No security experience here, but I am a cautious, new user of XP Pro.
In exploring ways to secure the OS, on a client machine, a note about
ways to hide UserNames through registry settings caught my attention. (
http://is-it-true.org/nt/xp/registry/rtips13.shtml ). Checking the
indicated registry key I found seven (7!) "hidden" users - more than I
am comfortable with. One of these is TsInternetUser. (NetShowServices
and SQLAgentCmdExec are others, I see no use at this time for any of
these facilities on this single user, non networked machine.)
I find BOTH Microsoft Terminal Services and Microsoft Windows Networking
containing a "workgroup" in "My Network Places". It is not my intent,
yet, to run a network on this machine, so if possible these should be
killed, if possible.
The "Common Security Guide" for Win 2K indicates that the TsInternetUser
account should be disabled
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu
rity/issues/w2kccscg/w2kscgcd.asp
) . No reason to think less would be true in XP.
Yet, and this amplifies my concern, the procedure for disabling the
account uses the "Local Users and Groups" folder within System Tools \
Computer Management. Naturally, the account does not show there.
Two possible reasons occur to me and both are problematic. 1) XP may
automatically hide the TsInternetUser account - that violates MS's own
direction that the account should be disabled as well as MS's own
procedure for doing so. 2) The account may have been established, and
hidden, to give someone other than myself access to the machine through
Terminal Services, without my ever noting the account's existence or
taking action to disable it.
I had, just a few days ago, already disabled Terminal Services and its
dependents on this machine through a hardware profile setting in
"Services", yet today I find it active, and the profile settings altered
to enable it in the profile.
If you would, I'd be interested in any information comments or advice
you have about what actions I should take. I intend to disable Terminal
Services (again) and to try to get the TsInternetUser account to show
in Users so I can disable the account there. Failiing that I will
Google for a registry tweak to disable user accounts, and do it in the
registry.
Then on to the other two user accounts which are both hidden and
associated with unused services.
http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ms/2002-12/00
58.html
No security experience here, but I am a cautious, new user of XP Pro.
In exploring ways to secure the OS, on a client machine, a note about
ways to hide UserNames through registry settings caught my attention. (
http://is-it-true.org/nt/xp/registry/rtips13.shtml ). Checking the
indicated registry key I found seven (7!) "hidden" users - more than I
am comfortable with. One of these is TsInternetUser. (NetShowServices
and SQLAgentCmdExec are others, I see no use at this time for any of
these facilities on this single user, non networked machine.)
I find BOTH Microsoft Terminal Services and Microsoft Windows Networking
containing a "workgroup" in "My Network Places". It is not my intent,
yet, to run a network on this machine, so if possible these should be
killed, if possible.
The "Common Security Guide" for Win 2K indicates that the TsInternetUser
account should be disabled
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu
rity/issues/w2kccscg/w2kscgcd.asp
) . No reason to think less would be true in XP.
Yet, and this amplifies my concern, the procedure for disabling the
account uses the "Local Users and Groups" folder within System Tools \
Computer Management. Naturally, the account does not show there.
Two possible reasons occur to me and both are problematic. 1) XP may
automatically hide the TsInternetUser account - that violates MS's own
direction that the account should be disabled as well as MS's own
procedure for doing so. 2) The account may have been established, and
hidden, to give someone other than myself access to the machine through
Terminal Services, without my ever noting the account's existence or
taking action to disable it.
I had, just a few days ago, already disabled Terminal Services and its
dependents on this machine through a hardware profile setting in
"Services", yet today I find it active, and the profile settings altered
to enable it in the profile.
If you would, I'd be interested in any information comments or advice
you have about what actions I should take. I intend to disable Terminal
Services (again) and to try to get the TsInternetUser account to show
in Users so I can disable the account there. Failiing that I will
Google for a registry tweak to disable user accounts, and do it in the
registry.
Then on to the other two user accounts which are both hidden and
associated with unused services.
Thanks for any help you can give me.
Jim Pivonka
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]