|
-
January 28th, 2003, 01:26 AM
#11
Senior Member
i like to go to www.tweakxp.com aswell not only does it have some security tweaks but tweaks for the look and feel and the performance of WindowsXP 
Just because you don\'t see it doesn\'t mean it\'s not there
-
January 28th, 2003, 02:31 AM
#12
In addition to the guest account, i found 3 additional accounts on my system, HelpAssisant, described as a "Remote Desktop Help Assistant Account", SUPPORT_388945a0, desc. "CN=Microsoft Corporation, L=Redmond,S=Washington, C=US", and VUSR_(my user name) desc VSA Server Account. ( a Vis Studio Analyzer server acct.) I disabled those as well.
:q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)
-
January 28th, 2003, 02:48 AM
#13
Not sure what that second one does, but the first one is for the Interactive Remote Help thing that MS has on their WinXP Pro boxes. It's basically where you open up a port, let a MS tech person in, and they can see everything that you are doing and can instruct you that way, thus making it easier than just relying on descriptions from the caller/chatter. Just figured I'd tell ya what that was for, in case you want to re-enable it sometime if you have trouble.
-
January 30th, 2003, 05:42 PM
#14
nah, rather die than seek help from micro$atan. (besides, they wouldn't approve of how I obtained their OS)
:q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)
-
April 25th, 2003, 06:03 PM
#15
One of the better reads on securing an Microsoft Operating System.
I have an offline copy of this file and its a great referance after install.
I just reinstalled my XP box.
Using this text and some more referances, this is what my netstat -an gives me:
Before:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1035 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
TCP 169.254.187.3:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:1036 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP 169.254.187.3:123 *:*
UDP 169.254.187.3:137 *:*
UDP 169.254.187.3:138 *:*
UDP 169.254.187.3:1900 *:*
After:
Active Connections
Proto Local Address Foreign Address State
thanks.
-
April 25th, 2003, 08:22 PM
#16
Nice tutorial....
One thing that you may want to reconsider is EFS. It is based on a public/private key pair that is tied to each user account. The problem with this is that it is not designed to keep multiple users on the same box from seeing eachother's files. The other problem is that in order to make EFS work, you need to have a Recovery Agent. By default, this is the admin account. Now, if I get my hands on your server and I use a handy NT/W2K password reset diskette, I can look at *any* encrypted file even though I have changed the account password. Some may say that you can use a password floppy but this is also easilty defeated.
Anyway, just my two cents on EFS. You can read more about it here:
http://www.microsoft.com/windows2000...ty/encrypt.asp
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
April 25th, 2003, 10:10 PM
#17
Not sure if its still true but last time I played with efs, if you copied a file to a floppy drive it decrypted, and every time you moved it an unencrypted file was put in the temp directory...It also decrypted if sent over a network...Neat Idea poor implementation, very similar to most MS products.
Who is more trustworthy then all of the gurus or Buddha’s?
-
April 26th, 2003, 10:52 AM
#18
I have to agree on the insecurity of EFS.
I had a setup dualboot with 2K and XP.
Decided to reinstall 2K which screwed up XP.
Not that bad cuz XP also needed a reinstall.
Now I had a user account defined that had her home directory ciphered.
After the reinstall I was unable to boot XP. The KB article that told how to recover the XP install was of no use cuz I had experienced with some things allready (fixboot IE).
Now I wanted the data back. Played around a bit read up on EFS a bit.
Booted to 2K, logged in as an admin and took ownership of the encrypted directory and all child objects (the dir WAS not accesible). This way I managed to recover the data.
Microsoft has the following to say about it:
It is impossible to secure a computer that is not physically secure. An attacker that has physical access to a computer will eventually be able to break into it. Neither Windows 2000 nor any other operating system can change that.
http://www.microsoft.com/technet/tre...ws/Win2kHG.asp
So if you want to encrypt your files you better use a third party tool.
-
April 26th, 2003, 11:03 AM
#19
thanks that was of a great help
-
June 5th, 2003, 02:40 PM
#20
Great tutorial Jehnny there were somethings in there that I did not not know. my boot up time is alot faster now thanks
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
