[prev in list] [next in list] [prev in thread] [next in thread]
List: ntsecurity
Subject: RE: [NTSEC] registry security tool ?
From: "Carl L. Davis" <cdavis () NetSecureSolutions ! com>
Date: 1999-07-23 6:00:42
[Download RAW message or body]
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
---------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SeCEdit is a pretty cool tool - I use it quite a bit. I would
recommend modifying your SeCEdit produced .inf files and add
additional registry settings like protecting the WINREG key (easy 2
do), etc. and then create a batch like suggested.
The really cool part about the tool is that you can choose which areas
or area you want to modify such as SECURITYPOLICY, FILESTORE, REGKEYS,
etc. So...it is also great for quick updates of one or multiple areas
(pretty quick even remotely).
C'ya on the flipside
- -----Original Message-----
From: Paige Niederer [SMTP:PNIEDERER@ITC.NRCS.USDA.GOV]
Sent: Tuesday, July 20, 1999 3:10 PM
To: conan@compapp.dcu.ie; ntsecurity@iss.net
Subject: Re: [NTSEC] registry security tool ?
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
- ------------------------------------------------------------------------
- ---
I have been trying to learn how to use secedit and the Microsoft
Management Console (MMC). There is a Security Configuration Manager
snap-in that you snap into the MMC. This is available off of the
Service Pack resource kit CD and there is a white paper on "Microsoft
Security Configuration Manager for Windows NT 4". The theory is that
you create the security configuration you want and that gets saved
into an "inf" file. You then take that "inf" file and the secedit
command line tool and run secedit with the proper options to import
your "inf" file. You can then have this run from a batch file when
the system is rebooted or task it to run each night or whatever.
If you implement mandatory profiles on these systems then your
students couldn't change their desktop.
***********************************************************************
Paige A. Niederer Paige.Niederer@usda.gov
USDA - Natural Resources Conservation Service
(970)282-2462
Hardware Integration Laboratory fax
(970)282-1994
2625 Redwing Road, Suite 110
Fort Collins, CO 80526
>>> Conan Dalton <conan@compapp.dcu.ie> 07/19 7:00 AM >>>
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
- ------------------------------------------------------------------------
- ---
hello people
Is there a tool anywhere in the world that can apply security
settings to registries on multiple NT machines at once? ... or
alternatively, and even better, a command-line batch tool,
like "cacls", except it works on the registry not the filesystem?
Using such a tool, registry security can be applied during an
unattended installation, rather than manually afterwards.
NT resource kit registry security tools don't seem to be up
to much ... for example "reg.exe" is described as "a complete
command-line replacement for regedt32" but has no security
features. "Secadd.exe" removes "everyone" from selected
registry keys but doesn't remove "Interactive Users" which is
almost as bad in many cases where some form of write-access
is enabled.
I have a few hundred lab pc's regularly mauled by enthusiastic
students, every one of whom I'm sure will leap at any opportunity
to install BO and similar remote administration utilities. I also
need to control access to desktop icons. Can somebody save
me from the fate of having to hand-edit all those security settings?
yours
conan
!
!
!
!
!
!
!
!
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.3
iQA/AwUBN5gFCiRT2dWVdi1mEQJwjwCeIpdiV2OARa28mqBih8yTANJisiMAoOND
lXhN2YNmyPbhMI0gcju0C/P0
=jUhj
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic