Re: Enforce Strict RPC Compliance Definition
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 16 Sep 2005 10:30:57 -0300
Well.......I don't know about that
I use a wmi shutdown / reboot script at a few of my clients as I do most of my
work remotely. It's very handy to be able to reboot 30 workstations from a
central point after I have approved the monthly WSUS updates and the pc's need
restarted, You can't always rely on the clients to do this. Some of my clients
would just leave their pc's logged on for months if they could get away with it.
S
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Friday, September 16, 2005 10:19 AM
To: ISA Mailing List
Subject: [isalist] Re: Enforce Strict RPC Compliance Definition
http://www.ISAserver.org
Maybe that's where it came originally to me then too. I don't know. All I got
was a please include this in the ISA chapter in the SBS Unleashed book from the
editor. Apparently someone somewhere had CSS tell them to uncheck it to enable
remote boot of workstations. I didn't want to include it, so what I really
wanted you to tell me was don't do it. So, OK it's not dangerous but seeing how
changing system policy doesn't effect how ISA functions I don't think it
belongs in my chapter anyway. That's going to be my push back.
Amy
Harbor Computer Services
Small Business Computer Specialists
Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Thursday, September 15, 2005 9:52 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Enforce Strict RPC Compliance Definition
http://www.ISAserver.org
I got a mail fwd from Marie via Steve Maddox asking about this very thing.
too coincidental for my taste..
:-)
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, September 15, 2005 4:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Enforce Strict RPC Compliance Definition
http://www.ISAserver.org
No not me. I just questions when I don't get it. Who needs to remotely shutdown
workstations anyway?
Marie doesn't trust you?
Amy
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Wednesday, September 14, 2005 11:38 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Enforce Strict RPC Compliance Definition
http://www.ISAserver.org
You talked to Marie, didn't you?
<snif> - you don't trust me any more...
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, September 14, 2005 6:42 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Enforce Strict RPC Compliance Definition
http://www.ISAserver.org
The kb talks about configuring the RPC filter for a particular rule. What if I
uncheck it in system policy configuration, under Authentication, Active
Directory. Will this disable it for all rules since System Policy is higher up
than Firewall Policy?
Obviously I'm not getting how changing this setting in System Policy effects my
RPC settings in firewall policy rules where I can still, say in the Internet
access rule, have enforce strict RPC compliance checked even though in system
policy it's unchecked. What's the interaction? Or is there any?
Amy
Harbor Computer Services
Small Business Computer Specialists
Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Wednesday, September 14, 2005 8:07 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Enforce Strict RPC Compliance Definition
http://www.ISAserver.org
http://support.microsoft.com/default.aspx?scid=kb;en-us;833704
talks about it a little.
So long as you're not server publishing RPC (Exch MAPI), you haven't exposed
your workstations to anything except the ISA itself.
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, September 14, 2005 2:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Enforce Strict RPC Compliance Definition
http://www.ISAserver.org
Restart a PC from the server. With Enforce Strict RPC Compliance checked in
system policy you cannot remotely reboot a PC. If you uncheck it you can. PSS
recommended unchecking it but I'm wondering what the security consequences are
beyond you can now remotely reboot a PC.
Amy
________________________________
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Wednesday, September 14, 2005 5:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Enforce Strict RPC Compliance Definition
http://www.ISAserver.org
I'm not understanding....you need to restart a pc, or you need to restart the
sbs server. Or you need to restart a pc from the SBS server?
S
________________________________
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, September 14, 2005 6:08 PM
To: ISA Mailing List
Subject: [isalist] Re: Enforce Strict RPC Compliance Definition
http://www.ISAserver.org
Yes, but if I uncheck that box, then I can bring down RPC.
________________________________
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
Sent: Wednesday, September 14, 2005 4:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Enforce Strict RPC Compliance Definition
http://www.ISAserver.org
I don't think so, because the workstation booted because you could bring down
RPC, right? Since that's corrected there's no need to worry.
Tiago de Aviz
SoftSell - Curitiba
(41) 3340-2363
www.softsell.com.br
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é
restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem
por engano, queira por favor retorná-la ao destinatário e apagá-la de seus
arquivos. Qualquer uso não autorizado, replicação ou disseminação desta
mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável
pelo conteúdo ou a veracidade desta informação.
>>> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx 14/9/2005 17:41 >>>
http://www.ISAserver.org
In system policy if I uncheck Enforce strict RPC compliance, I'm told that you
can now remotely shut down workstations. What else have I opened my
workstations up to? Blaster?
Amy
Harbor Computer Services
Small Business Computer Specialists
Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
<http://www.isaserver.org/pages/newsletterasp>
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
________________________________
The correct technical term for haggis stalking is "havering".
<http://haggishunt.scotsman.com/haggisclopedia.cfm?part=5>
________________________________
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
The correct technical term for haggis stalking is "havering".
Other related posts:
