RE: Registry LockdownFrom: Ralph M. Los (firstname.lastname@example.org)
- Previous message: Buba -: "How to get my encrypted files back."
- Maybe in reply to: Nick Patellis: "Registry Lockdown"
- Next in thread: Chris Savage: "Re: Registry Lockdown"
- Reply: Chris Savage: "Re: Registry Lockdown"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 21 Jan 2002 00:27:53 -0500 From: "Ralph M. Los" <email@example.com> To: "Chris Savage" <firstname.lastname@example.org>, "Darren W. MacDonald" <email@example.com>
Have any of you guys read last fall's Hacker's Quarterly? It describes
how to take down a Fortress 101. Just something you should know, the
script-kiddieZ *do* read that you know.
*-=- --rL \Ralph Los
*-=- \Information Security
::From: Chris Savage [mailto:firstname.lastname@example.org]
::Sent: Thursday, January 17, 2002 12:12 PM
::To: Darren W. MacDonald
::Cc: 'Nick Patellis'; email@example.com
::Subject: Re: Registry Lockdown
::Try Fortres Software Fortress 101. We use it at our school
::campuses to lock down computer labs for k-12 classes. Works
::like a charm. I rarely have to reload a computer anymore, and
::when I do it's usually due to a bad HD.
::"Darren W. MacDonald" wrote:
::> To prevent users from updating HKCU, use mandatory user
::profiles -- I
::> know of no easier way.
::> Have you examined your registry security to see where you're at
::> currently? DumpSec/DumpACL will do that for you. Then,
::close up as you
::> see fit, test, and open up as required. I can't really make
::> suggestions, as every environment is different.
::> Are any of your users Power Users or local Admins? If so,
::you've got a
::> bit of work ahead of you, and local Admins can go in and change the
::> ACLs after taking ownership.
::> This should be coupled with filesystem security (of course,
::> still throw apps in %TEMP%, or anywhere else they have write
::> access...). To prevent MSI's from running, use the MSI security
::> features via AD, policies, or registry settings, based on your
::> situation. See the Windows Installer SDK for details.
::> Keep in mind that you'll never stop everything unless you specify
::> "approved applications" to run via policy or AD -- and this is just
::> ugly. There are lots of apps out there that don't use the registry,
::> just .INI files or their own proprietary settings file.
::> don't require setup to be run -- WinZip is an example of an
::> you can copy in the folder to anywhere, run the executable,
::> installed. <sigh>
::> Good luck!
::> > -----Original Message-----
::> > From: Nick Patellis [mailto:firstname.lastname@example.org]
::> > Sent: Wednesday, January 16, 2002 1:30 PM
::> > To: email@example.com
::> > Subject: Registry Lockdown
::> > We are researching locking down the registry
::> > (primarily HKEY_LOCAL_MACHINE) on our user
::> > Win2K desktops. I would like to get some feedback
::> > who maybe doing this and which keys are being locked down. Our
::> > primary reason for this is to prevent unauthorized (MSI, web and
::> > home
::> > grown) SW from being installed.
::> > Thanks