--------------- FIDO MESSAGE AREA==> TOPIC: 206 WINDOWS 32BIT Ref: EDZ00003 Date: 09/26/97 From: MARK WRIGHT Time: 05:15am \/To: GARY INMAN (Read 4 times) Subj: Security Logon 1/5 GI=>-> I'll have to pass on this and let someone with WFWG network experience h GI=>-> out. It sounds like the work stations aren't actually logging off the GI=>-> network so no network log on is needed or that you don't have shares and GI=>-> permissions set properly. Here is a Tech Net article that might help... This chapter describes the security control enhancements implemented in Windows for Workgroups 3.11. These enhancements include the ability to disable file and printer sharing, configure password settings, and leverage the security mechanisms of Windows NT Advanced Server. A discussion of the functionality offered by the administrator configuration utility (ADMINCFG.EXE) that is included with Windows for Workgroups 3.11 is provided along with tips on how to implement the administrator security settings in a network environment. Related information Windows for Workgroups Resource Kit Addendum for version 3.11: Chapter 2, "Windows for Workgroups 3.11 Setup and Installation;" Chapter 7, "Integrating with Windows NT and Windows NT Advanced Server." Overview of Security Control Enhancements Windows for Workgroups 3.11 has many enhanced security features to prevent unauthorized access to shared information on the network as well as unauthorized access to the network. The system administrator may define and control some or all of the security settings for users of Windows for Workgroups 3.11 and Workgroup Add-on for MS-DOS. The security model in Windows for Workgroups 3.1 was designed to protect data in a networking environment, without requiring a network administrator to perform complicated procedures to enable the security system. Windows for Workgroups 3.11 contains enhancements to the security system provided with Windows for Workgroups 3.1, but maintains the ease of use and flexibility for the system administrator. Windows for Workgroups 3.11 provides the following improved security controls: Configurable peer networking The system administrator can disable peer file and/or printer sharing, and users cannot restore this capability. Administrator-defined password settings An administrator can define and control password settings that Windows for Workgroups uses. Support for Windows NT Advanced Server security features Through a validated logon to Windows NT Advanced Server domain, access to the network is restricted if the user isn't granted permission by the network administrator. Auditing of network events Users can monitor network access to their local computers by other network users. Configurable Peer Networking Many corporate MIS organizations that are responsible for administering dedicated server operating systems, such as Microsoft Windows NT Advanced Server and Novell NetWare, require the ability to disable file sharing or printer sharing on some workstations on the network. Windows for Workgroups 3.11 brings configurable peer networking to the corporate environment, enabling system administrators to control the networking privileges for each user. The administrator can selectively disable file sharing, printer sharing and Network DDE conversations using the Security Settings configuration application. These settings are stored in an encrypted file (WFWSYS.CFG) on each workstation. There are several mechanisms in place to prevent a user from circumventing the security settings configured for a specific workstation. If a user deletes the WFWSYS.CFG file on a workstation, the user will not have access to the network. It is also impossible for a user to use a copy of a WFWSYS.CFG file from another workstation because each WFWSYS.CFG file is uniquely identified with the computer on which it is originally installed. The system administrator can maintain a central set of security-settings files that can be used by workstations on the network. The administrator can modify the security-settings file in the central location and then the Windows for Workgroups-based workstations will synchronize their security settings with the new settings. The Security Settings application, ADMINCFG.EXE, is used to configure the security settings for a workstation running Windows for Workgroups 3.11 or Workgroup Add-on for MS-DOS. Figure 5.1 - The Security Settings dialog box allows the system administrator to configure the peer networking features of Windows for Workgroups. The peer networking features of Windows for Workgroups that can be controlled by the system administrator are: Disable File Sharing This setting prevents the workstation from sharing directories with other users on the network. Selecting this option will disable only the ability to share files _ the workstation will still be able to access shared files on the network. Disable Print Sharing This setting prevents the workstation from sharing any printers that may be connected to it. Selecting this option will disable only the ability for that workstation to share its printers with others_the workstation will still be able to access shared printers on the network. Disable Network DDE Sharing If Network DDE Sharing is disabled, the workstation will not be able to act as a Network DDE server. It can act as a client to other Network DDE servers. This setting is used to prevent access to information on the local computer by other computers using the Network DDE inter-application communication mechanism. Administration of Security Settings A useful feature of the security system in Windows for Workgroups 3.11 is that it enables a system administrator to configure the security settings and then distribute them remotely. Due to the security settings synchronization architecture in Windows for Workgroups 3.11, if the administrator finds it necessary to change any of the security settings, the changes can be updated automatically when Windows for Workgroups 3.11 starts up on each workstation. The system administrator can specify a network location where common security-settings files reside, allowing the security-settings files on multiple workstations to be updated from a single location. Workstations can be managed individually or in groups. This eases the burden on the system administrator when it comes time to a change to the security setting. Configuring different security-settings files for different users allows an administrator to vary the levels of users' security. More information on remote updating of security settings is presented later in this chapter. Administrator-Defined Password Settings In addition to controlling file sharing, printer sharing, and Network DDE conversations on the network, Windows for Workgroups 3.11 features enhanced password security. Using the Security Settings configuration application, a network administrator can define settings for the various password controls. Figure 5.2. - The Password Setting dialog box, displayed by choosing the Passwords button in the main Security Settings dialog box Password Settings The password settings than an administrator can configure for a computer running Windows for Workgroups 3.11 or Workgroup Add-on for MS-DOS are: Disable Password Caching When password caching is enabled, Windows for Workgroups creates a password file containing the names of the shared network resources and the passwords required to connect to them. If password caching is disabled, the user must type in the correct password each time he or she connects to a password protected share. Show Share Passwords in Sharing Dialogs When enabled, this setting forces the actual characters of a password, rather than asterisks, to display when typed into a password field in a dialog box used to share resources. Logon Password Expiration When enabled, this setting specifies the maximum number of days a user can use a password. After this period expires, the user must change the password. Minimum Password Length When enabled, this setting controls the minimum number of characters accepted for a user's logon password. Force Alphanumeric Passwords >>> Continued to next message * OLX 2.1 TD * Remember, even if you win the rat race, you're still a ra --- GEcho 1.11+ * Origin: (1:343/70) --------------- FIDO MESSAGE AREA==> TOPIC: 206 WINDOWS 32BIT Ref: EDZ00004 Date: 09/26/97 From: MARK WRIGHT Time: 05:15am \/To: GARY INMAN (Read 4 times) Subj: Security Logon 2/5 >>> Continued from previous message When enabled, this setting forces a user's logon password to be a combination of numbers and letters. Require Validated Logon to Windows NT or LAN Manager Domain When enabled, this setting requires the user to be validated by either a Windows NT or LAN Manager domain controller before the user will be allowed any access to the network. See the next section for more details. Allow Caching of User-level Passwords When enabled, this setting allows password caching. Password caching allows a user to reconnect to password-protected shares after a validated logon without re-entering the required password each time. However, to maintain a secure Windows NT domain, Windows for Workgroups 3.11 will not cache passwords to servers with user-level security. When a connection is made to a user-level server, Windows for Workgroups 3.11 will first try the user's logon password. If that fails, a password dialog will appear, and the user must type in the appropriate password. Banner Options In addition to password settings, the administrator can change the logon banner that is displayed at the top of the Windows for Workgroups 3.11 logon dialog box. To change the text displayed in the logon banner from the default, which is "Welcome to Windows for Workgroups," to text defined by the administrator, choose the Admin... button in the Security Settings dialog box. To enable the custom banner, select the Custom Logon Banner check box, and type the appropriate text into the Text field as shown in Figure 5.3. Figure 5.3 - The Administrator Settings dialog with customized logon banner When the custom logon banner is enabled, the text will appear in the title bar of the dialog box used to logon to Windows for Workgroups 3.11 as displayed in the following figure. Figure 5.4 - The customized Windows for Workgroups 3.11 logon dialog box Support for Windows NT Security Features While Windows for Workgroups 3.11 provides a secure environment for a workgroup, there may be additional security needs in your organization. In a networked environment where Windows NT Advanced Server or Microsoft LAN Manager security mechanisms are in use, Windows for Workgroups 3.11 can be configured to adhere to the logon validation specified by the domain controller. This allows tighter control of access to the network. This restricted access is user-specific rather than workstation-specific. Including a computer that runs Windows NT Advanced Server in a Windows for Workgroups-based network enhances the security implemented in Windows for Workgroups 3.11 to include: Validated logon The validated logon to Windows NT allows a network administrator tighter security controls to prevent unauthorized network access. If a user isn't validated by the Windows NT domain, the user is not granted permission to access the network and will not be able to connect to network resources (for example, files or printers). User-level security Information stored on a Windows NT Advanced Server can be made available to network users on a per-user basis. User-level security can be used to specify which users have access to the shared information, and what access rights each user has. Figure 5.5 - The Windows NT New User dialog box provides access to user logon restrictions including time of day and logon location. Time-of-day logon restrictions The time-of-day logon restriction setting supported by Windows NT Advanced Server allows a network administrator to restrict users of Windows for Workgroups to log onto the network during certain days of the week and certain hours of the day. Figure 5.6 - The Windows NT Logon Hours dialog box. Access this dialog box by choosing the Hours button in the New User Dialog box. Physical logon location restrictions The physical logon location restriction setting allows a network administrator to prevent a user of a Windows for Workgroups from logging onto the network from specified computers. Figure 5.7 - The Windows NT Logon Workstations dialog box restricts the physical locations from which a user may log onto the system. The support for the Windows NT security model accommodates the changing needs of businesses that want to start with a Windows for Workgroups network, and then enhance it as their computing needs grow and mature. Implementing Windows for Workgroups 3.11 Security Controls So far, this chapter has highlighted the security enhancements present in Windows for Workgroups 3.11. This section discusses how to implement the new security controls in a network environment. Expanding the ADMINCFG.EXE Utility The ADMINCFG utility is used to configure the security controls for a computer running Windows for Workgroups 3.11or the Workgroup Add-on for MS-DOS as previously discussed in this chapter. Because the ADMINCFG utility is designed for use by system administrators or other users that want to take advantage of the additional security controls present in Windows for Workgroups 3.11, the ADMINCFG utility is not installed by the Windows for Workgroups 3.11 setup program. ADMINCFG is left in compressed form on the last disk of the Windows for Workgroups 3.11 disk set. To use the ADMINCFG utility, it is necessary to expand the compressed file into the Windows directory, as explained in the following procedure: To expand the ADMINCFG utility off the installation disks into the Windows directory 1. With Windows for Workgroups running, place the last disk of your Windows for Workgroups 3.11 disk set into either drive A or drive B. (The following installation steps will assume the disk is in drive A, if you are using drive B, substitute that drive letter as appropriate.) 2. From Program Manager in Windows, choose Run from the File menu. 3. On the command line, type: Expand a:admincfg.ex_ c:\windows\adminfcfg.exe (Substitute the name of your Windows directory, as appropriate.) Tip To make it convenient to access the ADMINCFG utility, you may want to create a Program Item in Program Manager for the ADMINCFG.EXE file. Creating the Security Settings File (WFWSYS.CFG) This section describes how to customize, install, and activate the security settings file (WFWSYS.CFG) on a computer running Windows for Workgroups or the Workgroup Add-on for MS-DOS. A default WFWSYS.CFG file is created on a user's workstation when Windows for Workgroups 3.11 or the Workgroup Add-on for MS-DOS is installed. An administrator can update a user's WFWSYS.CFG file with additional security controls enabled. After installing the ADMINCFG utility on a workstation, the system administrator can run it to specify the security settings necessary to control network access to suit the organization. Using the ADMINCFG utility, the administrator can configure peer networking and disable file sharing, printer sharing, or Network DDE. Administrators can also configure password options and administrator settings with ADMINCFG. Password-Protecting the Security Settings File To prevent users from modifying the security settings file (WFWSYS.CFG) residing on the computer, the system administrator must assign an administrator password to the file. When a security settings file is first created, the administrator will be prompted to specify a password to protect the file. To assign a password to an existing security settings configuration file, select the Admin... button from the Security Settings dialog box, and then select the Set Password... button in the Administrator Settings dialog box. Figure 5.8 - The Administrator Settings dialog box provides the ability to assign a password to protect unauthorized modification of security settings. When a password is assigned to a security settings file, a user will need to know the password to make changes to the security settings file. If a user does not know the password, that user will not be able run the >>> Continued to next message * OLX 2.1 TD * Remember, even if you win the rat race, you're still a ra --- GEcho 1.11+ * Origin: (1:343/70) --------------- FIDO MESSAGE AREA==> TOPIC: 206 WINDOWS 32BIT Ref: EDZ00005 Date: 09/26/97 From: MARK WRIGHT Time: 05:15am \/To: GARY INMAN (Read 4 times) Subj: Security Logon 3/5 >>> Continued from previous message ADMINFCFG file at all, therefore making it impossible to change the security settings that have been enabled on his or her workstation. Installing the Security Settings File Administrators can install the WFWSYS.CFG on their users' computers in two ways, network installation or individual installation. Network Installation If Windows is installed over a network, the administrator can place a preset configuration file in the directory from which the users are installing. The Windows for Workgroups 3.11 setup program will copy this WFWSYS.CFG file to the local Windows directory at the time of installation. Individual Installation If Windows is purchased preinstalled on computers or installed from disk, the administrator-defined security settings file can be copied into the users' Windows directory for each computer where the customized security controls are wanted. In either of these cases, the first time Windows for Workgroups 3.11 is run the security settings configuration file is associated with that individual computer, preventing a user from being able to copy a security settings file from another computer in an attempt to override the settings enabled by the administrator. Note Once a security settings configuration file (WFWSYS.CFG) has been associated with an individual computer, the settings file can NOT be copied to another workstation and used. Windows for Workgroups will detect this as a security violation and will require the administrator to either create a new configuration file or for the user to reinstall Windows for Workgroups. Network Installation A network installation of Windows for Workgroups is created on a network installation point by performing an Administrative Setup by typing setup /a as described in Chapter 2, "Windows for Workgroups 3.11 Setup and Installation." Once the expanded files are placed on the network install point, you can specify a default security settings file that should be used by copying the configured WFWSYS.CFG file to the network install point. When a user installs Windows for Workgroups from the network install point either by performing a standard Setup or by setting up a shared copy of Windows for Workgroups by using the /n option when running Setup, the WFWSYS.CFG file will be copied from the network install point and placed in the users Windows directory. Individual Installation If you are not installing Windows for Workgroups from a network, you can run the ADMINCFG utility against a local workstation. To do this, you can place an expanded copy of the ADMINCFG.EXE file on a disk, and then run the administrator configuration utility from the disk. You will then be able to open the WFWSYS.CFG file residing on the hard disk of the local workstation, modify the security control settings, and then save the changed security settings file back to the local workstation. Updating Security Settings Remotely In an environment where the security controls offered in Windows for Workgroups 3.11 are enabled and you expect to change the settings, you can configure the security controls file to remote update security settings from a specified server on the network. However, if you do not expect to change the security settings for a workstation once configured, you do not need to configure the security settings file to remotely update the settings. The administrator can specify a network location (a UNC path name or drive letter and path) from which Windows for Workgroups or the Workgroup Add-on for MS-DOS should update its security settings at startup. This is useful for providing centralized administration and makes it easy for administrators to perform operations such as changing the administrator password for the WFWSYS.CFG file, changing administrator-defined password settings, or enabling/disabling file or printer sharing after Windows for Workgroups is installed. The administrator may maintain the file on a read-only, password-protected share to help ensure that the configuration file is secure. The administrator can then make changes to the security configuration and computers that update from that file will inherit the new settings the next time Windows for Workgroups is restarted. Figure 5.9 - The Administrator Settings dialog box allows an administrator to define a network location from which security settings are updated. During an update, Windows for Workgroups will open the remote configuration file and copy the values of its settings to the local configuration file. If an update is specified, it will occur every time Windows for Workgroups is started. By default, Windows for Workgroups will not display error messages if it fails to update the local security settings file from the network location. Reasons for failed updates include the unavailability of the server where the global security settings files are stored. For troubleshooting, administrators can select the Display Error Messages check box to display error messages on the local workstation if the update fails. In the case of failed updates, the most recent security settings that are in effect will be used. To specify that the security settings file should update its values from a defined network location, select the Update Security Configuration from Server check box as shown in Figure 5.9, above. The Update Options include: Network Path The network path can take the form of a Universal Naming Convention (UNC) path name, or can explicitly reference a network drive and path. For practical purposes, the UNC name is more desirable as it doesn't require a drive letter to be mapped to a network drive before it can be accessed. The UNC name uses the following syntax: \\server_name\share_name where server_name identifies the name of the server where the security settings file reside, and share_name identifies the name of the shared directory on the given server. Password If a password is assigned to the shared directory where the security settings files reside, the password should be specified here. Use Root Directory Only When Windows for Workgroups attempts to update the security settings from a configuration file residing on a server, it will first look to see if a subdirectory exists matching the local computer name, and if that subdirectory contains a valid configuration file. If the subdirectory contains a valid configuration file, the configuration file assigned to the local computer will be used. If this option is enabled, Windows for Workgroups will not check for a subdirectory matching the local computer name. Note If the subdirectory feature for remotely updating security settings is to be used, the computer names must be no more than eight characters in length. Scenario Examples for Remote Update of Security Settings This section will illustrate the configuration scenarios available in Windows for Workgroups 3.11 to provide flexibility when administering security settings and configuring the peer networking functionality of Windows for Workgroups. The following scenarios are outlined in this section: Disabling file sharing for all users Handling exceptions for security settings Configuring security settings by department Disabling File Sharing for all Users In some cases, administrators may find that it is necessary to disable file sharing for all Windows for Workgroups 3.11 users on the network. This is easily done by using the ADMINCFG utility. To disable file sharing for all users Note This procedure assumes the network server's name is ADMIN and the shared directory's name is CONFIG. >>> Continued to next message * OLX 2.1 TD * Remember, even if you win the rat race, you're still a ra --- GEcho 1.11+ * Origin: (1:343/70) --------------- FIDO MESSAGE AREA==> TOPIC: 206 WINDOWS 32BIT Ref: EDZ00006 Date: 09/26/97 From: MARK WRIGHT Time: 05:15am \/To: GARY INMAN (Read 4 times) Subj: Security Logon 4/5 >>> Continued from previous message 1. Create a directory on the network server to store the WFWSYS.CFG security settings file, named CONFIG. Share the directory with the access rights set to Read Only. Optionally, assign a password. 2. Run the ADMINCFG utility to create a WFWSYS.CFG security settings file in the shared CONFIG directory. 3. Set the security settings as appropriate. In this scenario, select the Disable File Sharing check box to disable file sharing. 4. Select the Update Security Configuration from Server check box and type \\admin\config as the Network Path. Also type the appropriate password, if the share is password protected. Alternately, select the Use Root Directory Only check box if you do not want to support exceptions to the security settings controls. (Exceptions are discussed in the following section.) The Administrator Settings dialog box should now look similar to this: Figure 5.10 - Administrator Settings dialog box 5. Choose the Set Password... button to assign a password to the security settings file. This will prevent users from being able to change their security settings. 6. Choose the OK button on the Administrator Settings dialog box. 7. Choose the Save button in the Security Settings dialog box to save the changes made to the WFWSYS.CFG. To put the custom configured security settings into effect on all workstations Do one of the following: Place the WFWSYS.CFG file on the network installation point which will then be automatically copied to each user's workstation when Windows for Workgroups 3.11 is installed from the network installation point. -Or- Copy the WFWSYS.CFG file to each workstation. Handling Exceptions for Security Settings In many cases the administrator may find it necessary to disable peer networking services on many workstations, but still allow file and/or printer sharing capabilities for specific users. Allowing exceptions to the default WFWSYS.CFG Note As done previously, this procedure assumes that the default WFWSYS.CFG file is placed in the root directory of the network server, referred to as \\ADMIN\CONFIG. This example assumes that file sharing is to be enabled on the computers named COMPUTR1, COMPUTR2, COMPUTR3, and disabled on all other computers. 1. Create a subdirectory on the \\ADMIN\CONFIG share to match the name of each workstation on which you want to enable file sharing. The name of each subdirectory must match the Computer Name of each workstation as defined in the Network icon in Control Panel for each of the computers. Create subdirectories of the root directory called COMPUTR1, COMPUTR2, and COMPUTR3. 2. Copy the default WFWSYS.CFG file from the root directory to the COMPUTR1 directory. 3. Run the ADMINCFG utility and open the WFWSYS.CFG file in the COMPUTR1 directory. Provide the appropriate password to open the WFWSYS.CFG file. 4. Deselect the Disable File Sharing check box to enable file sharing. 5. Select the Admin... button and deselect the Use Root Directory Only check box so that Windows for Workgroups will use the WFWSYS.CFG in the COMPUTR1 subdirectory, rather than the default security settings file from in the root directory. 6. Save the security settings file. 7. Copy the WFWSYS.CFG file from the COMPUTR1 directory and place a copy in the COMPUTR2 and COMPUTR3 directories. 8. Copy the WFWSYS.CFG file from the COMPUTR1 directory to the Windows directory located on COMPUTR1, COMPUTR2, and COMPUTR3. Configuring Security Settings for a Group of Workstations Another possible configuration scenario is when the system administrator wants to administer security settings to a collection of computers rather than handling individual exceptions. In this case, it is necessary to create different share points on a the network server to address each collection of computers. If wanted, the administrator can then choose to use the remote subdirectory update feature to handle exception cases on an individual basis. Let's assume there are three different collections of computers called USER, MANAGER, and SERVER. For the USER group, you want to disable file and printer sharing. For the MANAGER group, you want to enable file sharing and printer sharing, but you want to assign administer-defined password settings. For the SERVER group, you want to enable file sharing and printer sharing, but you want to disable Network DDE Sharing. In this scenario, you could set up a common Network Path for all collections of computers, say \\ADMIN\CONFIG, and then create subdirectories for each individual computer with the appropriately customized WFWSYS.CFG file, but this would be tedious and time-consuming. Instead, the best way to address this configuration scenario is to create a different share point for each collection of computers on a given server; in this case USER, MANAGER, and SERVER on the network server called, ADMIN. To configure security settings for a group of workstations 1. Create a directory on the ADMIN server for each collection of users and share the directories, with passwords as appropriate. In this scenario, create a directory called USER, MANAGER, and SERVER, and share each of these directories. 2. Create a WFWSYS.CFG file with file sharing and printer sharing disabled and place it in the USER directory. Update the Network Path field to point to \\ADMIN\USER. Assign a password to the security settings file. 3. Create a WFWSYS.CFG file with the administrator-defined password settings configured in the MANAGER directory. Update the Network Path field to point to \\ADMIN\MANAGER. Assign a password to the security settings file. 4. Create a WFWSYS.CFG file with Network DDE Sharing disabled in the SERVER directory. Update the Network Path field to point to \\ADMIN\SERVER. Assign a password to the security settings file. If a given computer is already configured with Windows for Workgroups, place the appropriate WFWSYS.CFG file in the Windows directory on that computer For computers where Windows for Workgroups is not installed, you may either create three separate network installation points configured with the appropriate WFWSYS.CFG file in the network install directory, or after Windows for Workgroups is installed, copy the appropriate WFWSYS.CFG file to a given computer. For each collection of computers, you can then handle individual exceptions as described in the previous procedure. Auditing of Network Events In addition to improved security enhancements for peer networking within MIS organizations and improved mechanisms for restricted network access, Windows for Workgroups 3.11 includes networking auditing functionality. This functionality allows a user to identify the users who are connected to the local computer at any time. The Windows for Workgroups 3.11 auditing mechanism also maintains a log of network events to facilitate tracking of access to shared resources. Net Watcher With the Windows for Workgroups 3.11 Net Watcher tool, users can identify who is connected to shared directories and who has which files opened. For more information on Net Watcher, see Chapter 10, "New and Updated Accessories," in the Windows for Workgroups Resource Kit for version 3.1. Figure 5.11 - This Net Watcher dialog box shows fifteen users connected to a Windows for Workgroups computer. Event Log Another way to monitor access of resources on a computer sharing files and printers is to audit specific network events that occur on the computer. With Windows for Workgroups 3.11, a user can enable system monitoring of networking events and a log file will be created. This is useful both as a security mechanism to help trace unauthorized access, and as a diagnostic aid to observe when different network events happen on a given computer. You can enable the Event Log can be from the Network section of Control Panel by selecting the Event Log icon. The Event Log is stored in a file called AUDIT.LOG, which you can open and view from the Net Watcher tool by choosing View Event Log from the Connection menu. >>> Continued to next message * OLX 2.1 TD * Remember, even if you win the rat race, you're still a ra --- GEcho 1.11+ * Origin: (1:343/70) --------------- FIDO MESSAGE AREA==> TOPIC: 206 WINDOWS 32BIT Ref: EDZ00007 Date: 09/26/97 From: MARK WRIGHT Time: 05:15am \/To: GARY INMAN (Read 4 times) Subj: Security Logon 5/5 >>> Continued from previous message Figure 5.12 - The Event Log records the occurrence of selected network events. The Event Log can record the following events related to Windows for Workgroups 3.11-based servers: Server Startup The Event Log creates an entry each time the server starts. Server Shutdown The Event Log creates an entry each time the server shuts down. Connect to Server Each time a user connects to the server, the Event Log creates an entry recording the computer name, user name, the share that was accessed, the type of access made by the user, and the time of the connection. Disconnect from Server Each time a user disconnects from the server, the Event Log creates an entry recording the computer name, user name, the shared resource that was accessed, the type of access, and the time of the disconnection. Unsuccessful Connect Attempt Each time a user tries to connect to the server and fails, the Event Log creates an entry recording the computer name, user name, and time of the connection attempt. Spool Print Job Each time a print job is spooled to the server, the Event Log creates an entry recording the computer name, user name, the time the print job was spooled, and the name of the document. Pause Print Job If a user pauses a print job as it is spooling to the server, the Event Log creates an entry recording the time the print job was paused and all of the user's information. Resume Print Job If a user resumes a paused print job in the server's queue, the Event Log creates an entry recording the time the print resumed and all of the user's information. Delete Print Job If a user deletes a print job as it is spooling to the server, the Event Log creates an entry recording the time the print job was deleted as well as all of the user's information. Complete Print Job When a print job is done printing and is no longer in the queue, the Event Log creates an entry recording the time the print job finished and all of the user's information. * OLX 2.1 TD * Remember, even if you win the rat race, you're still a ra --- GEcho 1.11+ * Origin: (1:343/70) --------------- FIDO MESSAGE AREA==> TOPIC: 206 WINDOWS 32BIT Ref: EDZ00008 Date: 09/29/97 From: TONY GRIFFITH Time: 12:45pm \/To: KARI SUOMELA (Read 3 times) Subj: Telnet deamon for NT4 WS Hello Kari! In a message to Gilbert Doyen <09/28/97> Kari Suomela wrote: KS> -=> Quoting Gilbert Doyen to Dale Ross <=- GD> I'm the Resource Kit for NT. You are sure he contain a telnet deamon ? KS> Try "daemon"! :) In the NT 4.0 reskit? I didn't get this one. \\\\/ (o,o) +--------------------oOOo--(=)--oOOo----------------------+ | Team (o)S/2 Indignation Coordinator | | Certified Microsoft MVP | | .oooO Oooo. | | Tony Griffith ( ) ( ) minitman@gte.net | +----------------------\ (-----) /------------------------+ * WCE 2.1G1/2460 * (o)S/2 Warp: The OS voted most likely to secede! --- WILDMAIL!/WC v4.12 * Origin: Horsepower Provided By Microsoft Windows NT 5.0 (1:3603/420.0) --------------- FIDO MESSAGE AREA==> TOPIC: 206 WINDOWS 32BIT Ref: EDZ00009 Date: 09/30/97 From: CHRISTER SOLSTRAND Time: 03:55am \/To: CHARLES SCAGLIONE (Read 3 times) Subj: Win95 OEMSR2 CS> CS>Wouldn't that just include setting up SR2, then NT on separate CS> CS>partitions, then? That's what I was planning to do now, at CS> CS>least. CS> Yes, I believe so. I certainly wouldn't want to run them both CS> from the same partition. I agree. I don't even run DOS and NT from the same partition. CS> CS>That's probably for compatibility purposes, yes, but I cannot CS> CS>see why. After all, there are mostly disk scanning programs and CS> CS>such that won't work there, and it's my experience that the CS> CS>ScanDisk that accompanies SR2 does its job. CS> My office is a US Government agency office and anything that takes CS> a little more effort and some thought is usually swept under the CS> rug. The "technicians" always seem to take the easy way. I've Of course they do, it's their job! :) CS> been tempted to bring in my copy of Partition Magic 3.02 and make CS> changes, however, I respect our agency rules that state any CS> changes made are to be made by IS personnel or computer CS> technicians. I guess that's a Smart Thing(tm) to do. :) CS> And I can understand the reason for those rules. I can't imagine CS> the havoc that would be caused if everyone changed things as they CS> felt. Oh well, I always have my machines at home to play with. CS> At least if I screw something up, I only have myself to answer CS> to. Yeah, but it's always better to have someone you can blame. :) - csj@hl.telia.no - http://remiel.home.ml.org/ - --- BBBS/L v3.33 How * Origin: Errors HQ: Prog/Emul/Linux/Demos, +47-56341083 (2:211/16) --------------- FIDO MESSAGE AREA==> TOPIC: 206 WINDOWS 32BIT Ref: EE100000 Date: 09/30/97 From: CHARLES SCAGLIONE Time: 06:44pm \/To: GERRY DANEN (Read 4 times) Subj: Intall NT 4 GERRY DANEN wrote to GUY BARON about Install NT 4 GD> GB> I will install Nt Server 4. on a D drive on my PC where I GD> GB> allready have 95 up and running. GD>Based on my experience, get rid of W95. It screwed up my NT setup GD>royally. You may have seen my horror story in the WIN95 echo. That's true when installing Win95A over the top of a WinNT 4.0 installation. However, believe it or not, Win95B (OSR2) does not disturb the WinNT 4.0 boot files and installs nicely. Of course you must install it without the FAT-32 option. charles.scaglione@why.net CMPQwk 1.42 1262 --- QScan/PCB v1.19b / 01-0530 * Origin: * Collector's Edition * Dallas, Texas USA (1:124/6610)