Security Basics mailing list archives
Re: Windows 2000 Registry
From: "Roger A. Grimes" <rogerg () cox net>
Date: Tue, 17 Jun 2003 13:03:56 -0400
Another thing you should do is to make sure you have tightened your registry permissions. There are several guides that you can google that tell you how to do this, including the guides at www.nsa.gov. If you don't tighten registry security, there are a number of ways software can still access it and cause problems. Here's a simple change anyone should make: Protect the Registry from Anonymous Access The default permissions do not restrict remote access to the registry. Only administrators should have remote access to the registry, because the Windows 2000 registry editing tools support remote access by default. To restrict network access to the registry: 1.. Add the following key to the registry: Hive HKEY_LOCAL_MACHINE \SYSTEM Key \CurrentControlSet\Control\SecurePipeServers Value Name \winreg 2.. Select winreg, click the Security menu, and then click Permissions. 3.. Set the Administrators permission to Full Control, make sure no other users or groups are listed, and then click OK. Good luck. Roger **************************************************************************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE (NT/2000), CNE (3/4), A+ *email: rogerg () cox net *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode **************************************************************************** ************* ----- Original Message ----- From: "Nicholas Russell" <nbrussell () telstra com> To: <security-basics () securityfocus com> Sent: Tuesday, June 17, 2003 1:15 AM Subject: Windows 2000 Registry Hello! I'm a newbie to this list, and I'm honoured to be part of a group so willing to share its knowledge, time and altruism for the sake of ignorami like myself. Can anyone recommend a good tool (or tools) for locking down or even encrypting the Windows 2000 registry at both the server and workstation levels? I figure that a good starting point would be to set up a policy removing access to cmd.exe and command.com as well as the ability to execute regedit and regedt32. I hate to leave myself open to all sorts of taunts and jeers, but is there anything more I can do? Many Thanks in Advance, - Nick Russell --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Windows 2000 Registry Nicholas Russell (Jun 17)
- Re: Windows 2000 Registry Birl (Jun 17)
- RE: Windows 2000 Registry dave kleiman (Jun 18)
- Re: Windows 2000 Registry Roger A. Grimes (Jun 17)
- <Possible follow-ups>
- RE: Windows 2000 Registry Andrew Specterman (Jun 17)
- RE: Windows 2000 Registry Bruyere, Michel (Jun 17)
- Re: Windows 2000 Registry Birl (Jun 17)