touchstone_81

I had come across this annoying error on one of our servers whose primary job it was to process hundreds of xml files every second. The server would run fine for say about a month, sometimes a little more and all of a sudden would stop servicing network requests. it was so bad that even ipconfig wouldnt work. We eventually found that this was being caused by an antivirus program that was leaking memory from the non-paged pool. So when this error occurs take a look at the value of paged/non-paged pool in the performance tab of the task manager. Google for what values are normal and what arent ;of course this would depend on the OS and the amount of ram you have on the machine. Incidentally does the problem persist even after a reboot?

If the son is good at social engineering then he wouldn't even need any hacking or cracking;you would be surprised by the information you can get just by asking.

Hmm if you are running IIS maybe you could check for any security tools like the IIS lockdown tool.By the way when you say-- Quote: "I am wondering if anything has any ideas, I'm at a dead end....." i am hoping that it was a typo.

hmm if this is a production server then i dont think running winamp or plugging in headsets to listen to songs on servers is a good idea. Anyways since this is happening intermittently the best way to troubleshoot this would be to look at the event logs, dr watson logs etc.I would also advice you to run a spyware/antivirus scan on this machine.

Yes DOS will not recognise NTFS unless you are using some kind of a driver to read NTFS Take a look at these links: http://support.microsoft.com/kb/315349 http://www.bootdisk.com/ntfs.htm Or maybe you could try Hiren's boot cd or UBCD.Hopefully they should have the storage drivers included to recognise the disks.

In your post you say you tried burning to different brands and burners;by this i assume you tried to install with another OS installation CD-ROM.If you haven't you should. In case you have tried different media then you could boot to the recovery console ,format the c drive with NTFS copy the contents of the OS media using any OS boot floppy and then run the setup(winnt.exe in the i386 folder) from the harddrive as opposed to the optical drive. Also when in the recovery console run a chkdsk /p to check for errors and /r to correct any found.

Blocking internet access may be better achieved using a firewall rather than AD. But if you dont happen to have a well protected firewall you could still block http traffic by using IPSEC policies in gpedit. Step 1 -- set up a filter list defining any traffic originating from the workstations in question to any IP at port 80(port 443 for ssl), step 2 -- setup a block filter action and finally create an ip security policy linking the filter list and actions. After that all that remains to be done is to assign the policy and wait for it take effect or do a manual refresh if you are the impatient type. remember this will block access to any intranet websites operating on port 80 otherwise they should be fine.One way to get around this is to set up a another filter list with a permit action for a particular intranet webserver. Note: If you are using a proxy to go through to the internet then the rule you set up must block all destination traffic to the proxy server port.eg: 9090

check the primary dns suffix being used on the pc.

well had the same problem some time back and back then what i did was to take the simpleton route and restart the DC voila it was working. well things may be different in your case bu hey just a thought.

Well i got all the bigwigs together explained to them the risks involved with giving users additional privileges and fortunately they bought that and now are considering investing on a file server. knowing what needs to be done is one thing but convincing someone else to go with it is an entirely different ball game altogether.Its extremely annoying when something that is so very simple and clear is so colossally difficult for others to grasp.clients can sometimes be such a pain in the neck. Thanks for the suggestion memnoch.didnt know about("Allowed to create permanent shared objects") this one;took a look at the microsoft website and i cant say i am any wiser now .this is the explanation they give : http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true quote Create permanent shared objects Allows a process to create a directory object in the Windows Server 2003 family and Windows XP Professional object manager. This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege. Default setting: No one

well yes that is the recommended option but you see my client wants the users to be able to share folders from their own pcs and not access them from a file server. Anyway i have resigned to the fate that making them power users is the only way.

Hi is there any way to allow domain users to share files without making them local administrators on the workstation they log into? All my searches in google point me to add the users to the power users group.But doing this will allow them to install software which is a luxury i cannot afford to give. Would really appreciate if someone can point another way to do this. Thanks in adavnce.

Do you have system restore turned on?? and was your system working properly and then things took a bad turn or it has always been this way?

By default, the VPN clients inherit the DNS server IP addresses configured on the VPN server. VPN clients will not be able to resolve DNS host names on the internal network if they are not assigned a DNS server address by the VPN server. Maybe the VPN client already has a DNS server address assigned to it. However, that DNS server address does not resolve names on the corporate network because that DNS server is intended to resolve names on the network the VPN client computer is attached to before connecting to the VPN server, or to resolve only Internet host names. Also check if the vpn server is able to resolve names because if it isn't then you need to start troubleshooting from there. In addition do an nslookup on the client when you are connected to the vpn server, you should see your corporate dns server's IP and when you are disconnected you should see your dial up/broadband providers dns IP. If none of this works then you could make a hosts file and distribute that to all vpn clients.But if there are a lot of vpn clients then of course you will have more work to do.

Thought i would post the script that i made for anyone who wants to use it Here goes: 'SET_OE-STORE_Network.vbs - Change the OE Mail Store to M drive Outlook Express and open it in Explorer strMbox = MsgBox("Is Outlook express configured on this system for mail?",4,"Outlook Express") If strMbox = vbyes Then OESub() Else wscript.quit End If Sub OESub() MsgBox "This script will change your Outlook Express mail local system to your M: drive(Home Folder)." Set WshShell = WScript.CreateObject("WScript.Shell") OE_ID = "HKEY_CURRENT_USER\Identities\Last User ID" OE_ID2 = WshShell.RegRead(OE_ID) OE_ID3 = "HKEY_CURRENT_USER\Identities\" & OE_ID2 & "\Software\Microsoft\Outlook Express\5.0\Store Root" OE_ID7 = WshShell.RegRead(OE_ID3) if OE_ID7 = "M:\Outlook Express" then wscript.quit else '''' M drive refers to Home drive WshShell.RegWrite OE_ID3 , "M:\Outlook Express", "REG_EXPAND_SZ" StoreFolder = WshShell.RegRead(OE_ID3) ShowFolder = "%SystemRoot%\explorer.exe " & StoreFolder WSHShell.Run ShowFolder Set WshShell = Nothing end sub

Memnoch: Hi good news; I took a harder look at the the domain settings today and found that the logon scripts worked great on users who didn't have a roaming profile.i wonder about that But the fact is they do work and thats what i cared about,the other things i can bring around.Whats more the scripts were able to work their magic even with these two settings enabled: "Disable access to Registry editing tools" and "Restrict access to explorer drives A, B and C" Now i have to go and work-out a solution to backup the OE Rules to their home drives but thats another story,thanks for setting me in the right direction. cheers!

memnoch: well i tested the script on an user who had local admin rights and the script worked with no problems but the same failed on a regular user.So i presumed the user couldn't right to the registry but if as yo say even regular users can modify the HKCU reg entries then i guess i have to have a relook at the domain policy.maybe there is a conflicting setting somewhere, i hope. Brennen: Hi thanks for the kixtart snippet.The OE ID well is a bit tricky but i got that covered in the vbscript. if what memnoch says is right then i guess it shouldn't matter what language the script is written in.So let me have a look again and then i shall post the results tommorow.

Techtype:hi you got me there, i was so excited at the prospect of it all working that i had'nt give it much thought . nmxmemnoch: Hi i havent used kixtart before but i guess i could always learn.But is this any different from the other scripting languages(eg;,vb,or batch) in the sense of writing to registry when the the users only have read-only rights.Because i dont really care which language is used all i want to get done is basically have the registry modified while the users are logged in or logging in without giving them too many rights. is that possible with kixtart??

Hi thank you all for the replies. Fizban- cannot use runas because then the application being run would run in the context of the administrator having a different "HKCU" hive whereas i need to be able to run the regedit app as the user or by any other means but the key being modified should be under the user's registry hive and not the administrator's. dubsdj: startup items ha sounds very promising and yes indeed that is what i intend to do.you know prior to reading this i was going to run another computer login script which would give all domain users write permissions on the regedit application using setacl or cacls and then run my outlook express script. Thanks for the suggestion.

Hi i have a logon script that changes the default location of the outlook express store from local system to the user's home folder on a network share. Now obviously doing this manually on a 100 systems is not an exciting prospect so i thought i would configure this as a logon script for all the users. The only problem is the logon scripts run in the context of the currently logged-on user(s) who only have domain user rights and thus cannot modify the registry. i cannot run this in an registry ADM because the OE identifier for each user is different on each system. I have been googling for this for some time now without any luck so any help is greatly appreciated.

Ok great will try that thanks for your help.

Hi thanks for the reply cluberti i did take a look at the link you gave me and it more or less confirmed what i already knew . what i was wondering was is there any way to determine the exact value of kernel pools without connecting to the internet.?

how can i find the nonpaged pool limit in win2k using process explorer without connecting to internet? Internet browing has been disabled on all our servers so cannot set the microsoft symbol server to download symbols in process explorer but need to find out the non paged pool limit desperately so as to set an alert. right now we are restarting the server once the non paged pool hits the limit and cannot accept any more connections. used poolmon and found out the faulty driver as well but since the fix is not due for another month or so need to know the non paged pool limit. tried so far? downloaded and extracted the sybols for win2k locally on the server and set the path in process explorer but somehow process explorer dosent seem to recognise them. please help.

Hi all, i have had a weird problem and would really appreciate any help on this issue . We have about 20 workstations in a domain; in one of the workstations when I press CTRL+ALT+DEL, the logon box appears, but the username and password boxes are greyed out. I cannot type anything at all. If I remote desktop in and reboot, I can login locally as well as to the domain. After a few days, back to grey. There is no VNC , dameware or anything of that sort .No freeware .checked the machine for spyware and viruses ,seems clean . But just can't figure out why the logon would be blocked . Also when this happened i tried to connect to the computer managemnent console of the affected workstaion from a DC ;the interesting thing was the " local users and groups" would not be displayed ,it had a Red X mark on it .Dont know if that is related or not but thought would post it in case someone could make sense of all this. Thanks in advance Cheers Title Edited - Please follow new posting rules from now on. --Zxian

Clean Drive HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Clean Drive\command name-default type-REG_SZ data-cleanmgr Logoff HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Logoff\command name-default type-REG_SZ data-shutdown -l -f -t 3 for Reboot just change the switch -l to -r in the data segment. add/remove programs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Add/Remove Programs\command name-default type-REG_SZ data-control appwiz.cpl