Re: Security template crashed apps

From: C Hall (someone_at_microsoft.com)
Date: 04/07/05 

Date: Thu, 7 Apr 2005 16:28:55 -0400

Thanks for the reply.

I decided I'm going to setup a dummy machine and build the template from
scratch :-<, that way when I go down the line, section by section, I can see
which section or setting is causing the problem. The server that these apps
(at least a couple of them...) are trying to access is an AS/400. I know
that there are several settings that pertain to communication and such, like
LAN Manager authentication level, reference to named pipes (which we do have
a couple of sql apps...not sure if one of those broke or not). I'm just
thinking that in the File System or Registry sections, permissions got
tightened and that these apps need to be able to write to a temp folder or
something like that. The other program gave an error referencing Paradox. I
think it needed to be able to write a file somewhere also. Looking at logs
on the machines, I didn't see anything that could be a cause. BTW, all
machines are Windows 2000 Pro. I'll take a look at the registry key
permissions you mention below. Any other suggestions are welcome and I'll
post back any results from testing I do.

Chris

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:ye6dnSk0TJl8GcjfRVn-sg@comcast.com...
> From what I can see that security template does not do much. It does
however
> change the user rights for access this computer from the network and logon
> locally though I really doubt that those would be an issue. What I would
try
> is to add the everyone group to access this computer from the network on a
> computer to see if that makes a difference. It does not change any
services
> or file system. It does change permissions to a number of keys under
> MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\* if you look at the
> template, even if you open it with notepad. You can enable auditing of
> object access for failure on a computer and then audit those registry keys
> to see if access is being denied. --- Steve
>
>
> "C Hall" <someone@microsoft.com> wrote in message
> news:OYX$HH3OFHA.3388@TK2MSFTNGP10.phx.gbl...
> > Steven,
> >
> > I applied W2KHG-MemberWKS. I'll take a look at the logs and post any
> > further
> > questions.
> >
> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > news:O6IMJPxOFHA.3356@TK2MSFTNGP12.phx.gbl...
> >> What template did you apply?? It may not be a file/registry permission
> >> problem. Check the application, security, and system logs on one of
those
> >> workstations to see if any helpful information has been recorded there.
> > You
> >> can open the security template in the Security Configuration and
Analysis
> >> mmc snapin tool [see link below] to see what is configured in it and
also
> >> run an analysis of that template on a computer where you have not
> >> applied
> >> it yet to see what changes it makes to security policy. --- Steve
> >>
> >>
> >
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/seconfig.mspx
> >>
> >> "C Hall" <someone@microsoft.com> wrote in message
> >> news:%23F1gn5tOFHA.4000@TK2MSFTNGP15.phx.gbl...
> >> > Hi all,
> >> >
> >> > I was in the process of implementing the W2K Hardening templates on
> >> > some
> >> > workstations, but ran into some problems with third party apps. I got
a
> >> > variety of errors, one app in particular needs to be able to connect
to
> >> > the
> >> > server via UNC path. Not sure what port it uses. Two of the apps
> >> > connect
> >> > to
> >> > a server and return data files (one of those, an image file). Can
> >> > anyone
> >> > render a guess about how the File System and Registry are changed
> >> > (roughly...) with the Hardening templates?
> >> >
> >> >
> >> > Thanks,
> >> > Chris
> >> >
> >> >
> >>
> >>
> >
> >
>
>

Relevant Pages

  • RE: RPc server is unavailable since SP1
    ... I finally called Tech Support and we found out that there is a hotfix out ... In the Launch and Activation Permissions area, ... > IV. Please change permissions on the Workstation Authentication template to ... > that you want to autoenroll) enable autoenrollment by navigating to the ...
    (microsoft.public.windows.server.sbs)
  • Re: How to modify program files in Vista?
    ... create it within HKLM and change the permissions. ... INI files have the advantage that most users with access to notepad can ... Security policies ... We were writing a module that validated device drivers found on target machines against ...
    (microsoft.public.vc.mfc)
  • Re: Windows user controls in a web page: Security
    ... I then tried on more machines (I was using 3 real ... Create a windows user control, ... Select the permissions your control will need and then click "Add ... use "URL", for example, to only authorize assemblies coming from one URL. ...
    (microsoft.public.dotnet.security)
  • Re: Customzing Security Template Files
    ... I tried my template editing steps with an XPSP2 ... permissions dialog box when you configure a service and you don't end up ... > As you work with the Security Templates and the Security Configuration ... >> Windows Server 2003 given the version of guide you mention). ...
    (microsoft.public.security)
  • Re: Customzing Security Template Files
    ... You are welcome Shawn. ... I tried my template editing steps with an XPSP2 ... > permissions dialog box when you configure a service and you don't end up ... >> As you work with the Security Templates and the Security Configuration ...
    (microsoft.public.security)