Error in Security Configuration Manager

From: Sergey V. Gordeychik (gordey_at_INFOSEC.RU)
Date: 01/26/04

  • Next message: Russ: "Call for Papers: The First Conference on Email and Anti-Spam" 
    Date:         Mon, 26 Jan 2004 10:19:24 +0300
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    It's not security bug by it self, but can cause errors in system
    configuration.

    Quote from Q214752

    " The Security Configuration Manager (SCM) set of tools allows security
    administrators to define security templates that can be applied to
    individual machines or any number of machines via group policy. Security
    templates can contain password policies, lockout policies, kerberos
    policies, audit policies, event log settings, registry values, service
    startup modes, service permissions, user rights, group membership
    restrictions, registry permissions and file system permissions. "

    The scope of parameters can be extended by modify
    %systemroot%\sceregvl.inf file (
    http://support.microsoft.com/default.aspx?scid=kb;en-us;214752).

    But sceregvl.inf parser make no difference between "\" and "/" symbols.
    If registry value name include "/" symbol it'll interpreted as a key
    name and value name, segregated by "/".
    So, when you add to sceregvl.inf file parameter like

    MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters\TCP/IP
    Port,4,%String%,1

    SCM will create key

    MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters\TCP
    and value
    IP port
    instead of key
    MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters
    and value
    TCP/IP Port

    Solution:
    Use administrative templates (.adm files) instead.

    And as usual - sorry for my English.

    -----
    NTBugtraq Editor's Note:

    I'm looking for an event at which I can speak in Australia, specifically near Brisbase, as close to Christmas as possible. Anyone interested in flying me down under at that time, please contact me at Russ.Cooper@rc.on.ca
    -----

  • Next message: Russ: "Call for Papers: The First Conference on Email and Anti-Spam"

    Relevant Pages

    • RE: Mass Distribution of Security Policies
      ... It could start with a Network usage agreement, (Advisory Policy) to all ... Mass Distribution of Security Policies ...
      (Security-Basics)
    • RE: Security Policy-Please help
      ... your Masters in Systems & Network Security, ... Before you begin writing policies, you deffinetly want to make sure you've ... SANS Security Policy Project at http://www.sans.org/resources/policies/. ... L0phtcrack is one of the better tools for testing password ...
      (Security-Basics)
    • Re: Least User Priviledges for Network Administrators
      ... It makes sense to have a chain of command and approval policy to keep things ... the computer use policies, software purchasing policies, security ... upper management--both within the Network Technology group, ... driving the process of tightening down security. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Least User Priviledges for Network Administrators
      ... computer use policies, software purchasing policies, security policies, etc. ... management--both within the Network Technology group, and at the top of the ... Policy. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Question for Roger Abell
      ... may have been one about how to imprint the same local policy ... Notice that "local security ... I notice that my Local Security Policy contains Account Policies, ... The security template only contains Account Policies (which ...
      (microsoft.public.windows.group_policy)