Re: Windows Management Instrumentation
From: Torgeir Bakken (MVP) (Torgeir.Bakken-spam_at_hydro.com)
Date: 01/22/04
- Next message: Gerry Cornell: "Re: Ad-aware [01R248] 20.10.2004"
- Previous message: Torgeir Bakken (MVP): "Re: Security Patches"
- In reply to: shadowriath_at_hotmail.com: "Windows Management Instrumentation"
- Next in thread: anonymous_at_discussions.microsoft.com: "Windows Management Instrumentation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Jan 2004 03:45:46 +0100
shadowriath@hotmail.com wrote:
> WMI brings up system information inclueding username, this
> can even be done remotely. A hacker with the right app
> can open this service on your system and have more then
> half info he needs to log in.
>
> 1: Is there a reason to have this service running at all?
Yes, the system is using it for lot of things.
> 2: If it is required to run the system for some strange
> reason, is there a setting to disallow any veiwing of it?
WMI is a DCOM application, and you should do the lockdown on the DCOM side
of WMI:
Securing Remote Management with WMI
http://www.mcpmag.com/columns/article.asp?EditorialsID=381
COM Security in Practice
http://msdn.microsoft.com/library/en-us/dncomg/html/msdn_practicom.asp
-- torgeir Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter
- Next message: Gerry Cornell: "Re: Ad-aware [01R248] 20.10.2004"
- Previous message: Torgeir Bakken (MVP): "Re: Security Patches"
- In reply to: shadowriath_at_hotmail.com: "Windows Management Instrumentation"
- Next in thread: anonymous_at_discussions.microsoft.com: "Windows Management Instrumentation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
