Over 1 million tech questions and answers.

User1 Queried user1 using SAMR

Q: User1 Queried user1 using SAMR

We are seeing a lot of activities for our users in ATA containing the below:

What is the protocol SAMR and why the user is querying himself everyday.

Best Regards,

Read other answers
Preferred Solution: User1 Queried user1 using SAMR

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)



I just recently brought a new laptop (vista) which had some stuff preinstalled.

Now I noticed the directory is C:/User/user1

Instead of C:\Documents and Settings\"Name of User" like Windows XP.

How do I change it so it reads C:\Documents and Settings\"Name of User" or what ever the default directory name is for Vista.

I just don't want C:/User/user1 as it confuses me.

I tried renaming the computer through Mycomputer but it doesn't seem to work



Hi & Welcome

Well, if you're looking to use rename that folder, why not.. just rename that folder?

Here's how to rename your administrative account's name.

Read other 8 answers

Hi all
I've been installing / uninstalling stuff while testing on a CLEAN install of W7 (x-64).

I see now one of the directories (Documents and settings username1) is now 7GB.

The WHOLE OS only takes around 14 GB .

I can't see what's taking up the space -- is there any nice utility that clearly can show Disk usage in a sort of cloured pie / bar chart etc rather like the nice Linux utility DU. (I've enabled "show hidden files etc").

I'm sure it's all related to me installing / uninstalling stuff but Windows explorer is a HORRIBLE tool for "Cleaning up" disks etc. It's fine for everyday purposes but for this type of stuff it's not the correct tool.


A:Documents and settings - user user1 7 GB HELP

Hi Jimbo,

Have a look at this TreeSize Free https://www.jam-software.de/customer...80&language=EN

Read other 7 answers


My scanner only scans for User1 (administrator)
but XP says it cannot find the scanner for User2 (limited account)

When I scan something using User1 User2 can see the file
but not open it.

Security settings, privileges is confusing to me.

User2 needs to be able to scan.
thanks in advance for help.

Mark S

A:Scanner works for User1 not for User2

Is user 2 at least a power user? If it's a shared scanner then User2 needs to be a Power User.

Read other 3 answers

Quick question...
I am setting up 2 users on a fresh windows install. I am setting up the desktop in a specific way, with specific icons in specific locations.
Once I set up 1 user, can the desktop be duplicated for the 2nd user so that it looks exactly the same, and thus save me the time of re-laying out the desktop for the second user?


A:Can User1 desktop be duplicated to User2?

Copy the profile.

How to copy profiles in Windows 2008 R2 and Windows 7

Read other 2 answers

Please help. My husband's laptop seems to have a very bad virus. At first he was not able to get IE to run -- things went downhill from there. I had AVG installed and it was doing regular scans, but nothing alerted. I rolled back to the oldest restore point then installed AVAST and deinstalled AVG. AVAST indicated it found something and recommended a boot scan, which I did. That's when I got the error that File C:\USERS\USER1\APPDATA\LOCAL\TEMP\ELS.DLL is infected by WIN32:SIREFEF-AI [DRP] -- I selected to move to chest. Also received similar error saying C:\WINDOWS\ASSEMBLY\TMP\U\[email protected]|[embedded_r#00290] is infected by WIN32:MALWARE-GEN - also moved to chest. I have also run MalwareBytes which found nothing. I am at a loss as to how to proceed and greatly appreciate your assistance! Below is the text file DDS log.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by user1 at 15:54:20 on 2011-10-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2825 [GMT -4:00]
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:�... Read more


please remove this request from the list of unaddressed issues - I have restored the pc to factory defaults and no longer need assistance

Read other 2 answers

What does it mean (in layman's terms) when you see this message in ATA?
<computer A> was queried by one or more users from <computer B> using SAMR against <domain controller> 
I am seeing this every four hours in our network/domain. 

Read other answers

I have 2 users. user1(admin account) and user2(standard account). How do i set password policies so that only user2 gets effected ?

Read other answers

In Win2k Pro Control Panel/Modems it states modem works ok, Device Manager says its Com1, IR4 working ok, but when querying
USRobotics56kVoicePCI , states no response. BUT: Drive 1, Win95 uses the same modem without problem. Suggestions?

A:modem does not respond when queried

Read other 9 answers

I've been chasing this problem in a software forum but am beginning to wonder if it's due to failed hardware.

I have a second hand Advent laptop running on XP Home. In the past I've been able to video edit using an Avid program. Having removed and some time later re-installed this program it now doesn't work and flags up a warning about the video card (ATI mobility radeon 9000.) In the meantime I've also installed XP Pro SP2 and allowed auto updates. I've tried re-installing agp and card drivers that I've found on the internet (XP doesn't have them) and when that didn't work I did a clean install of XP Home in case XP Pro SP2 was causing the problem. When I look in device manager there are several devices with problems.

Multimedia Audio Controller
Network Controller
PCI Modem
Video Controller

I have tried uninstalling them and allowing Windows to attempt a re-install on the next start up, doesn't work, Windows can't find or start the devices. (code 28 or 10)

I know that the onboard modem has never worked (laptop bought 2nd hand) and I'm beginning to wonder if all these controllers are on the same chip and that this is a hardware fault? Despite the list of queries in device manager, I can still hear audio, play mpegs on the Windows Media Player and network with my desktop. I don't really understand why things seem to work even though the devices that I presume are responsible for the functions have a proble... Read more

A:Queried items in device manager

Read other 13 answers

Since installing WP Pro SP2 on my laptop I've noticed 3 big yellow question marks in device manager for Network controller, SM Bus controller and Video controller. Despite these problems I can use the laptop as part of a network and video display seems OK until I try to video edit on Avid, which refuses to display moving video and flags up a warning about the video card.

I've been trying to re-install the driver for the ATI mobility radeon 9000 (64MB) adapter and get an error message that an INF file is missing and to try installing a standard VGA card. I know from other posts that this is a common problem. So far I've tried re-installing the SIS AGP driver followed by the ATI driver. No luck. I'm wondering if the fact that 3 devices have a problem since (I think) 'upgrading' to XP Pro SP2 from XP Home originally mean that the problem is to do with the OS.

Would it help to re-install or repair the OS assuming that this is the root of the problem?


A:Queried devices in device manager

Read other 6 answers

We have been seeing an abnormally high detections of reconnaissance of AD using the SAMR protocol.  According to the ATA documentation on Suspicious activity guide, it recommend using the SAMRi10 tool to block unauthorized queries.  We don't have
AD servers on Server 2016, but it appears that according the following we can do the same with manual registry changes -  https://docs.microsoft.com/en-us/windows/device-security/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.
We started of with auditing, to see how much activity would be blocked. Since the auditing we are getting dozens of events per second.  Is there an easy way of figuring out what on the machines are using the SAMR request? 

I have excluded the all GPOs for computer objects, and we only getting the request on logoff.

Read other answers

I need some help here on understanding this alert and to act upon. I know that this is to identify any AD enumerations from a threat actor perspective. I see lots of alerts from this. Need to figure out whether they are TPs. 

Read other answers

We are looking into activating the GPO setting "Restrict clients allowed to make remote calls SAM" to prevent recon attacks on our domain controllers. (SAMRi10)

I'm testing this GPO setting on a 2016 Domain Controller in a LAB environment using Audit Only Mode. When logging off from a domain joined Windows 10 system, a SAMR call is initiated by the SID of the useraccount which is going to logoff. (verified
by Network Monitor and Microsoft Message Analyzer captures).
Windows 2016 logon/logoff do not trigger a SAMR call to the DC.
Activating Audit Only Mode in a production environment will lead to a huge amount of audit events on the DC's at the end of the day when everybody is logging off from the Windows 10 clients. So this means every user needs to have SAMR access in
order to make the SAMR call at logoff, which makes the policy really useless on Domain Controllers. Next step is to disable Audit Only Mode to activate the SAMR policy: The question is, what will happen to the Windows 10 session / AD account if the SAMR calls
is blocked on logoff?
Is this SAMR call a piece of legacy code in Windows 10 or will it break something when blocking this SAMR call?

Read other answers

We just started to get these alerts.  We are getting a new one every 2 days or so on different workstations.  How can we determine what app is causing these alerts?  if they are false positives, stop the alerts?

Read other answers