Re: Using Notepad To Add Registry Key/Value Pairs To Security Template .inf Files

From: Bill Tomlinson (BT_at_royce.biz)
Date: 06/25/03 

Date: Tue, 24 Jun 2003 15:56:33 -0700

Seaver,

This article addresses some of what I am trying to figure out. The article
actually describes a process for modifying the SCM UI, which will be
helpful.

What I still need some help with is determining the syntax that is being
used in "pre-existing" templates that come in Microsoft's Security Kit.
Specifically the baseline.inf file has several dozen lines written in it
that do not show up in the UI, and they appear to use some of the syntax
from the article you referred me to.

Here are the registry lines included the baseline.inf file; note these
entries either create non-existing values, or modify existing values. In
either case if you apply this template these entries do not show up in the
UI. My question is does the syntax from article 214752 apply here?

For example in line 1 below: does this mean the ScRemoveOption value will
be created/modifies and set to a RegistryType=1(REG_SZ), with a actual value
of 1 ??

Would you suggest that these be created as visible UI entries in the
Security Options section of the SCM, as the 2147532 article implies?

I seems as though this is a short-hand way of including these settings
without modifying the Sceregvl.inf (the long hand way, perhaps long term
more manageable), can you confirm?

Thanks

BT

[Registry Values]
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ScRemoveOption=1,1
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\CachedLogonsCount=1,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateFloppies=1,1
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateDASD=1,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateCDRoms=1,1
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNotic
eText=1,
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNotic
eCaption=1,
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDispla
yLastUserName=4,1
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD
=4,0
MACHINE\Software\Microsoft\Non-Driver Signing\Policy=3,1
MACHINE\Software\Microsoft\Driver Signing\Policy=3,2
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongK
ey=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrS
eal=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChan
nel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChan
nel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswor
dChange=4,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\Enabl
ePlainTextPassword=4,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\Requi
reSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\Enabl
eSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDiscon
nect=4,15
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForc
edLogOff=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSec
uritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecu
ritySignature=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\Memory
Management\ClearPageFileAtShutdown=4,1
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print
Services\Servers\AddPrinterDrivers=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,2
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,5
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,0
MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDe
mand=4,1
MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirec
t=4,0
MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFil
ters=4,1
MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect=
4,2
MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetec
t=4,0
MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscove
ry=4,0
MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime=4,3
00000
MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRo
uting=4,2
MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResp
onseRetransmissions=4,2
MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetrans
missions=4,3
MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDisc
overy=4,0
MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxPortsExhaus
ted=4,5
MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters\DynamicBacklogGrowt
hDelta=4,10
MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters\EnableDynamicBacklo
g=4,1
MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters\MinimumDynamicBackl
og=4,20
MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters\MaximumDynamicBackl
og=4,20000
MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCrea
tion=4,1
MACHINE\System\CurrentControlSet\Control\LSA\MSV1_0\NtlmMinServerSec=4,53687
0912
MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveT
ypeAutoRun=4,255
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWi
thoutLogon=4,0

""Seaver"" <seaverr@online.microsoft.com> wrote in message
news:kn3fAY4NDHA.1640@cpmsftngxa06.phx.gbl...
>
> Dear Bill,
>
> Thank you for your posting.
>
> According to your post, you want to know the syntax of adding registry
> values to security template.
>
> If I have misunderstood your concern please don't hesitate to let me know.
>
> Please refer to the following article for complete steps:
>
> 214752 How to Add Custom Registry Settings to Security Configuration
Editor
> http://support.microsoft.com/?id=214752
>
> Sincerely,
>
> Seaver Ren
>
> Product Support Services
> Microsoft Corporation
>
> Get Secure! - www.microsoft.com/security
>
>

Relevant Pages

  • Re: Restore a former User Account after OS reinstall?
    ... You need to be extremely careful when modifying the registry. ... Data for DefaultUserProfile to the other profile's current folder name ... They created a new User Account called "Owner"; ...
    (microsoft.public.windowsxp.general)
  • RE: Religion... was RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause
    ... From a good chunk of the Linux admins I know. ... lets say a new version of ipTables, am I not modifying things? ... One doesn't need to ignore security to choose other things. ... insecurity is one of the most important threats ...
    (Full-Disclosure)
  • Re: Saving attachments
    ... I don't recall the message discussing modifying the registry. ... > Dr. Indera wrote: ... > Express\5.0\Save Attachment Path ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Disabling the FTP Server
    ... I did this by modifying the file "Platform.reg". ... I found that the registry entry still had the value set to 1. ... I know some of the settings are stored in flash on the device. ...
    (microsoft.public.windowsce.embedded)
  • RE: mouse not working in Word & App not responding
    ... I found the answer with Terry and then Amy's ... post of 10/12/08 about modifying the registry. ... Why would Microsoft send an ...
    (microsoft.public.word.application.errors)