Re: Remote Registry always set to disabled after startup?

From: "mlai" <mlai@xxxxxxxxxxxxxxxx>
Date: Wed, 28 Feb 2007 15:42:38 +0800

I found out what the problem was. My system has Mail Enable Enterprise 2.33 installed and on Feb 24, there was a massive attack on an unpatched critical vulnerability on ME, causing a leak of all encrypted passwords hashes. Be adviced that this is not an isolated incident and was documented on the Mail Enable forums.

"Sean Cai [MSFT]" <v-secai@xxxxxxxxxxxxxxxxxxxx> wrote in message news:6Op71lkWHHA.1540@xxxxxxxxxxxxxxxxxxxxxxxxx

Hi,

Thank you for posting in the Microsoft newsgroup!

From your post, my understanding on this issue is: the Remote Registry
service is always set to disabled after startup. If I'm off base, please
feel free to let me know.

Thanks to Herb for his key in. It's greatly appreciated.

Except group policy, some scripts and commands can stop services as well.
However, I think group policy is the first thing you need to check.

The applied group policy can be exported by the gpresult command. You can
run the command ※gpresult /z§ on the problematic machine and paste the
output of the command to newsgroup. I'd like to assist you to analyze it.

Have a good day!

Sean Cai, MCSE2000
Microsoft Online Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

Follow-Ups:
- Re: Remote Registry always set to disabled after startup?
  - From: Sean Cai [MSFT]

References:
- Remote Registry always set to disabled after startup?
  - From: mlai
- Re: Remote Registry always set to disabled after startup?
  - From: Herb Martin
- Re: Remote Registry always set to disabled after startup?
  - From: Sean Cai [MSFT]

Prev by Date: Re: Is this possible in any way?
Next by Date: Alert! Critial attack on systems with Mail Enable (versions prior to 2.37) installed
Previous by thread: Re: Remote Registry always set to disabled after startup?
Next by thread: Re: Remote Registry always set to disabled after startup?
Index(es):
- Date
- Thread

Relevant Pages

RE: Restrict logon hours
... Change Logon Times for a User Account ... Edit the user account properties by using the net user command. ... Enforce Logon Time Restrictions Using Group Policy ...
(microsoft.public.win2000.group_policy)
RE: Applying a GPO to all computers in the domain?
... I tried the gpresult command and got the following information: ... It does say Group Policy was applied from: ... >> created a new Organisational Unit and dragged all the client computers into ...
(microsoft.public.windows.server.active_directory)
Re: Syncing time to the Domain Controller
... Well you should be able to use Group Policy via a "startup" script to ... To configure a client computer for automatic domain time synchronization ... Open a Command Prompt. ...
(microsoft.public.windows.group_policy)
Re: Syncing time to the Domain Controller
... Well you should be able to use Group Policy via a "startup" script ... > To configure a client computer for automatic domain time synchronization ... > Open a Command Prompt. ... >> reverse the change to all those PCs...850 of them plus about 75 servers. ...
(microsoft.public.windows.group_policy)
Re: krb5kdc_err_s_principal_unknown on Windows Kerberos Domain
... command line with the parameter "tickets". ... fail group policy replication for users. ... I went to the command line and tested this unusual syntax, ...
(comp.protocols.kerberos)