Security Basics mailing list archives
RE: Windows 2000 Registry
From: "Andrew Specterman" <aspecterman () unlimited com>
Date: Tue, 17 Jun 2003 16:54:51 +0100
Welcome to the group Group Policy editing for user and machine accounts is by far the best. Removing access to regedit and regedt32 is the best way to stop access. Blocking access to the cmd.exe will prevent access to the command prompt, which is good in itself, but doesn't block access to the registry on its own. Command.com is needed and shouldn't be blocked from group policy. Change the following key HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg to prevent the Everyone group access to the registry. This can be set remotely using regedit and adding the registry from another machine. I think that is about it. Andrew Specterman Infrastructure Specialist Computers Unlimited -----Original Message----- From: Nicholas Russell [mailto:nbrussell () telstra com] Sent: 17 June 2003 06:15 To: security-basics () securityfocus com Hello! I'm a newbie to this list, and I'm honoured to be part of a group so willing to share its knowledge, time and altruism for the sake of ignorami like myself. Can anyone recommend a good tool (or tools) for locking down or even encrypting the Windows 2000 registry at both the server and workstation levels? I figure that a good starting point would be to set up a policy removing access to cmd.exe and command.com as well as the ability to execute regedit and regedt32. I hate to leave myself open to all sorts of taunts and jeers, but is there anything more I can do? Many Thanks in Advance, - Nick Russell --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Windows 2000 Registry Nicholas Russell (Jun 17)
- Re: Windows 2000 Registry Birl (Jun 17)
- RE: Windows 2000 Registry dave kleiman (Jun 18)
- Re: Windows 2000 Registry Roger A. Grimes (Jun 17)
- <Possible follow-ups>
- RE: Windows 2000 Registry Andrew Specterman (Jun 17)
- RE: Windows 2000 Registry Bruyere, Michel (Jun 17)
- Re: Windows 2000 Registry Birl (Jun 17)