RE: local admin compromised
From: DE VILLIERS IAN (ian.devilliers@bmw.co.za)Date: 11/14/01
- Previous message: Nina V. Levitin: "RE: Password management WAS: local admin compromised"
- Maybe in reply to: CHRIS GRABENSTEIN: "local admin compromised"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <4A8E2E6FBFC0D511B0590008C7336EA00E3DFF@zaexc8.w9> From: DE VILLIERS IAN <ian.devilliers@bmw.co.za> To: "'cds@leafgrove.com'" <cds@leafgrove.com> Subject: RE: local admin compromised Date: Wed, 14 Nov 2001 08:17:00 +0200
Although you talk about "breaking" the event log, it is possible to disable
it by using the registry editor.
This can be done by opening HKLM\System\CurrentControlSet\Services\Eventlog.
Changing the value of the "Start" key to 4 disables a service. This would
mean that the service would remain disabled through a reboot until the key
is set back to the original value.
Theoretically, this would also mean that the Event log files are not locked
and it should be possible for a "dummy" event log to be uploaded, although I
have not tried this.
Just my two cents...
Regards,
Ian de Villiers
- Previous message: Nina V. Levitin: "RE: Password management WAS: local admin compromised"
- Maybe in reply to: CHRIS GRABENSTEIN: "local admin compromised"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
