Question Regarding Securing Critical Executables

From: John Redd (reddjohn@yahoo.com)
Date: 05/27/02 

Date: Sun, 26 May 2002 23:22:19 -0700 (PDT)
From: John Redd <reddjohn@yahoo.com>
To: focus-ms@securityfocus.com

To the list,

I would like post a question to the list regarding
their views and/or experiences restricting access to
critical executables.

Several Win2K/IIS5 hardening documents consider it
good practice (which I agree with) in moving and/or
removing SYSTEM permissions on a couple of dozen
executables (ftp.exe, cmd.exe, command.com, tftp.exe,
regedit.exe, etc) located within the \WINNT and
\WINNT\System32 directories to provide a layer of
defense should a compromise of the server, by whatever
reason, allow an attacker to gain SYSTEM level access.
 

My question is, what affect have people experienced
and what have they done to compensate for (by those
that have performed it) by removing the SYSTEM
permissions on the copies of the files stored in the
\WINNT\ServicePackFiles and \WINNT\System32\dllcache
directories? At a minimum, I imagine issues arising
with Windows File Protection and possibly when adding
components which look to these directories for their
source files.

Regards

John

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com