Re: How can I disable network (type 3) Logon

From: Jim B (jamesbutton_at_cablei-net.co.uk)
Date: 03/18/04

  • Next message: Oli Restorick [MVP]: "Re: lost folder permissions - is a mass change possibe?" 
    Date: Thu, 18 Mar 2004 21:25:34 -0000

    Steven,

    Thanks for the IE advice - I'll have to think about that:-
        My concern is that if something gets at the favourites links it may
    harvest, and modify the links.

    I'm currently looking at the KB for information on how to
    disable/uninstall/whatever the TCP ports -
    If I can't find anything useful I'll probably have to get a firewall maybe
    even abuse the plastic and buy one

    -------------------------------------------

    Advice for all those who have got to the point where they rely on their PC
    for daily use,
    and have others (The children?) who also use the PC -
    I find the caddy idea is great for when the main PC has been hit by a system
    wiping virus or just had loads of the windows system files wiped -

    Either use a floppy or CD to boot and run a partition copy facility to copy
    my working copy of c: to the base drive,
    or - set the PC so it boots from the caddy drive if it's inserted
           (Primary (0) IDE cable for the caddy drive, and the secondary (1) for
    the normal drive)
    Then I can take MY copy of the OS out of the safe, re-place the damaged C:
       or just run my work, and lock the drive away again
       without using the copy of the OS that has been used for whatever the
    family wanted to play with

    - Not forgetting the backup/recovery diskettes for the BIOS, and hard drive
    partitioning
      and to keep each user's data on a separate logical drive - nothing on C:
    that doesn't form part of the OS
      Folder of shortcut on the desktop to the users data wherever it is so the
    user can easily copy the entries from their 'My Documents' area -
    It can be veerrrrry annoying to lose your profile, and have windows actually
    delete the "Documents and Settings" folder complete with all the user data.

    Thanks again

    James Button

    P.S. Still no more access attempts - looks like all I had to do was follow
    your advice -
            but I would still like to have the PC totally impervious to
    intrusion attempts.

    ------------------------------------------------------

    "Steven L Umbach" <sumbach@N0spam.ameritech.net> wrote in message
    news:uhMGZVRDEHA.2712@TK2MSFTNGP10.phx.gbl...
    > That sounds good. What I do for internet browsing is very similar to what
    > Windows 2003 Server uses for IE. I add my often used and highly trusted
    > sites to the "trusted" Web Content Zone where I set security at medium. I
    > set security at high for the internet zone. I set privacy [cookies] to at
    > least medium high and often high and again add my trusted sites to the
    > exempt list to allow cookies. In advanced settings I disable install on
    > demand third party and have temp files erased on closing the browser. The
    > downside is a bit of inconvenience if I am a site that does not work quite
    > right and I may need to temporaily relax settings, but at least if I find
    > myself in the wrong place due to a Google search I am pretty well
    protected.
    > Sounds like you have a good plan. --- Steve
    >
    >
    > "Jim B" <jamesbutton@cablei-net.co.uk> wrote in message
    > news:eG9$MGRDEHA.3016@TK2MSFTNGP11.phx.gbl...
    > > Yep - It's Norton AV, gonna install a firewall soon (ASAP)
    > > As you say - A can of worms -
    > > It's fairly easy to deal with virus and scripts etc. unless the user can
    > be
    > > fooled into clicking on the wrong bit of a message
    > > (which, from my impressions could be almost any part of a web page)
    > > It's the sneaky ones -
    > > as per the little x running a script,
    > > or a link running the proper link in it's background, passing on your
    > input,
    > > and their output as it logs your input
    > >
    > > I advise my associates and friends to:
    > >
    > > Maintain a written, and printed list of their bank and other 'private'
    > links
    > > so they always type them in.
    > > Never set remember for passwords
    > > Close any unusual windows by right click on the taskbar entry (or via
    task
    > > manager)
    > > Think up some good passwords and remember them so they have some
    > > pre-remembered before they have to use them
    > > Never click on any links unless they are certain the source of the link
    is
    > > from a recognised source,
    > > or they are on a fully recoverable system (e.g. at the local library,
    > or
    > > internet cafe)
    > > (so it will be a short while before I try the links you
    supplied)
    > >
    > > Seems the only way to be half way safe is to have 2 PC's (or separate
    > > caddy'd booting disks)
    > > One for your personal private things, and one for exploring, research
    > and
    > > email etc.
    > >
    > > Again, Thanks
    > >
    > > James Button
    > >
    > >
    > >
    > > "Steven L Umbach" <sumbach@N0spam.ameritech.net> wrote in message
    > > news:ey%232QyQDEHA.2404@TK2MSFTNGP11.phx.gbl...
    > > > OK. You mentioned "Norton" and I assumed that was a firewall and maybe
    > it
    > > is
    > > > not. A correctly configured firewall should protect you from internet
    > > > hackers trying to logon to your computer. You don't need file and
    print
    > > > sharing unless you are offering shares to other computers either on
    the
    > > lan
    > > > or over the internet via a VPN. The email issue is a whole other can
    of
    > > > worms. I use message rules, hardened Internet Explorer settings,
    Google
    > > > Toolbar pop up blocker, and my virus scanner to help me there. ---
    > Steve
    > > >
    > > > http://scan.sygatetech.com/ --- do a self scan assessment of your
    > > computer
    > > > from here.
    > > > http://www.microsoft.com/security/protect/
    > > >
    > > > "Jim B" <jamesbutton@cablei-net.co.uk> wrote in message
    > > > news:%23o8CKpQDEHA.3664@TK2MSFTNGP10.phx.gbl...
    > > > >
    > > > > Steve, Andy,
    > > > >
    > > > > Thanks for the response - I've done the NetBIOS Uninstall, and
    > hopefully
    > > > > that will stop those intrusion attempts
    > > > > (when I said the PC was stand-alone - I should, perhaps have
    mentioned
    > > its
    > > > > Broadband connection)
    > > > >
    > > > > Hopefully, having re-booted, that intrusion path in will be shut off
    > > > > (I'd already got the sharing - and 'NOT SHARED' all the drives).
    > > > > (30 minutes now, and nothing naughty showing in the event log)
    > > > >
    > > > > Now it's on to trying to find an automated way to determine which
    > emails
    > > > are
    > > > > valid, with correct links, and which are spoofed versions of common
    > > > bulletin
    > > > > board distributions with links to spamming and other naughty sites.
    > > > >
    > > > > Regards to all
    > > > >
    > > > > James Button
    > > > >
    > > > >
    > > > > "Steven L Umbach" <sumbach@N0spam.ameritech.net> wrote in message
    > > > > news:%23PjAhjPDEHA.580@TK2MSFTNGP11.phx.gbl...
    > > > > > Uninstall file and print sharing from your computer [you don't
    need
    > it
    > > > > > anyway], and disabled netbios over tcp in tcp/ip
    > > > properties/advanced/wins.
    > > > > > Those may be normal null sessions that windows networking uses for
    > > > things
    > > > > > like the browse list and since you have only one computer it would
    > be
    > > > the
    > > > > > master browser for your workgroup. I would be surprised if you are
    > > > seeing
    > > > > > those events from a source other that your local computer. ---
    > Steve
    > > > > >
    > > > > > "James Button" <jamesbutton@blueyonder.co.uk> wrote in message
    > > > > > news:fac501c40ce5$9fd75530$a101280a@phx.gbl...
    > > > > > > My stand-alone win2000 pro/Norton system is being probed
    > > > > > > with logon attempts trying Administrator, and NT AUTHORITY
    > > > > > > SYSTEM and ANONYMOUS.
    > > > > > >
    > > > > > > As this system is stand-alone, and should not be accessed
    > > > > > > via the lan or internet, it would appear that the logical
    > > > > > > thing is to disable all logon types except for
    > > > > > > the 'Interactive' Type 2
    > > > > > >
    > > > > > > While I am familiar with systems internals, I do not know
    > > > > > > the windows structures and controls, so could somebody
    > > > > > > Please, pretty, pretty please, provide either a link to a
    > > > > > > MS article detailing the process, or step by step process
    > > > > > > to disable all types except the keyboard /screen
    > > > > > > interactive logon.
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >

  • Next message: Oli Restorick [MVP]: "Re: lost folder permissions - is a mass change possibe?"
    Loading