Re: services running in windows domain (winXP clients)
From: Frank Knobbe (frank_at_knobbe.us)
Date: 12/27/04
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #220"
- In reply to: Mike Lyman: "Re: services running in windows domain (winXP clients)"
- Next in thread: Starks, Brad: "RE: services running in windows domain (winXP clients)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Mike Lyman <mikelyman-security@comcast.net> Date: Mon, 27 Dec 2004 12:35:08 -0600
On Wed, 2004-12-22 at 14:12 -0600, Mike Lyman wrote:
> Software restriction policies work both in the "allow all but..." and
> "allow none but..." The allow all should be the easier to test and
> configure but the other approach should work since only those things you
> allowed will run.
Are these restrictions limited to "applications" you run from Explorer,
or does it include any ".exe/.com/.dll" or otherwise executable files?
If enabled, do all required/desired services (like W32Time) have to be
explicitly listed as "allowed to execute" or is there some assumption
Windows makes about services and runs them by default? In that case,
software restrictions wouldn't be of help.
I agree with Christos that a Policy setting that says "All Services,
except the list below, are to be stopped/disabled" would be very useful
(just from a logic point of view).
Regards,
Frank
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #220"
- In reply to: Mike Lyman: "Re: services running in windows domain (winXP clients)"
- Next in thread: Starks, Brad: "RE: services running in windows domain (winXP clients)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
