RE: Registry Lockdown

From: Ralph M. Los (ralph@boundariez.com)
Date: 01/21/02


Date: Mon, 21 Jan 2002 00:27:53 -0500
From: "Ralph M. Los" <ralph@boundariez.com>
To: "Chris Savage" <chris.savage@weblinkwireless.com>, "Darren W. MacDonald" <darrydoo@aci.on.ca>

Have any of you guys read last fall's Hacker's Quarterly? It describes
how to take down a Fortress 101. Just something you should know, the
script-kiddieZ *do* read that you know.

Cheers,
  --rL

./
./
*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*
*-=- --rL \Ralph Los
*-=- \Information Security
*-=- \ralph@boundariez.com
*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*

::-----Original Message-----
::From: Chris Savage [mailto:chris.savage@weblinkwireless.com]
::Sent: Thursday, January 17, 2002 12:12 PM
::To: Darren W. MacDonald
::Cc: 'Nick Patellis'; focus-ms@securityfocus.com
::Subject: Re: Registry Lockdown
::
::
::Try Fortres Software Fortress 101. We use it at our school
::campuses to lock down computer labs for k-12 classes. Works
::like a charm. I rarely have to reload a computer anymore, and
::when I do it's usually due to a bad HD.
::
::"Darren W. MacDonald" wrote:
::>
::> To prevent users from updating HKCU, use mandatory user
::profiles -- I
::> know of no easier way.
::>
::> Have you examined your registry security to see where you're at
::> currently? DumpSec/DumpACL will do that for you. Then,
::close up as you
::> see fit, test, and open up as required. I can't really make
::specific
::> suggestions, as every environment is different.
::>
::> Are any of your users Power Users or local Admins? If so,
::you've got a
::> bit of work ahead of you, and local Admins can go in and change the
::> ACLs after taking ownership.
::>
::> This should be coupled with filesystem security (of course,
::users can
::> still throw apps in %TEMP%, or anywhere else they have write
::> access...). To prevent MSI's from running, use the MSI security
::> features via AD, policies, or registry settings, based on your
::> situation. See the Windows Installer SDK for details.
::>
::> Keep in mind that you'll never stop everything unless you specify
::> "approved applications" to run via policy or AD -- and this is just
::> ugly. There are lots of apps out there that don't use the registry,
::> just .INI files or their own proprietary settings file.
::Finally, lots
::> don't require setup to be run -- WinZip is an example of an
::app where
::> you can copy in the folder to anywhere, run the executable,
::and it's
::> installed. <sigh>
::>
::> Good luck!
::>
::> HTH
::> Darren
::>
::> > -----Original Message-----
::> > From: Nick Patellis [mailto:npatellis@thefund.com]
::> > Sent: Wednesday, January 16, 2002 1:30 PM
::> > To: focus-ms@securityfocus.com
::> > Subject: Registry Lockdown
::> >
::> >
::> >
::> > We are researching locking down the registry
::> > (primarily HKEY_LOCAL_MACHINE) on our user
::> > Win2K desktops. I would like to get some feedback
::concerning others
::> > who maybe doing this and which keys are being locked down. Our
::> > primary reason for this is to prevent unauthorized (MSI, web and
::> > home
::> > grown) SW from being installed.
::> >
::> > Thanks
::



Relevant Pages

  • Re: Running Office XP and Office 2007
    ... Office XP does recognise that Word registry key too, ... none of the other apps now come up "Windows is now ... The installer starting is 'normal' behavior when you run multiple Office versions (a practice MS recognizes but doesn't recommend ... Windows XP, they may vary slightly in Windows Vista. ...
    (microsoft.public.office.setup)
  • RE: Registry Lockdown
    ... Have you examined your registry security to see where you're at ... This should be coupled with filesystem security (of course, ... still throw apps in %TEMP%, or anywhere else they have write access...). ... Installer SDK for details. ...
    (Focus-Microsoft)
  • Re: Windows Installer question
    ... There are lots of apps that track changes to the Registry and the file ... If the manufacturer doesn't help, ... A consistent error the application's installer reports is: ...
    (microsoft.public.windowsxp.general)
  • Re: Windows on C:, and apps on D:?
    ... partition and your apps on the D: ... because the registry and other possible configuration files ... ability to independently restore OS/registry, Apps, and Data. ... because that prevents reliable backup of ALL the settings. ...
    (comp.sys.ibm.pc.hardware.storage)
  • Re: office update is unable to check for updates
    ... Windows Installer version 1.0 to Windows Installer version 1.1. ... Here is another post I saw on the forums that seems to have work for other users, but it requires advanced knowledge of the OS, basically registry editing, so please be careful if you try it. ... we need to manually delete all the registry keys for Office. ...
    (microsoft.public.officeupdate)