error iam getting is "Temporary location path is not accessible. Please Contact your Administrator". If i give permission to everyone it works fine, or if i give permission to Domain Computers or only that particular system name i can login, but i don't want to give permissions to that users coz those are not secured.

I found where the error is occuring exactly, its just my expection.

when i right click the folder click on properties and security tab and Advanced button Advanced Security Settings window will appear, under that in permission entries Network Service is in Inherited form with full permissions and it applies to this folder only. I want to change it to this folder,subfolders and files but when click on edit buttion that feature is disabled. If i uncheck the inherit and set the permissions to this folder,subfolders and files and again check the inherit another Network user is adding and under inherit form "not inherited" message is displaying. the parent object i mean Network service user does not change. I want to change that parent object and set the permnission to the folder,subfolders and files.

So can any one help me in this....

Thanks,

Rakesh.

Recovering IIS Password

kkevlar14 — Fri, 13 Jul 2007 17:31:29 GMT

We have a server that runs IIS 5.0. Unfortunately, when we try to access IIS it says that we do not have sufficient priveledges to access it and gives us a dialog to enter a username and password. We have tried logging in with all the logins and passwords that we know, but nothing is working.

Is it possible to recover a lost password? Do I just need to give one of the users sufficient priveledges, and if so, how?

Thanks in advance,

Ken

IUSR account - Administrator rights?

subterfuge — Wed, 18 Apr 2007 22:05:42 GMT

We had a .NET (1.1) application installed on a webserver by a third party on a Windows Server 2003 SP2 server. What I've discovered is that in order to get their application to work properly, instead of tracking down all the permissions errors for their application, they made the ASPNET and IUSR account part of the local administrators group on the webserver.

Is this ok? Everything about this screams security risk, but I need some hard evidence that this is completely and totally wrong..

Thanks

SharePoint (WSSv2) local restricted account users get 401.5 or repeated 401.1/2

ACrush — Tue, 17 Apr 2007 21:49:05 GMT

Hi.

Got a problem here.

Having installed and configured an intranet SharePoint v2 on a server with local user accounts, I showed everything to the site administrators and everything worked fine using Windows Authentication with ~~Anonymous~~ turned off. However, the restricted users have to repeatedly enter their credentials every time they access any SharePoint item, list or library within a single session. When a user has entered their username/password correctly at least once per site, they can press Cancel in the logon box which helps get to the content more quickly. The IIS logs show ISAPI authentication errors when trying to GET /_vti_bin/owssvr.dll (401.5) for users running Internet Explorer 6 SP1 and alternating 401.1 / 401.2 when trying to get any /Lists/List/view.aspx followed by code 200 if the user has enough persistence or impatience to either repeatedly enter their password or hit Cancel in despair. Filemon shows that all file requests at the time of 401's return with success, so probably NTFS permissions are not to blame.

The server local restricted users granted the right to manage site separately or by inclusion in the Administrator site group do not experience this problem - they authenticate once and continue working normally as expected.

This post is not about automatically authenticating users without asking for credentials even once (save the local machine logon), but rather helping them to use SharePoint without this annoyance.

Any help finding the solution without employing AD would be appreciated. Authentication methods other than Windows Authentication are disabled.

Thanks in advance,

ACrush