|
Focus on Microsoft
RE: services running in windows domain (winXP clients) Dec 15 2004 09:16AM Burak Bayoglu (bayoglu uekae tubitak gov tr) (2 replies) RE: services running in windows domain (winXP clients) Dec 15 2004 06:12PM Triantafyllidis Christos (ctria physics auth gr) (1 replies) RE: services running in windows domain (winXP clients) Dec 15 2004 05:43PM Mark Burnett (mb xato net) (1 replies) RE: services running in windows domain (winXP clients) Dec 15 2004 06:16PM Triantafyllidis Christos (ctria physics auth gr) (2 replies) Re: services running in windows domain (winXP clients) Dec 16 2004 09:32PM Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) RE: services running in windows domain (winXP clients) Dec 16 2004 02:14AM dave kleiman (dave isecureu com) |
|
|
Privacy Statement |
A suggestion :
From the logon script you can initiate 'secedit /analyze' on your XP
clients. By scanning log files generated by secedit, you have enough
information about if an XP PC conforms to your security requirements. That
kind of analysis can be scheduled locally as well, if you can't count on
effectiveness of logon scripts as a security check/enforcement mechanism.
Rgrds
Tevfik Karagulle
ITeF!x Consulting
http://itefix.no
------------------------------------------------------------------------
----
-------------------------------
Secedit
Configures and analyzes system security by comparing your current
configuration to at least one template.
To view the command syntax, click a command:
secedit /analyze
Syntax
secedit /analyze /db FileName [/cfg FileName] [/log FileName] [/quiet]
Parameters
/db FileName
Required. Specifies the path and file name of a database that contains the
stored configuration against which the analysis will be performed. If
FileName specifies a new database, the /cfg FileName command-line option
must also be specified.
/cfg FileName
Specifies the path and file name for the security template that will be
imported into the database for analysis. This command-line option is only
valid when used with the /db parameter. If this is not specified, the
analysis is performed against any configuration already stored in the
database.
/log FileName
Specifies the path and file name of the log file for the process. If this is
not provided, the default log file is used.
/quiet
Suppresses screen and log output. You can still view analysis results by
using Security Configuration and Analysis.
> -----Opprinnelig melding-----
> Fra: Triantafyllidis Christos [mailto:ctria (at) physics.auth (dot) gr [email concealed]]
> Sendt: 15. desember 2004 19:12
> Til: Burak Bayoglu
> Kopi: focus-ms (at) securityfocus (dot) com [email concealed]
> Emne: RE: services running in windows domain (winXP clients)
>
>
> As far as I know trojans copies themselves in c:\windows or its
> subfolders. i don't think it is a good to set everyone - deny on
> c:\windows. :)
>
> restricting execution means that i should know the trojans... (i don't
> know them all)
>
> F-secure antivirus full updated didn't find the trojan.
>
> Thanks for the help
>
> Christos Triantafyllidis
>
> On Wed, 15 Dec 2004, Burak Bayoglu wrote:
>
> > As far as I know, DCs only list the services on itself and allows to
> > configure the services policy for these ones. Another alternative is
> > that if you know the exact path where the executable of the trojan is
> > placed, you can use "File System" to give "everyone - deny" rights to
> > the file. You may need to create a dummy file on DC to configure thsi
> > setting. Or you can restrict the execution of this program using GP
> > again. As a result the service will not be run by the client next time.
> > As a better solution, you must use an effective anti-virus software to
> > protect against well known trojan and virus programs.
> >
> >
> > Burak BAYOGLU
> > TUBITAK UEKAE
> > Network Security
> > Senior Researcher
> > CISA, CISSP
> >
> >
> > -----Original Message-----
> > From: Christos Triantafyllidis [mailto:ctria (at) physics.auth (dot) gr [email concealed]]
> > Sent: Thursday, December 09, 2004 11:41 PM
> > To: focus-ms (at) securityfocus (dot) com [email concealed]
> > Subject: services running in windows domain (winXP clients)
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Is there any way to allow only specific services to run at win
> > XP clients through domain group policy?
> >
> > The services rule in group policy allows configure only on the
> > specified services.
> >
> > What if there is a Trojan (or any other unknown program for the
> > server group policy) that adds a service in windows xp? can we
> > possible disable all services except the ones we want to run?
> >
> > Thanks,
> >
> > Christos Triantafyllidis
> >
> > - --
> > PGP key : http://tassadar.physics.auth.gr/~ctria/pgp_public_key.asc
> > MD5sum : *b426d395137af5d2a42c88840e131a5e
> > pgp_public_key.asc* -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.6 (GNU/Linux)
> > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> >
> > iD8DBQFBuMYsJmvANO7gN+YRAnZZAJ9G8ucOM6jNAXXHrKyP2tx04iky3gCeLe90
> > /5QboRtTBNj5WOSr2xPyJHI=
> > =0QDX
> > -----END PGP SIGNATURE-----
> >
> >
> > ----------------------------------------------------------------
> > -----------
> > ----------------------------------------------------------------
> > -----------
> >
> >
> >
>
> ------------------------------------------------------------------
> ---------
> ------------------------------------------------------------------
> ---------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]