|
Default configuration allows guests and null log ons ability to view event logs (system, and application logs). Security log is protected from guest access by default, it is viewable by users who have “Manage Audit Logs” user right. The Event log services use the following key to restrict guest access to these logs:
Hive:
|
HKEY_LOCAL_MACHINE
|
Key:
|
\System\CurrentControlSet\Services\EventLog\[LogName]
|
Name:
|
RestrictGuestAccess
|
Type
|
REG_DWORD
|
Value:
|
1
|
Set the value for each of the logs to 1. The change takes effect on next reboot. Needless to say that you will have to change the security on this key to disallow everyone other than Administrators and System any access because otherwise malicious users can reset these values.
|
Completed
|
Not implemented
|
Not applicable
|
STATUS
|
|
|
|
Registry key AddPrinterDrivers under HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\Print\Providers\LanMan Print Services\Servers, Key value AddPrinterDrivers (REG_DWORD) is used to control who can add printer drivers using the print folder. This key value should be set to 1 to enable the system spooler to restrict this operation to administrators and print operators (on server) or power users (on workstation).
Hive:
|
HKEY_LOCAL_MACHINE
|
Key:
|
System\CurrentcontrolSet\Control\Print\Providers\LanMan Print Services\Servers
|
Name:
|
AddPrintDrivers
|
Type
|
REG_DWORD
|
Value:
|
1
|
The Schedule Service (AT Command)
|
Completed
|
Not implemented
|
Not applicable
|
STATUS
|
|
|
|
The Schedule service (also known as the AT command) is used to schedule tasks to run automatically at a preset time. Because the scheduled task is run in the context run by the Schedule service (typically the operating system's context), this service should not be used in a highly secure environment.
By default, only administrators can submit AT commands. To allow system operators to also submit AT commands, use the Registry Editor to create or assign the following registry key value:
Hive:
|
HKEY_LOCAL_MACHINE\SYSTEM
|
Key:
|
\CurrentControlSet\Control\Lsa
|
Name:
|
Submit Control
|
Type:
|
REG_DWORD
|
Value:
|
1
|
There is no way to allow anyone else to submit AT commands. Protecting the registry as explained earlier restricts direct modification of the registry key using the registry editor. Access to the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\Schedule should also be restricted to only those users/groups (preferrably Administrators only) that are allowed to submit jobs to the schedule service.
The changes will take effect the next time the computer is started. You might want to update the Emergency Repair Disk to reflect these changes.
| 