rstainforth

Hi all, I'm new to IIS (beyond the basics necessary to set it up) but have a bit of a problem... I have IIS installed on a W2K3 AD server, acting as a DC, and it is used to host WSUS (no other websites). It is set up in the default (ie connect to port 80 etc). yesterday when I tried to access the admin console to check up on WSUS i got the old dns error page, and can't access anything on the server. There are no errors in the IIS logs, but when I try to telnet to port 80 it just severs the connection immediately. Not really sure where to start looking with this, tried uninstalling WSUS and IIS and reinstalling yesterday, but problem still persists...is it possibly a rights issue, or something screwed up in the metabase??

Hi all, I upgraded our test box with SP2 yesterday, and all appears to have gone well..just a couple of niggling problems: 1. help and support has vanished: I have remerged the registry key, but it is a little worrying. I need to have a trawl through and see if anything else has gotten screwed; I'm hoping it was coincidental to the SP2 upgrade 2. SP2 installs Outlook Express by default, and , as far as I can see initially, it is missing from the windows components for removal (we don't install it on our systems). I'm only just starting a full eval, but thought I could start a thread for everyone to post problems/solutions I'm hoping to test the new RIS upgrade in the next few days.

Hi, and thanks for your reply. I might be missing something here, but in the event viewer mmc I can select to filter events to show only certain types (ie errors, warnings etc) or events from a specific source/application, but I cannot exclude events from view individually?!? and in any case, this would only filter the view, and not the actual logging....and my event logs are getting huge! in the first 32 pages of the application log, only about 20-30 entries are of any use...the rest are all symantec telling me the clients have/haven't checked in for x days.

Hi, not sure if this is the right topic to post in (if not feel free to move me) but I was wondering if anyone new how to restrict the event log entries for Symantec Enterprise 10.0 on a W2K3 box? the event logs on our servers are flooded with events reporting the success/failure of clients to check into the Symantec Sytem Centre, and to be honest I am getting fed up of it!

OK, just had another look through the release notes for IE7 amd found this: "Automatic Updates will only offer Internet Explorer 7 to users with local administrator accounts. Automatic Updates will notify all such users (including those with Automatic Updates configured to automatically download and install updates) when Internet Explorer 7 has been downloaded and is ready to install. The notification and installation process will not start unless and until a user who is a local administrator logs on to the machine. Users who are not local administrators will not be prompted to install the update and will thus continue using Internet Explorer 6." Now, our policy is to add all laptop users as local admins by default, so I wonder if it isn't being offered to them, and the desktops have started to receive it when a local admin (either an engineer or IT delegate) logs in; I'm starting to suspect that the GPO has actually failed, and IE7 has been there all along, just waiting to be offered. When I had tested the GPO in the workshop, i had used our "test user" account, who is a member of domain users, but not local admins. grrrrr!!!

Hi all, Not sure if this is the right place for this question (if not please feel free to move it) but here goes: We had identified some issues arising between IE7 and some other apps that we run on our networks and domains (we host and manage several here) and so used the M$ IE7 blocking to prevent it being offered to users through automatic updates. This seemed to work for a time, but then we started having reports of it slipping through. Initially it was on a handfull of laptops, so I thought it might have been users connecting at home, off the network, and it getting through like that; now, however, it is cropping up more and more frequently, and started appearing on desktop machines, which obviously never leave the LAN. When I tested it on a client here in the workshop, the blocking worked fine, and it seems that the GPO is still in place; has anyone else had any experience of this? and if so, have they managed to resolve the issue (how is it getting through!!!)

Hi all, I bought my sister in law a modem/router bundle for xmas to replace the usb modem she was given by tiscali, and just wondered if anybody knew off-hand the configuration for tiscali broadband before I go over and try and configure it? I'm presuming its PPoA, but just wanted to get the rest of the gubbins if anyone knew? the router/modem is a zylex prestige 660hw-t1, if that helps??!?! tia

Sweet, thanks!

could you not script something into Group Policy to allow it through as an exception on the firewall???

Perhaps you could suggest they create a new OU in active directory, which will allow you a little more autonomy? However, if its just the internet you are wanting access to and the sysadmins are using filtering software on the network you may have a hard time. If thats the case, suggest a few sites that they could add to their filters as safe?!?

oh come on guys, someone asks for help and everyone tells them to sod off and *read the manual* if that where the case, we could tell everyone to sod off, and never share any info....give me a break

Hi all, I have a cisco 1700 series router, and was wondering if anyone could point me in the right direction for routing remote desktop requests from outside into my home pc? At the moment I have two pc's and a laptoip behind the router, NAT'ed to my public facing IP, and the only way I can connect to my home machine when I'm at work is to use the corporate VPN connection, however if I'm working on something at home and need to reboot I lose the VPN, or if I want to test something from my home pc (perhaps becasue the network users are complaining they are unable to access a resource over the vpn) I can't do it. What I'm looking for is the configuration commands to allow a remote desktop to my IP (say 199.99.99.99) to be routed automatically to my PC rather than the kids or the good ladies (so straight to 192.168.1.2 rather than any other). Any help is appreciated! oh, and please don't tell me to "google" it, because I'm far too lazy lol

Hi Mad Dog, The windows administrators automation toolkit has some really handy scripts for performing tasks such as this for the network administrator, including one to shutdown or restart computers. If you like, drop me a pm, and i can send you the script over for you to cut/paste and modify

I don't know, thats why i'm asking on here lol. Would that be a better use of resources? bearing in mind that I had to re-overclock my machine recently to play some of the hi-def stuff, and its running at 95% handling it

Hi all, I'm going to set up MCE as part of a dual boot system, and my plan is as follows: I'm basically wanting to have two pc's, my XP-pro setup for gaming, surfing the net, and general mulling about, and then have my second boot as MCE so that I can optimize my system for movies, in much the same way as I have done for gaming already. It means that I can ditch a whole shedload of services, hardware and applications on my MCE boot disk, and hopefully really focus in on my cinema experience. Does anyone have any experience of having done this, and give some advice on what I could do without/with for the perfect balance of form and functionality? If this works out well, I'm considering having a triple-boot system with another xp-pro OS disk for gaming, to try and get the most out of my machine.

OK, there's no trust between the domains, and yes he would need to access documents on both domains (although only one at a time, ie he will only be work as user A on one domain and then user B on the other, never both at the same time). Essentially its one of our directors who owns two companies, both exclusive of each other, and wants to be able to work between the two. At the moment he has one machine for each domain, and wants to cut it down if he can, preferably to a laptop he can use at work to cut between the domains, then take home to use locally and VPN to the domains. I'm drawing a blank on this one, and suspect theres no easy way of doing it, don't really want to start dual-booting or altering the domains (adding trusts) as its just going to cause too much administrative work.

quickly now, lets stay sharp: question: one machine, one user, two domains (domain1.com and mydomain.lan). user "works" within both domains, can I configure his laptop to log onto both domains? ie be able to loginto domain1 when he's doing the accounting on that domain as accountant.domain1.com, then switch if he needs to do the holiday reports for mydomain.lan as holidayguy.mydomain.lan??? is it possible without third party software or any mods, just straight up from XP on a 2003 AD environment?

Excellent, thanks for the advice guys! I'll be giving it a whirl when I get into work on Monday and I'll post to let you know how I got on.

not quite, I have my company domain (mycompany.domain.com) then I administer several companies, hosted onsite, but seperate domains (johns.domain.com and steves.domain.co.uk for example). What I would like is a way of taking johns and steves list of employee email addresses and adding into ours.

Hi all, After a little advice, if you please: I administer a number of domains, and I want to know if there is a way of importing the email addresses of the employees in my domains into my main company exchange address list, or into AD as contacts. I know that I can export the contacts as a .csv etc, but how do I then drop them into the new location (our mail sevrer?) we are running server 2003 and exchange 2003 on all domains/servers. cheers!

Hi there, I used avast! to scan my system (twice) and boy does it pick up a lot of junk! still got some niggling adware popups though, heres my hijackthis log, can you offer some suggestions on further action? Logfile of HijackThis v1.99.1 Scan saved at 15:02:19, on 10/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\NMSSvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Promon.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\{88315BBF-07C9-2057-0225-02010920002c}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\drivers\FITT setup\FITT V0.4.10 Build 129\FITT.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Cisco Systems\VPN Client\vpngui.exe C:\WINDOWS\system32\mstsc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\drivers\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0725D4AE-EA91-5164-542A-0761BFC19DAE} - C:\WINDOWS\system32\ggpmvvn.dll O2 - BHO: (no name) - {2D7D7345-23D6-6BFE-369E-070D2F26FFBB} - C:\WINDOWS\system32\epbermj.dll O2 - BHO: (no name) - {4A0857CB-B61D-2203-019A-01BD81DA11C0} - C:\WINDOWS\system32\qmstfun.dll O2 - BHO: (no name) - {50751D2B-BB65-013E-F90E-085BACC254F7} - C:\WINDOWS\system32\wgosrej.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing) O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [epbermj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\epbermj.dll,ltqkopb O4 - HKLM\..\Run: [wgosrej.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wgosrej.dll,oxdzwwb O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.threepointtech.com/cabs/lcsim.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://212.129.168.37:81/kxhcm10.ocx O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155313409206 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://idesk.bt.com/nortel_cacheable/iewiper.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fibrecity.local O17 - HKLM\Software\..\Telephony: DomainName = fibrecity.local O17 - HKLM\System\CCS\Services\Tcpip\..\{2B41EEFB-2A3D-4526-BBE4-AC2DD560BD25}: Domain = xxxxxxxxxx O17 - HKLM\System\CCS\Services\Tcpip\..\{2B41EEFB-2A3D-4526-BBE4-AC2DD560BD25}: NameServer = xxxxxxxxxx O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxxxxxxxxx O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = xxxxxxxxxx O17 - HKLM\System\CS1\Services\Tcpip\..\{2B41EEFB-2A3D-4526-BBE4-AC2DD560BD25}: Domain = xxxxxxxxxx O17 - HKLM\System\CS1\Services\Tcpip\..\{2B41EEFB-2A3D-4526-BBE4-AC2DD560BD25}: NameServer = xxxxxxxxxx O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xxxxxxxxxx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = xxxxxxxxxx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winsof32 - C:\WINDOWS\SYSTEM32\winsof32.dll O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: ZENworks Asset Management - Webconsole Updater Service (Webconsole Updater Service) - Unknown owner - c:\Tomcat4\WebConsoleSvc.exe (file missing) and after using the "fix" option on hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 15:12:17, on 10/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\NMSSvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Promon.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\{88315BBF-07C9-2057-0225-02010920002c}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\drivers\FITT setup\FITT V0.4.10 Build 129\FITT.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Cisco Systems\VPN Client\vpngui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\drivers\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.threepointtech.com/cabs/lcsim.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://212.129.168.37:81/kxhcm10.ocx O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155313409206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fibrecity.local O17 - HKLM\Software\..\Telephony: DomainName = fibrecity.local O17 - HKLM\System\CCS\Services\Tcpip\..\{2B41EEFB-2A3D-4526-BBE4-AC2DD560BD25}: Domain = xxxxxxxxxx O17 - HKLM\System\CCS\Services\Tcpip\..\{2B41EEFB-2A3D-4526-BBE4-AC2DD560BD25}: NameServer = xxxxxxxxxx O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxxxxxxxxx O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = xxxxxxxxxx O17 - HKLM\System\CS1\Services\Tcpip\..\{2B41EEFB-2A3D-4526-BBE4-AC2DD560BD25}: Domain = xxxxxxxxxx O17 - HKLM\System\CS1\Services\Tcpip\..\{2B41EEFB-2A3D-4526-BBE4-AC2DD560BD25}: NameServer = v O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xxxxxxxxxx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = xxxxxxxxxx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: ZENworks Asset Management - Webconsole Updater Service (Webconsole Updater Service) - Unknown owner - c:\Tomcat4\WebConsoleSvc.exe (file missing)

Thanks, I'll let you know how I get on!

Would someone be good enough to have a quick scan over this for me? I have picked up something that Symantec can't catch Logfile of HijackThis v1.99.1 Scan saved at 10:49:16, on 09/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\NMSSvc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\Promon.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\{88315BBF-07C9-2057-0225-02010920002c}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\FITT\FITT.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ishost.exe C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mstsc.exe C:\Program Files\Symantec AntiVirus\VPC32.exe C:\DOCUME~1\richard\LOCALS~1\Temp\Rar$EX00.407\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0725D4AE-EA91-5164-542A-0761BFC19DAE} - C:\WINDOWS\system32\ggpmvvn.dll O2 - BHO: (no name) - {4A0857CB-B61D-2203-019A-01BD81DA11C0} - C:\WINDOWS\system32\qmstfun.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing) O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [epbermj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\epbermj.dll,ltqkopb O4 - HKLM\..\Run: [wgosrej.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wgosrej.dll,oxdzwwb O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [XPize Reloader] C:\WINDOWS\XPize\XPizeReloader.exe /S O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.threepointtech.com/cabs/lcsim.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://212.129.168.37:81/kxhcm10.ocx O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155313409206 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://idesk.bt.com/nortel_cacheable/iewiper.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxxxxxxxxx O17 - HKLM\Software\..\Telephony: DomainName = xxxxxxxxxx O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vxxxxxxxxxx O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xxxxxxxxxx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winsof32 - C:\WINDOWS\SYSTEM32\winsof32.dll O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: ZENworks Asset Management - Webconsole Updater Service (Webconsole Updater Service) - Unknown owner - c:\Tomcat4\WebConsoleSvc.exe (file missing)

Hi all, A quick question: I have software deployment GPO's set up for my LAN users, and have the software assigned to machines according to GPO-related security groups (ie Office 2003 Pro computers, VPN client computers etc etc). For some reason, as soon as a machine is placed into one of the software groups, it assigns the apporpriate software AND our VPN client, regardless of wether it is in the VPN group. I need to troubleshoot this and stop it, but at a bit of a loss with where to start. Anybody with more experience of AD able to lend a hand? I suspect that the security rights are the place to start, but I don't want to make too many changes to a live machine lol.

Hi guys, after a little RAID related advice; We are attempting to upgrade our mail server to an adaptec 2130SLP and add a RAID5 array to increase data storage. Currently the server is using the onboard SCSI controller in an intel SR2300 chassis. the plan is thus: take the original RAID1 mirror, and place it on an adaptec 29320A controller in an old SPSH4 chassis; place 2 new disks on the 2130 against the other HSBP in the SPSH4. create a HW RAID 1 on the 2130SLP, then SW mirror the data across the HSBP's onto the new RAID1. Then, break the mirror, take the 2130, complete with newly mirrored disks (which should be a simple RAID1 mirror in its own right now) and boot in the SR2300 chassis. This should upgrade the RAID controller and allow us to add the new RAID5. I have installed all the necessary drivers etc etc. However, when we try and boot the new RAID1, it doesn't play. The controller recognises the array, but isn't booting from it. We have repaired the MBR, changed boot orders, and still no luick. can't run a repair install of server 2003 either, the option isn't there. QUESTION: has anybody done this or anything like it before? any advice, no matter how daft it may seem? TIA!!!