[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntsecurity
Subject:    RE: [NTSEC] security checklist removed Network browsing - The
From:       smanzu () ca ! ibm ! com
Date:       2000-03-20 20:39:02
[Download RAW message or body]


TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
---------------------------------------------------------------------------



/<RANT=ON>

This is the problem with using checklists and not understanding the
repercussions of your changes.  Too many people have created checklists for
the so called non-expert to follow.  How do you learn anything just by
taking a checklist and following its suggestions.

As far as the MS IIS checklist goes, it leaves out a few issues, and as you
are experiencing, breaks certain functions on your box that you may or may
not require.  Simply following this checklist will not secure your IIS box.
I guarantee it.

Before following any type of checklist, you should make sure you have an
understanding as to why they are asking you to disable/enable something and
what the effect of such a change will have on your environment.  Do some
research into issues with IIS and the workarounds. create your own
checklist for your specific environment.

Don't just follow someone else's advice and hope you are secure without
really learning anything or know what you changed and why.

/<RANT=OFF>




Sprowl Theresa <sprowlt@psajax.navy.mil> on 03/08/2000 05:03:42

Please respond to Sprowl Theresa <sprowlt@psajax.navy.mil>

To:   Daniel McManus <mcmanus@albany.edu>, ntsecurity@iss.net
cc:    (bcc: Steve Manzuik/CanWest/IBM)
Subject:  RE: [NTSEC] security checklist removed Network browsing





TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

I am not an NT Security expert; however, I pulled the following directly
from the Technet:

Error 2141
----------

   The server is not configured for transactions.

Explanation: The specified server is not configured to accept the command
you
typed.

Action: Ask your network administrator if the server is configured
properly.
The
administrator may choose to share the server's IPC$ resource to correct
this
problem.

You stated that you followed the Microsoft IIS Security Checklist.  If it's
the one I looked at, it directs you to remove all shares by editing the
registry:


Remove All Net Shares
Run Net Share from the command-line and make sure you delete all of them
using Net Share /d. You should also prevent all administrative shares (C$,
D$, ADMIN$) by setting the following in the Registry:

Hive
 HKEY_LOCAL_MACHINE\SYSTEM

Key
 CurrentControlSet\Services\LanmanServer\Parameters

Name
 AutoShareServer

Type
 REG_DWORD

Value
 0

If you followed that instruction, you have effectively removed the share
you
need to see the resources.

Theresa

-----Original Message-----
From: Daniel McManus [mailto:mcmanus@albany.edu]
Sent: Monday, February 28, 2000 4:31 PM
To: ntsecurity@iss.net
Subject: [NTSEC] security checklist removed Network browsing



TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

Hi,
I was setting up a test IIS server and using the Security Checklist that
you can download from Microsoft, but it's a little too strong for what we
need.  I have some shares on that machine that I need access to but now we
can't get to them.

If I log onto the domain and try to double click on this test server's name
in Network Neighborhood I get a message that says "This server is not
configured for transactions."  If I use my NT Workstation machine and log
onto the workstation instead of the domain I get a message that says "The
network path was not found"

On this test server I have turned back on Net Logon, Workstation, and
Computer Browser. (because I can never remember which one is involved with
using network neighborhood)

Under User Rights I have changed who can access this server on the network
from Authenticated Users back to Everyone (though I can't see where that
makes a difference)

If I'm sitting at the server, I can open Network Neighborhood and double
click on the name and it opens up and shows me the shares.

Does anyone know what might be causing this??

Thanks
--Dan

[prev in list] [next in list] [prev in thread] [next in thread]