Re: Windows 2000 SP2 local policy settings not stored using SIDs?
From: Information Security (InformationSecurity@FEDERATEDINV.COM)Date: 08/20/01
- Previous message: Russ: "New IIS Lockdown tool from Microsoft"
- Maybe in reply to: Eric Domazlicky: "Windows 2000 SP2 local policy settings not stored using SIDs?"
- Next in thread: Tony Chow: "Re: Windows 2000 SP2 local policy settings not stored using SIDs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <D5E5F4682E75D41185CD00D0B79DC56F04BB1A96@EXCHFED01.federatedinv.com> Date: Mon, 20 Aug 2001 10:09:00 -0400 From: Information Security <InformationSecurity@FEDERATEDINV.COM> Subject: Re: Windows 2000 SP2 local policy settings not stored using SIDs? To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
In the [Registry Keys], [File Security] and [Services] sections,
security configuration templates use other "shortcut" naming conventions
also.
These are the ones I've found hard-coded in valid .inf templates, and the
associated SID (I haven't tried to use them in the [Privilege Rights]
section):
id = AU|CG|CO|WD|IU|NU|SU|SY|S-...
AU=authenticated users (S-1-5-11)
CG=creator group (S-1-3-1)
CO=creator owner (S-1-3-0)
ED=enterprise domain controllers (S-1-5-9)
IU=interactive (S-1-5-4)
NU=network (S-1-5-2)
PS=self (S-1-5-10)
SU=service (S-1-5-6)
SY=system (S-1-5-18)
WD=everyone (S-1-1-0)
S-... = the actual sid
?BA=Local Administrators
The ID field is used in a few different places with security
settings, such as the owner of an entry, or the specific group to which a
policy
setting should apply.
These apply to SCE templates only, I haven't yet related them to the
group policy objects themselves. There may be others. I also found
it interesting that the following "standard" SIDs can be back-door'd
into the .inf, but don't have a shortcut:
Null SID S-1-0-0
Local SID S-1-2-0
Dialup S-1-5-1
Batch S-1-5-3
AnonymousLogon S-1-5-7
Terminal Server S-1-5-13
I'm working on a document that fully reverse-engineers security templates to
produce a simple readable delimited interpretation, it's impossible to dig
through
the GUI to find all the settings. The goal is to use Perl & the templates
to audit
our environment. If anyone's interested in some more of the findings or
would
like to help, drop me a line.
Thanks!
-----Original Message-----
From: Tony Chow [mailto:tchow@BLUETENTACLE.COM]
Sent: Friday, August 17, 2001 1:55 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Re: Windows 2000 SP2 local policy settings not stored using
SIDs?
Hello everyone, if I may chime in.
In my experience a security template in Windows 2000 always stores an
account/group by its SID given the account/group can be found on the
system/domain on which the template is created.
...
============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE
If you are worried about email viruses, you need Trend Micro ScanMail for
Exchange. ScanMail is the first antivirus solution that seamlessly
integrates with the Microsoft Exchange 2000 virus-scanning API 2.0. ScanMail
ensures 100% inbound and outbound email virus scanning and provides remote
software management. Download a FREE 30-day trial copy of ScanMail and find
out why it is the best:
http://www.antivirus.com/banners/tracking.asp?si=8&BI;=240&UL;=/smex2000
============================================================================
- Previous message: Russ: "New IIS Lockdown tool from Microsoft"
- Maybe in reply to: Eric Domazlicky: "Windows 2000 SP2 local policy settings not stored using SIDs?"
- Next in thread: Tony Chow: "Re: Windows 2000 SP2 local policy settings not stored using SIDs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
