Re: Windows 2000 Registry

["Roger A. Grimes" <rogerg () cox net>]

Another thing you should do is to make sure you have tightened your registry
permissions.  There are several guides that you can google that tell you how
to do this, including the guides at www.nsa.gov.

If you don't tighten registry security, there are a number of ways software
can still access it and cause problems.

Here's a simple change anyone should make:

Protect the Registry from Anonymous Access
The default permissions do not restrict remote access to the registry. Only
administrators should have remote access to the registry, because the
Windows 2000 registry editing tools support remote access by default. To
restrict network access to the registry:

  1.. Add the following key to the registry:
        Hive  HKEY_LOCAL_MACHINE \SYSTEM
        Key  \CurrentControlSet\Control\SecurePipeServers
        Value Name  \winreg

  2.. Select winreg, click the Security menu, and then click Permissions.
  3.. Set the Administrators permission to Full Control, make sure no other
users or groups are listed, and then click OK.

Good luck.

Roger

****************************************************************************
****
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE (NT/2000), CNE (3/4), A+
*email: rogerg () cox net
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode
****************************************************************************
*************

----- Original Message ----- 
From: "Nicholas Russell" <nbrussell () telstra com>
To: <security-basics () securityfocus com>
Sent: Tuesday, June 17, 2003 1:15 AM
Subject: Windows 2000 Registry


Hello!

I'm a newbie to this list, and I'm honoured to be part of a group so
willing to share its knowledge, time and altruism for the sake of
ignorami like myself.

Can anyone recommend a good tool (or tools) for locking down or even
encrypting the Windows 2000 registry at both the server and
workstation levels? I figure that a good starting point would be to
set up a policy removing access to cmd.exe and command.com as well as
the ability to execute regedit and regedt32. I hate to leave myself
open to all sorts of taunts and jeers, but is there anything more I
can do?

Many Thanks in Advance,

- Nick Russell




---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------