Wednesday, June 24, 2009

Network Access: Shares that can be accessed anonymously

For 2003 servers goto Group Policy:


Windows settings>Security Settings>Local policies>Security Options>

Network access: Shares that can be accessed anonymously

Remove:

COMCFG
DFS$

Apply and move on to the next problem.

Scott.
.

SQL Service Pack will not install due to previous install attempt.

Pretty simple eh?


---------------


In Registry Editor, expand the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

On the File menu, click Export.

NOTE: In Microsoft Windows 2000, click Export Registry File from the Registry menu.

In the File name text box, type: "Session Manager Key" (without the quotation marks)
Click Save.

In the right-pane of the Registry Editor window, right-click PendingFileRenameOperations. On the shortcut menu that appears, click Delete.

In the Confirm Value Delete message dialog box that appears, click Yes.

On the File menu, click Exit.


Reboot that sucker and come back and try again....Keep in mind you dinking around with the registry...This gives you a backup of the key but your still playing with fire if you don't know what your doing. Pretty safe change to be real about it...


Bonus plan, if the reg setting continues to come back just smoke it and done reboot and launch the sqlpatch. Should work just as well....my ideas allway work some of the time.


Scott.
.

Null Session Registry Settings

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa


This change in secregvl.inf under:



MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM,4,%RestrictAnonymousSAM%,0


Or if you pushing group policy:

Network access: Do not allow anonymous enumeration of SAM accounts and shares

Set it to disable for a value of 1 to get the retina scan high off you machine.

Microsoft SQL sp_replwritetovarbin Memory Corruption (959420) - SQL Server

SQL2000-KB960083-v8.00.2282-x86x64-ENU

In my case the patch that it always wants to put here is Retina wants you to use:

SQL2000-KB960082-v8.00.2055-x86x64-ENU.exe

Does not work if you already have sp3 installed. Bummer, just use the one above.

Scott.

.

Monday, June 22, 2009

Microsoft Internet Explorer Cumulative Security Update (958215) - 2003

Microsoft Internet Explorer Cumulative Security Update (958215) - 2003


Ok guys this is a 2003 server and the retina update is saying I need to apply a patch. Problem is that patch does not install because I have already patched this machine up to top end specs. Retina will no let go and remove the high. Here is the reg. key you need to change to get past this one. Do both.



HKEY_CLASSES_ROOT\CLSID\{EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} = Shell.Explorer.1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}] "Compatibility Flags"=dword:00000400

HKEY_CLASSES_ROOT\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2} = Shell.Explorer.2[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8856F961-340A-11D0-A96B-00C04FD705A2}] "Compatibility Flags"=dword:00000400


Scott.
.

Stig - Security Technical Implementation Guides

Greeting.


Lets just get to the chase here. I have to STIG a whole bunch of computers and I need a place to keep track of the things that I find that are a bit out of the norm. That way I don't go looking for them 50 times over the course of doing this.


You get a free ride.


Scott.
.