• Secure Print Driver Installation
  • The Schedule Service (AT Command)
  • Securing Windows nt installation




    Download 91 Kb.
    bet6/10
    Sana22.03.2020
    Hajmi91 Kb.
    #8500
    1   2   3   4   5   6   7   8   9   10

    Secure EventLog Viewing





    Completed

    Not implemented

    Not applicable

    STATUS









    Default configuration allows guests and null log ons ability to view event logs (system, and application logs). Security log is protected from guest access by default, it is viewable by users who have “Manage Audit Logs” user right. The Event log services use the following key to restrict guest access to these logs:




    Hive:

    HKEY_LOCAL_MACHINE

    Key:

    \System\CurrentControlSet\Services\EventLog\[LogName]

    Name:

    RestrictGuestAccess

    Type

    REG_DWORD

    Value:

    1

    Set the value for each of the logs to 1. The change takes effect on next reboot. Needless to say that you will have to change the security on this key to disallow everyone other than Administrators and System any access because otherwise malicious users can reset these values.


    Secure Print Driver Installation





    Completed

    Not implemented

    Not applicable

    STATUS









    Registry key AddPrinterDrivers under HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\Print\Providers\LanMan Print Services\Servers, Key value AddPrinterDrivers (REG_DWORD) is used to control who can add printer drivers using the print folder. This key value should be set to 1 to enable the system spooler to restrict this operation to administrators and print operators (on server) or power users (on workstation).




    Hive:

    HKEY_LOCAL_MACHINE

    Key:

    System\CurrentcontrolSet\Control\Print\Providers\LanMan Print Services\Servers

    Name:

    AddPrintDrivers

    Type

    REG_DWORD

    Value:

    1



    The Schedule Service (AT Command)





    Completed

    Not implemented

    Not applicable

    STATUS









    The Schedule service (also known as the AT command) is used to schedule tasks to run automatically at a preset time. Because the scheduled task is run in the context run by the Schedule service (typically the operating system's context), this service should not be used in a highly secure environment.

    By default, only administrators can submit AT commands. To allow system operators to also submit AT commands, use the Registry Editor to create or assign the following registry key value:


    Hive:

    HKEY_LOCAL_MACHINE\SYSTEM

    Key:

    \CurrentControlSet\Control\Lsa

    Name:

    Submit Control

    Type:

    REG_DWORD

    Value:

    1

    There is no way to allow anyone else to submit AT commands. Protecting the registry as explained earlier restricts direct modification of the registry key using the registry editor. Access to the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\Schedule should also be restricted to only those users/groups (preferrably Administrators only) that are allowed to submit jobs to the schedule service.

    The changes will take effect the next time the computer is started. You might want to update the Emergency Repair Disk to reflect these changes.



    Download 91 Kb.
    1   2   3   4   5   6   7   8   9   10




    Download 91 Kb.