RE: Windows 2000 Registry

["Andrew Specterman" <aspecterman () unlimited com>]

Welcome to the group

Group Policy editing for user and machine accounts is by far the best.

Removing access to regedit and regedt32 is the best way to stop access. Blocking access to the cmd.exe will prevent 
access to the command prompt, which is good in itself, but doesn't block access to the registry on its own. Command.com 
is needed and shouldn't be blocked from group policy.

Change the following key HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg to prevent the Everyone group 
access to the registry. This can be set remotely using regedit and adding the registry from another machine. 

I think that is about it.

Andrew Specterman
Infrastructure Specialist
Computers Unlimited
 


-----Original Message-----
From: Nicholas Russell [mailto:nbrussell () telstra com] 
Sent: 17 June 2003 06:15
To: security-basics () securityfocus com

Hello!

I'm a newbie to this list, and I'm honoured to be part of a group so 
willing to share its knowledge, time and altruism for the sake of 
ignorami like myself.

Can anyone recommend a good tool (or tools) for locking down or even 
encrypting the Windows 2000 registry at both the server and 
workstation levels? I figure that a good starting point would be to 
set up a policy removing access to cmd.exe and command.com as well as 
the ability to execute regedit and regedt32. I hate to leave myself 
open to all sorts of taunts and jeers, but is there anything more I 
can do?

Many Thanks in Advance,

- Nick Russell

 


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------





---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------