Dude, don't make my brain work like that so close to a weekend. Three pots of coffee yesterday after reading your post! >----- >Robert Bosch Corporation >Technical Systems Analyst (RBNA/CSA1) >Corporate Sales Reporting Systems >38000 Hills Tech Drive - Farmington Hills, MI 48331 - USA >phone: 1 (248) 553-1164 fax: 1 (248) 848-6969 >shawn.quillman@xxxxxxxxxxxx >http://www.bosch.us -----Original Message----- From: JosephK [mailto:josephk@xxxxxxxxx] Sent: Friday, September 16, 2005 12:57 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org Not a thing just wanted to participate in the list since I've been away doing some cool fun things. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, September 15, 2005 9:55 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org ?? What does this have to do with BIOS boot options? Ain't no OS during the boot process. -----Original Message----- From: JosephK [mailto:josephk@xxxxxxxxx] Sent: Thursday, September 15, 2005 7:41 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org Must you forget running with least privileges and using runas for all the good admin stuff. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, September 15, 2005 7:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org Ew. The last thing I do after building out a machine is disable boot from anything other than HDD. If I need a different boot process, I'll be seated at the machine anyway. -----Original Message----- From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Thursday, September 15, 2005 6:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org I do too. Not directly over RPC. I'll do it via remote desktop or Netmeeting (for the older machines). Have only had to drive in once to jumpstart a machine that didn't want to come back up (darn people leaving their floppies in their drives......) >----- >Robert Bosch Corporation >Technical Systems Analyst (RBNA/CSA1) >Corporate Sales Reporting Systems >38000 Hills Tech Drive - Farmington Hills, MI 48331 - USA >phone: 1 (248) 553-1164 fax: 1 (248) 848-6969 >shawn.quillman@xxxxxxxxxxxx >http://www.bosch.us -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Thursday, September 15, 2005 7:42 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org I do it all the time....if I roll out new software at client sites that requires a reboot. S -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Thursday, September 15, 2005 8:25 AM To: ISA Mailing List Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org No not me. I just questions when I don't get it. Who needs to remotely shutdown workstations anyway? Marie doesn't trust you? Amy -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 11:38 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org You talked to Marie, didn't you? <snif> - you don't trust me any more... -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 6:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org The kb talks about configuring the RPC filter for a particular rule. What if I uncheck it in system policy configuration, under Authentication, Active Directory. Will this disable it for all rules since System Policy is higher up than Firewall Policy? Obviously I'm not getting how changing this setting in System Policy effects my RPC settings in firewall policy rules where I can still, say in the Internet access rule, have enforce strict RPC compliance checked even though in system policy it's unchecked. What's the interaction? Or is there any? Amy Harbor Computer Services Small Business Computer Specialists Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/ -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 8:07 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org http://support.microsoft.com/default.aspx?scid=kb;en-us;833704 talks about it a little. So long as you're not server publishing RPC (Exch MAPI), you haven't exposed your workstations to anything except the ISA itself. -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 2:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org Restart a PC from the server. With Enforce Strict RPC Compliance checked in system policy you cannot remotely reboot a PC. If you uncheck it you can. PSS recommended unchecking it but I'm wondering what the security consequences are beyond you can now remotely reboot a PC. Amy ________________________________ From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Wednesday, September 14, 2005 5:26 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org I'm not understanding....you need to restart a pc, or you need to restart the sbs server. Or you need to restart a pc from the SBS server? S ________________________________ From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 6:08 PM To: ISA Mailing List Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org Yes, but if I uncheck that box, then I can bring down RPC. ________________________________ From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 4:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org I don't think so, because the workstation booted because you could bring down RPC, right? Since that's corrected there's no need to worry. Tiago de Aviz SoftSell - Curitiba (41) 3340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. >>> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx 14/9/2005 17:41 >>> http://www.ISAserver.org In system policy if I uncheck Enforce strict RPC compliance, I'm told that you can now remotely shut down workstations. What else have I opened my workstations up to? Blaster? Amy Harbor Computer Services Small Business Computer Specialists Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp <http://www.isaserver.org/pages/newsletterasp> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ________________________________ The correct technical term for haggis stalking is "havering". <http://haggishunt.scotsman.com/haggisclopedia.cfm?part=5> ________________________________ All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx The correct technical term for haggis stalking is "havering". ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx