valter
Content Type
Profiles
Forums
Events
Posts posted by valter
-
-
Is that w2k3 box the only server in that AD?
0 -
Did you check the RAM?
0 -
Did you try to remove warez p2p program?
0 -
Trusts in 2 different AD would allow your user1 from AD1 to authenticate to AD2 and vv. The other way would be to migrate users from AD2 to AD1 and then slowly move servers as well ...
0 -
you can restrict printing using either user group access or using printing devices (Win2k3) but to display request that will be approved or denied is not possible using built in software ... you would have to look for some third party software that controls printing ...
0 -
ThanksThis would be the short, simple, and easiest method since the other way is causing issues.
Actually my question why do we use option "Local" not "Network", since it is networked-printer ?(i.e I want to know the reason for that)
when you install printer on the server you have to use Local in order to share the printer, since you can't share "network" printer ... if you run for example HP Network Printer Installation Wizard to install HP network printers on your server, all printer will be installed as local, even though specific ports using IP addresses will be created, and printers will be shared ...
0 -
It might be that's downloading huge update, so give it some time
0 -
Sure you can, what matter is SID not the computer name, so you can safely remove that machine from DC OU and then join it again under the same name ....
0 -
Windows 2000 Server comes with basic firewalling functionality (as does Window 2k3).
I started playing around with IP Filtering....
- Open the Control Panel.
- From the Network Connections applet, open the connection you want to configure.
- Click the Properties button.
- Select Internet Protocol (TCP/IP).
- Click the Properties button.
- Click the Advanced button.
- Click the Options tab.
- Select TCP/IP filtering.
- Click the Properties button.
- Check the box beside Enable TCP/IP Filtering.
- Select Permit Only for TCP Ports, UDP Ports, and/or IP Protocols.
- Click the Add button.
- Enter the port or protocol number and click OK.
- Repeat the last couple of steps until you've entered all desired ports and protocols.
- After you are done, close all the dialog screens by clicking either OK or Close.
- You will be prompted to reboot for the changes to take effect.
The problem I find here is that it can lock down all ports EXCEPT what I list... but I can't specify other exceptions.
Guess a third party tool is what is needed here.
Just seemed a waste to spend money on a full firewalling package when all that is needed is a few rules.
sorry dude, but that's TCP/IP filtering, the same functionality that existis on Win2k3 beside firewall ... but that's NOT the firewall, never was, nor will be ... as I said, look for the third party firewall
0 - Open the Control Panel.
-
K how do i make it automatic?
You disable autocomplete
0 -
Clean Autocomplete in IE
0 -
I would promote that Win2k box to a DC (AD) and then use ADMT to migrate to Win2k3 .. your users wouldn't see any difference coz they log on from outside, so that would be the painless thing to do ... however, before you do anything, make sure you test it in the test environment ...
0 -
could anybody tell me if there's a significant performance boost in sp1? i'm comfortable on windows 2003 and dont want to update to sp1 unless theres any performance boosts. i really dont care about improved security.
long story short, no there is not, if you don't need SP1, don't install it ... simple as that
0 -
Haven't seen a win2k box in a while, but I can't recall that win2k box has a built in firewall ... anyway, even Win2k3 box built in firewall wouldn't do what you're looking for, I would advise you to look for a third party product or ISA2k4
0 -
Be very, very carefull if you're running AD on your Win2k box ... don't just disable services for nothing, it must be the reason for that ... clean your event log and then restart the server, then check the event log again, and write down all errors (red cross), warnings (yellow exclamation) and info, including event id number, source, and the body of the error ... an excellent resource site for event log is eventid.net ... subscription costs 10 US$/year, **** cheap, and life saving web site ... or just post your errors and warnings here, so we will try to pinpoint the problem(s) ...
0 -
Why ISA2k when you can get ISA2k4 ... anyway, while ISA2k was opened from the start, ISA2k4 is sealed down, it doesn't trust no1, not event itself. Installation and configuratioin is pretty straight forward, you need though to decide client configuration, should it be NAT, firewall or proxy client configuration ... anyway, I'm taking ISA2k4 course right now, and can give you some directions for start if you want ... a good resource would also be www.isaserver.org
0 -
MS PRESS 70-290
0 -
But even if they can access it, they can't do anything ... what ever they try to do, they will receive Access denied ...
0 -
Well first you've edited your post later, never mind
anyway, this Now I replaced the OS (not the PC, because I have dual OSs on each PC) for both PCs with WinXP and Win2000 Sever, they worked fine, with out any problem. still doesn't explain what means "worked fine" ... could you ping the routers, could you telnet to the routers ... anyway, there is no reason for not being able to ping anything from the Win2k3 box ... the only node that can drop the ping packet is the one you're trying to ping, in your case the router ...Try installing Win2k3 SP1 and don't forget to apply the latest hotfix for tcp/ip flaw
0 -
Check power properties, right click on the desktop, properties, screen saver, click on power button and then tab advanced, there is a settings what should happen when you press the power button ...
0 -
If the user is not administrator he/she can't use computer management anyway ... I don't think what you ask is possible to be done via GPO, but I think you might want to try MS TweakUI
0 -
if you can ping your box from the router, but not the router from the box then ICMP has been disabled on the router (security) can you ping LANA from LANB router? ... another thing, you have to enable telnet access on CISCO routers ... I assume you're taking CCNA labs, telnet access should be among chapters in the first semester ...
0 -
When you say you've changed the server, do you mean that you have installed a DHCP server on another box and not using the existing database? If so, then the problem is probably in your clients. If you have any external laptops, just plug it in and see what happens ... another thing, are you sure your server has network access, coz it might be this very last tcp/ip flaw
0 -
You're very welcome
0
ISA 2004
in Windows 2000/2003/NT4
Posted · Edited by klasika
Hi m8,
here is something for the start ...
1. Get a computer with 3 NICs
2. Install Windows 2003 Server and updates but NOT SP1 (remember NO SP1)
3. Make it a member server of your AD
Now we have to secure ISA server itself. Do the following:
4. Download this from Microsoft site and extract it somwhere
5. On the DC make a new OU, call it ISA and place ISA server there.
6. Apply High Security-Member Server Baseline template to the ISA OU (template is located in the extracted material Windows Server 2003 Security Gu
ide\Tools and Templates\Security Guide\Security Templates)
Make sure to set the following services as follows (within GPO for ISA OU)
a. Remote Access Connection Manager set startup to Automatic
b. Routing and Remote Access set startup to Automatic
c. Telephony set startup to Automatic
Once done, on the ISA box open cmd and type "gpupdate /force", reboot machine when asked.
7. On the external interface on ISA server do the following:
a. Clear the check box next to Client for Microsoft Networks
b. Clear the check box next to File and Printer Sharing for Microsoft networks
c. On the DNS tab of the Advanced TCP/IP properties clear the check box next to Register this connection address in DNS
d. on the WINS tab of the Advanced TCP/IP properties clear the check box next to Enable LMHOSTS lookup and select Disable NetBIOS over TCP/IP
Now ISA is secured (at least should be)
Now you have to make up your mind about the clients, do you want to use SecureNAT, Web Proxy or Firewall clients
Here is the description of the clients:
Firewall clients are computers on which Firewall Client software
has been installed and enabled. When a computer with the Firewall Client
software installed requests resources on the Internet, the request is directed to the
Firewall service on the ISA Server computer. The Firewall service authenticates
and authorizes the user and filters the request based on Firewall rules and application
filters or other add-ins. Firewall clients provide the highest level of functionality
and security.
SecureNAT clients do not require any client installation or
configuration. SecureNAT clients are configured to route all requests for resources
on other networks to the internal Internet Protocol (IP) address of the ISA Server
computer. If the network includes only a single segment, the SecureNAT client is
configured to use the internal IP address on the computer running ISA Server as
the default gateway. SecureNAT clients are easiest to configure because only the
default gateway on the client computers must be configured.
Web Proxy clients are any computers that run Web applications
that comply with Hypertext Transfer Protocol (HTTP) 1.1, such as Web
browsers. Requests from Web Proxy clients are directed to the Firewall service on
the ISA Server computer. Because most client computers already run Web Proxy–
compatible applications, Web Proxy clients do not require the installation of
special software. However, the Web application must be configured to use the ISA
Server computer.
If you want I can scan you (PDF) my exercises so you can go through. Of course, having a book 70-350 Implementing Microsoft Internet Security and Acceleration Server 2004 is a MUST. If you don't have it, I can "borrow" you a PDF as well