headers
Laura A. Robinson | 1 Aug 2002 01:13

Re: Windows 2000 special folder restrictions

Traverse folder/execute files is probably the permission you're looking for.

Laura
----- Original Message -----
From: "Jeff Schuler" <jeff.schuler <at> hit.cendant.com>
To: <focus-ms <at> securityfocus.com>
Sent: Wednesday, July 31, 2002 6:01 PM
Subject: Windows 2000 special folder restrictions

>
>
> Does anyone have any ideas on how to lock down a folder in Windows 2000 so
> that an application has the ability to access the files within the folder
> from an application (in this case Kermit95) but not to be able to let ANY
> users browse the folder or to list its contents from either windows
> explorer or DOS?
>
> Thanks
>
> Jeff Schuler
Permalink | Reply | 0 comments |
headers
Wouters, Raphaël | 1 Aug 2002 01:31
Picon

RE: Windows 2000 special folder restrictions

>From: Jeff Schuler [mailto:jeff.schuler <at> hit.cendant.com] 
>Sent: donderdag 1 augustus 2002 0:01
>To: focus-ms <at> securityfocus.com
>Subject: Windows 2000 special folder restrictions
>
>
>Does anyone have any ideas on how to lock down a folder in Windows 2000 so 
>that an application has the ability to access the files within the folder 
>from an application (in this case Kermit95) but not to be able to let ANY 
>users browse the folder or to list its contents from either windows 
>explorer or DOS?
> 
>Thanks
> 
>Jeff Schuler

Jeff,

Create a user 'kermit_user' on your machine and set permissions on the
Kermit
Application folder: System - ALL, Admin - All, Kermit_user - All 
Deny all other users any access.

You can then run Kermit95 as user 'kermit_user'

Sincerely,

Raphaël Wouters
MCSE, MCP, CCNA
(Continue reading)

Permalink | Reply | 0 comments |
headers
Schuler, Jeff | 1 Aug 2002 16:43

RE: Windows 2000 special folder restrictions

Oops, forgot to clarify a bit more.

This application needs to access a folder which contains ssh keys that the
application needs to connect to the hosts we support.  HOWEVER, I cannot
allow the user who is running the application the ability to browse the
folders contents.

So what I'm trying to figure out is one of two things

1.  Can I create a folder that a user can run files out of but never
actually see the files.
Or
2.  Can I get the application to run under another security context so that
it will have access to the keys but not the user running it if they were to
try to access it with some other application (windows explorer for example)

Thanks
Jeff

-----Original Message-----
From: Laura A. Robinson [mailto:larobins <at> bellatlantic.net] 
Sent: Wednesday, July 31, 2002 4:13 PM
To: Jeff Schuler; focus-ms <at> securityfocus.com
Subject: Re: Windows 2000 special folder restrictions

Traverse folder/execute files is probably the permission you're looking for.

Laura
----- Original Message -----
From: "Jeff Schuler" <jeff.schuler <at> hit.cendant.com>
(Continue reading)

Permalink | Reply | 668 comments |
headers
Free, Bob | 1 Aug 2002 01:35
Favicon

RE: Good software against spam

If talking sendmail, we are using PerlMX from Active State on the gateways.
Seems to be a well thought out, reasonably priced solution with good vendor
and public support for a knowledgable sendmail admin..

It adds a header line with a probability & keywords that can then be managed
by client side rules-

X-Perlmx-Spam: Gauge=XXXXIIIIIIII, Probability=48%, Report=NO_REAL_NAME, etc
etc

-----Original Message-----
From: Colin Stefani [mailto:cstefani <at> tideworks.com]
Sent: Tuesday, July 30, 2002 1:21 PM
To: 'Jean-Francois Bourdeau'; focus-ms <at> securityfocus.com
Subject: RE: Good software against spam

Look at the "Dnsrbl" feature in sendmail (and other mailers too) which uses
RBL's (realtime blackhole list) to check if the sending host has a history
of sending spam. This isn't the silver bullet solution your customer
probably wants, but it's a good start.

Also, look at Brightmail (www.brightmail.com) and software filters like
SurfControl (www.surfcontrol.com) and Websense (www.websense.com). I know
there are others out there too. These are pricey (>$20,000), but take
content filtering to a new level. Also, they all maintain some level of
database which is updated frequently and has "finger prints" for known
spams. These filters a highly effective and configurable and resemble a
"firewall" for spam, but they can have false positives (delete or isolate
mail that isn't really supposed to be) sometimes, so the administrative
overhead can be high.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Roger Seielstad | 1 Aug 2002 02:56

Re: IIS SMTP queue reader

IIRC, you can do that through the GUI - there is a queue built for each
domain.

--
Roger D. Seielstad
Email Geek

----- Original Message -----
From: "Marco Teelen - Systemec BV" <mteelen <at> systemec.nl>
To: <focus-ms <at> securityfocus.com>
Sent: Wednesday, July 31, 2002 7:17 AM
Subject: IIS SMTP queue reader

> Hello,
>
> I configured the SMTP service of IIS 5 as a mail relay server, so far
> without problems. IIS stores the queued mail in a directory under
> mailroot\queue.
> The disadvantage is that you only can check the number of mails in the
queue
> but not which e-mails exactly, (from mail address and to mail address)
like
> you can check in other mailservers (Sendmail).
>
> Is there a tool available that can do the same?
>
> Any info would be greatly appreciated.
>
>
> Kind regards,
(Continue reading)

Permalink | Reply | 0 comments |
headers
Douglas R. Wilson | 1 Aug 2002 15:28

windows update reporting info back to MS? (and .NET fw SP1)

I put the .NET framework on workstation for test purposes yesterday
before leaving work, and didn't put SP1 (for .NET) on it. This morning,
the automatic update had already downloaded the patch, and prompted to
apply it. (I have my windows update client set to download, but not to
install unless I approve).

I went ahead, and ran the install. A few seconds in, I noticed sudden
network activity, and the install sat there for a moment. Not enough
data transfer seemed to be going on for it to be a download (and, in
theory, the patch should have already been downloaded), but I pulled up
the following with netstat:

 TCP    MYHOSTNAME:1802        wustat.windows.com:http  ESTABLISHED

Being paranoid, doesn't this look like windows update is reporting back
to microsoft? (windows.com is owned by MS and redirects to microsoft.com
if you go the plain www.windows.com domain). In theory, I forget the
official WU blurb, but isn't "no information returned to microsoft about
your computer"?

Does anyone else know anything about this? (pardon me if this is
something blatantly obvious and/or discussed -- I have had my head in
projects for a bit).

TIA,

Doug
Permalink | Reply | 19 comments |
headers
Paul Krzeszewski | 1 Aug 2002 15:36

W2000 Server lockout issue


Hello, 

I hope someone can help me, I am at my wits end.

I have a W2000 server set to lock out on three attempts.

Periodcaly usually at night, When you type in you logon you will get a
prompt that says "System has been locked by the administrator". It will
happen three times in a row.
The forth time you can log in.

Heres the kicker,

the event log shows that the system has been locked out, and then displays
hourly that someone tried to log in. However you can get in all night with
no trouble.

Has anyone seen this or know what is happening? 

Thanks

Paul
Permalink | Reply | 2 comments |
headers
Machtolff, Andrew J | 1 Aug 2002 13:54
Favicon

RE: Windows 2000 special folder restrictions

Depending on your needs and on the way Kermit95 runs, you could set up
another user account on the machine and give it access to the folder.  Then
use FireDaemon to make Kermit95 a service and have it run as the user with
privileges on that folder.  Just make sure you check the box to allow the
Kermit95 service to "interact with the desktop," if you want a user to be
able to use the program.

Note: I've never actually tried this, it's just an idea... but it seems like
it would work.

Good Luck!

-Andrew

-----Original Message-----
From: Jeff Schuler [mailto:jeff.schuler <at> hit.cendant.com] 
Sent: Wednesday, July 31, 2002 6:01 PM
To: focus-ms <at> securityfocus.com
Subject: Windows 2000 special folder restrictions

Does anyone have any ideas on how to lock down a folder in Windows 2000 so 
that an application has the ability to access the files within the folder 
from an application (in this case Kermit95) but not to be able to let ANY 
users browse the folder or to list its contents from either windows 
explorer or DOS?

Thanks

Jeff Schuler
(Continue reading)

Permalink | Reply | 0 comments |
headers
Roger Seielstad | 1 Aug 2002 03:18

Re: IIS SMTP queue reader

Could you back that up with some facts - URLs for instance?

Current patched versions are relay secure.

--
Roger D. Seielstad
Email Geek

----- Original Message -----
From: "Rod Trent" <rodtrent <at> yahoo.com>
To: "'Marco Teelen - Systemec BV'" <mteelen <at> systemec.nl>;
<focus-ms <at> securityfocus.com>
Sent: Wednesday, July 31, 2002 4:05 PM
Subject: RE: IIS SMTP queue reader

> Be VERY careful with mail relay in IIS 5.0.  This is an exploit that is
> a common target.  Everything will be running fine, then you'll find out
> that someone has hijacked your SMTP and has been sending Spam to
> thousands of people.
>
> -----Original Message-----
> From: Marco Teelen - Systemec BV [mailto:mteelen <at> systemec.nl]
> Sent: Wednesday, July 31, 2002 7:17 AM
> To: focus-ms <at> securityfocus.com
> Subject: IIS SMTP queue reader
>
>
> Hello,
>
> I configured the SMTP service of IIS 5 as a mail relay server, so far
(Continue reading)

Permalink | Reply | 0 comments |
headers
DSardina | 1 Aug 2002 17:28
Picon

RE: windows update reporting info back to MS? (and .NET fw SP1)

This looks like an update server. (Windows Update Status)

This is the server that does enter your computer and reads the update files
which,
you already have installed yadda yadda yadda, and knows what you need to
update.

For it not to timeout after downloading a update, is weird.

wustat.windows.com (207.68.131.8)
207.68.128.0 - 207.68.207.255
MSN
One Redmond Way
Redmond, WA 98052
US

Just my 2cents...

Dom-

----------------------------------------------------------------------------
----

-----Original Message-----
From: Douglas R. Wilson [mailto:dallendoug <at> dallenhome.org]
Sent: Thursday, August 01, 2002 9:28 AM
To: focus-ms <at> securityfocus.com
Subject: windows update reporting info back to MS? (and .NET fw SP1)

I put the .NET framework on workstation for test purposes yesterday
(Continue reading)

Permalink | Reply | 9 comments |

Gmane