Re: Server accounts driving me nuts

If its a win2k box on a live IP, it'll be crawling with worms and spyware within minutes of bringing it live if precautions and updates aren't made. this will cause extremely erratic behavior, and a format is the only option, as that's actually easier than trying to remove all the malware.

Re: Server accounts driving me nuts

The system was formatted and reloaded just last Saturday, Since I went no further than Windows update I heavily doubt my system is infected with anything. I probably just don't have it configured right and it's screwing everything up.

Re: Server accounts driving me nuts

you dont have to go anywhere. Simple but peculiar test:
Do a clean install of windows, connect it to a live IP, and leave it running for a couple hours. I guarantee when you check it, it'll be loaded to the hilt with malware, even without going anywhere online with it, just by having a live IP. I've seen it happen MANY times.

Re: Server accounts driving me nuts

I still heavily doubt I have a malware problem so as much as you want me to install Win 2K server again, I refuse. this latest reinstall took me a whole day to do . It is NOT A MALWARE PROBLEM!
Could you also define to me what a live IP is?

Re: Server accounts driving me nuts

if it was on a unfirewalled connection with no updates its owned....PERIOD!

Re: Server accounts driving me nuts

How come it took so long to install? Was it because you were unfamiliar with setting it up? If so, then it should not take anywhere near as long now. If the problem is worms, malware etc. then before your reinstall, I recommend you get hold of Service Pack 4 for the server and to get a nice software firewall. That way before you hook up the server to the Internet, you will have a lot of updates already installed through the service pack and you will have a firewall so most nasties will not be able to come in.

The reason why I am talking about the malware argument rather than your original problem is because I would not have a clue!! I have never seen this happen and I would not have a clue on how to fix it.

Re: Server accounts driving me nuts

What are you going to use the server for? For most needs, Clarkconnect does the job very well. My main firewall/DHCP server is a Proliant DL360 with Clarkconnect 4, and it's been running great for about 2 years now.

Re: Server accounts driving me nuts

Ahh Bill.... thanks so much to your team for keeping me employed.

I have a second public IP that I switch on when I do remote support calls. It will be interesting to build a test box and leave it out as bait. I'm curious to see what attacks it will suffer.

It will be fun to name the machine BAIT to see if that makes any difference...

Re: Server accounts driving me nuts

1. Yes, I do have a firewall and any port I don't use is blocked. No exceptions.

2. Installing off the cd usually takes an hour. What takes the rest of the day up is downloading of patches and service packs as well as deployment and configuration of networking software/peripherals.

3. This is a file and print server as well as a webcam server (which I am still debugging). File and Printing support has been added for apple and Unix systems by use of software from microsoft or the installment of additional protocols (The Appletalk Protocol). Aside from Hamachi (my VPN manager) and the webcam server which is clean (nothing malicious came with it) and not transmitting beyond my firewall, all the software installed was direct from Microsoft.

After some searching, the IPC$ login on windows 98 is a bug. I tried the fix seen here however it didn't work.

I also tried to login with my mac and while I am only able to login as a guest (will not accept my password on other accounts) I would like to point that I shouldn't be able to login as a guest as windows disabled the guest account by default (wtf?).

As mentioned, if you login with either another windows 2000 system, or a system running xp you can login but even if you say that the password never expires you still logged out every half hour.

If you accessed my hamachi dedicated network drive through hamachi, what should happen when you want to browse the drive is that on your first time on the drive you login and the account never needs to be logged in again. After you have logged in (or you just select the "browse" option in hamachi) the server will then direct you to hamachi's network drive ( I: ) and not permit you to access/modify anything else on the server except what is on that drive.
What happens in reality is that if you do manage to login, it will log you out in half an hour as well as it will direct you to an overview of each drive on the server (usually marked with a "$" after the drive letter). While it still prevents you from getting into any of the other drives, after you find the hamachi drive (I$) you have to login AGAIN (it prompts you twice).

With ubuntu, you can see the server on the network but if you try to access it, you are not greeted with a prompt or a bunch of folders which represent the drives on the system, you get this:
With unix, you can't even see the server (because I have not yet configured Sharing for Unix yet).

With the exception of the mac, none of the systems can properly access both the printer or the network drives properly yet at the same time, each system can access the webcam no problem.

To me it looks like I screwed up somewhere. The error log shows no sign of file corruption or anything wrong there so my assumption is that the problem lies in the user accounts and the security policies.

Anyone want to help me?

Re: Server accounts driving me nuts

Okay, I went and deleted all the user accounts I added so now only the three default users exist (administrator, guest and one other whose name I can not remember). After that I then removed all the drive sharing (and selected "do not share" for each drive), reset anything I did to my security policies and then shutdown and restarted the system.

After restarting, two things happened:

1. Rupsmon hung (it's the software for my UPS, it does it every time so that's normal) but then unfroze and resumed working.
2. All the drives had their sharing switched back on (C:, E:, F:, G:, H: and I: were shared as C$:, E$:, F$:, G$:, H$: and I$: )

I then went and tried to login on all my systems.

-The Windows 98 systems still couldn't login (because I had not done this yet).
-The Windows 2000 and xp systems were able to login to any of the drives so long as I used the administrator account but then logged out a half hour later.
-Ubuntu was once again able to see the server and the drives however access to any of the drives required me to login as the administrator and I was logged out half an hour later.
-Mac systems were now able to login as the administrator but were also still able to login using the disabled guest account. I was never logged out on a mac.
-The unix systems were not tested as I still do not have Unix file and printer sharing enabled.
-Hamachi was also able to see the server drives however access to any of them required you to login as the administrator but you were still logged out after half an hour.

I ran another series of scans and came up clean and I also ran other checks.
One thing I did notice that for anything shared with a $ sign was somehow controlled by the administrator (even though I don't know how) and if you tried to modify it as the administrator it would tell you that it cannot be changed as it has been shared for administrative purposes and revert back after a restart.
Okay, then that must mean that my Administrator account is not properly set and any setting I have configured (like a session never expires or where a logged-in user is directed to or even another user account) is being ignored by the system and continues to bind to a set of policies the server set by itself, yet I can't find.

Why does this somehow remind me of HAL?
"I'm sorry John, I'm afraid I can't do that."

Re: Server accounts driving me nuts

The $ suffix means the share is hidden.

Re: Server accounts driving me nuts

Interesting.

Anyways, I spent another two hours setting up each user account one by one and I have made progress.
ALL my systems can now properly login, the guest account is properly disabled and I am no longer getting a login prompt on my systems EXCEPT the windows XP computers my parents and sister use. It forces you to log back in if you happen to logout of your XP account.
Well it looks like now all I have to do is finish setting the camera server up and finish configuring the File and printer sharing for Unix package I downloaded and I should be set.
I also learned something from this: If it's working, don't screw with it.