Re: Remote registry and security template

From: Steven L Umbach (n9rou@attbi.com)
Date: 03/25/03 

From: "Steven L Umbach" <n9rou@attbi.com>
Date: Tue, 25 Mar 2003 21:45:16 GMT

       You will lose functionality as far as managing computers in the
network remotely. I also know that you will not be able to access the wins
or rras mmc on a local machine with it disabled. Certainly it is fomenting
to consider to harden a computer in certain situations (dmz,etc). I notice
it still is an automatically enabled service on a Windows 2003 server, which
has disabled a LOT of services by default which leads me to believe this is
a service that provides a lot of functionality. I would recommend reviewing
hardening procedures at the Microsoft TechNet Security website for their
specific recommendations on this. -- Steve

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
default.asp
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B254192

"Serge Ayotte" <sayotte@hotmail.com> wrote in message
news:08b18v40p2fvp563qpc1qskugptaqmsucl@4ax.com...
> I am presently looking into hardening and security procedure in
> domains, and I am wondering...
>
> Most text I have seen, mentioned that we should disable the
> remoteregistry service, but in the security template of Microsoft I
> have seen, it puts it on automatics...
>
> Is there some sort of "hidden feature" that requires servers or DC to
> HAVE remoteregistry running??
>
> Thanks for any hints and tips.
>
> Serge Ayotte