|
| |
|
 |
In response to last week's article about the ever-morphing redirector components, reader Phil Rupp wrote to tell me that Windows XP Service Pack 1 (SP1) clients on his network experience consistent problems accessing files stored on a Windows 2000 server. He wonders whether the two redirector components might be the problem.
Rupp first noticed the problem after upgrading XP systems to SP1. After the upgrade, XP clients encountered a variety of error messages when trying to access remote files. Messages include slow performance messages, notification that files are corrupt or already open by another user, or messages that state the file is no longer available. Rupp noted that clients encounter these errors in a variety of applications, but only when accessing files hosted on a Win2K system.
According to Microsoft, the connectivity problems aren't related to multiple versions of the redirector code but do involve the Server Message Block (SMB) protocol. The Microsoft article "'File or Network Path No Longer Exists' or 'No Network Provider Accepted the Given Network Path' Error Message When You Copy or Open Files in Windows XP SP1" states that the client errors are the result of a bug in how the Win2K system hosting the shared resource processes signed SMB packets from an XP SP1 client. The protocol bug produces many error messages in a variety of circumstances. Clients might also experience delays accessing a remote file, and in some cases, hang and need to be restarted.
Here are some of the symptoms XP SP1 clients exhibit when SMB signing is causing problems:
- When you copy a file from a network share to the client, the copy fails 50 percent of the time.
- Programs that open and close files or create temporary files on a Win2K-based server might be slow to respond, produce several different error messages, or hang.
- Programs that generate heavy network file traffic experience delays or very slow response when opening or closing files.
- Clients see error messages when a logon script runs or when the system applies Group Policy.
To correct this problem, call Microsoft Product Support Services (PSS), quote reference article Q329170, and ask for the fix that addresses the problem. The patch corrects SMB processing errors in eight OS components, including localspl.dll, printui.dll, spoolss.dll, spuninst.exe, srv.sys, srvsvc.dll, winspool.drv, and wlnotify.dll. The files have a release date of October 10. You must install this patch on all WinK servers that host remote shares for XP SP1 clients.
To temporarily work around the problem, you can disable SMB signing on servers that host resources for XP SP1 clients. To do so, you need to modify the Default Domain Controllers policy, a built-in policy that applies to all DCs. Open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in. Right-click the Domain Controllers organizational unit (OU), and click Properties. Click the Group Policies tab, select the Default Domain Controllers Policy, then click Edit. Expand the keys and navigate to Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options. Here, you will find four of Win2K’s SMB signing options, including
- Digitally sign client communication (always)
- Digitally sign client communication (when possible)
- Digitally sign server communication (always)
- Digitally sign server communication (when possible)
A default DC installation enables the last option, "Digitally sign server communication (when possible)." You turn off SMB signing on a DC by disabling this feature. If the last option isn't enabled, check the settings for the other three options and disable every enabled SMB option. At this point, you can wait 5 minutes for the automatic Group Policy refresh cycle, or you can manually refresh the policy on each DC with the command secedit/refreshpolicy machine_policy/enforce.
[Windows & .NET Magazine UPDATE 29 Oct 02] |
|
| |
Have you ever received a Web-based greeting card from a friend or relative? They're common these days, and they seem to be taken for granted, in that people trust the intent of someone who might send them a greeting card. People like to be greeted with kindness, so they're inclined to look at and read the greeting card. It's one of the feel-good things that many people simply can't resist.
Have you ever wondered why a company would spend its Internet resources delivering free greeting cards on behalf of people with whom it conducts no business otherwise? How does such an entity profit from those endeavors? What might its motives be?
Last week, a user posted an interesting message to our HowTo for Security mailing list regarding one company that delivers Web-based greeting cards. That company, Permissioned Media, runs a Web site called FriendGreetings.com, which lets one person send another person an electronic greeting card.
The friendly facilitation seems simple and harmless, but it has a rather insidious side.
When you receive a greeting from FriendGreetings.com, the message says that someone sent you the greeting and that to read it, you must click a URL that takes you to the Web site hosting the greeting. When you click the URL, you're prompted to install an ActiveX control before you view the greeting. As the greeting-card recipient, you would probably assume that you must install the ActiveX control to view the greeting; however, that's not the case.
Instead, FriendGreetings.com has designed the ActiveX control, complete with an End User License Agreement (EULA), to interact with your mail client software and harvest information about your email contacts. After the ActiveX control obtains your private contact list information, it sends a similar greeting card to everyone in your contact list, probably unbeknownst to you!
If you took time to read the EULA from FriendGreetings.com, you'd discover that the EULA clearly states Permissioned Media's intention to do just that.
A section of the EULA reads, "As part of the installation process, Permissioned Media will access your Microsoft Outlook contacts list and send an e-mail to persons on your contacts list inviting them to download FriendGreetings or related products." By accepting the EULA and installing the ActiveX control, you give the company permission to perform that activity.
In essence, the greeting cards that FriendGreetings.com delivers resemble many worms that travel the Internet: They're parasitic, intrusive, devious, elusive, and most of all, probably unwanted. Even some antivirus vendors issued warnings about the greeting card last week.
However, we can't completely blame FriendGreetings.com for its use because, although the company counts on most users' acceptance of the unread EULA, the EULA does spell out some of its intention. By agreeing to the EULA, users agree to the ActiveX control activity.
Nevertheless, the lesson here should be obvious: When you encounter a EULA, don't take anything for granted. Read it word for word to understand exactly what you're accepting and think through what the consequences of acceptance might be.
Permissioned Media bills itself as a "behavioral marketing network" with more than 100 clients that advertise online. The company also operates Cool-Downloads.com. You can read Permissioned Media's EULA at the URL below. Take note that it grants the company "the right to add additional features or functions to the version of PerMedia you install, or to add new applications to PerMedia, at any time." Yikes! If you've received a greeting card from FriendGreetings.com and installed the associated ActiveX control, you might want to remove its software from your system. To find out how, be sure to read the related news article, "Protect Your Contact List: Read the EULA!" in this newsletter.
And if you're a security administrator for your network, consider blocking FriendGreetings.com to help ensure that none of your network users inadvertently compromise private contact information by accepting a greeting card from that Web site. [Security UPDATE 30 Oct 02] |
|
| |
What's going on under your system's hood?. Is your computer a little sluggish these days? Wonder if it's time for an upgrade? Jason Parker has three downloads that tell you how much RAM you're using, which programs are running, and more. [ZDNet Tech Update Weekly 18 Oct 02]
>> Cool Beans System Info puts a small window on your desktop containing colorful bars that represent the amount of memory various processes are using. Double-click on the window, and you get a more detailed overview, which shows your processor type and speed as well as the features you have running on your system. (Free/Windows) |
|
|
© Copyright
2002
Eric Hartwell.
Last update:
11/4/2002; 5:45:36 PM.
This theme is based on the SoundWaves
(blue) Manila theme. |
|
"Data! data! data!" he cried impatiently. "I can't make bricks without clay."
— Sherlock Holmes to Dr. Watson in "The Adventure of the Copper Beeches" by
Arthur Conan Doyle.
"I
like deadlines," cartoonist Scott Adams once said. "I especially like the
whooshing sound they make as they fly by."
"There is nothing like that feeling of spending days and days banging your head
against a wall trying to solve a programming problem then suddenly finding that
one tiny obscure and seemingly unrelated piece of the puzzle that unlocks the
solution. Oh yeah!"
- Chris Maunder, CodeProject Newsletter 28 Jan 2002
"Management at eSnipe,
which is me, is also feeling the pain of the 2002 bear market. So rather than
pout about it, I bought some stuff on eBay that I really didn’t need, but made
me feel better."
- Tom Campbell, president of
eSnipe
|
