Windows XP Security Guide (phase one) - Page 3
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 39

Thread: Windows XP Security Guide (phase one)

  1. #21
    Does anyone know how to change the default location (C:\Documents and Settings) for the Documents and Settings folder.
    On a side note, I've installed XP on non C: drives many times and it's always run without a hitch. I do it whenever I want to test something.

    I wouldn't ever touch the changes for My documents or C. Sure sure, one less thing the hacker knows off the bat, but let's be serious here. Alteration of a core configuration (such as documents and settings) is about as dangerous as switching /etc to /littledoggie on a UNIX system. While it may be possible through 3rd party tools, I simply don't recommend either, and here is why:

    1. Any unexpected side effects, no matter how small or large, are still unexpected. By removing core features of how the OS works you can no longer depend on the OS to work as it was intended. While it may seem fine through testing, it would take years to discover each and everything correct/incorrect with that change. It's safer to have an OS you can predict and know how it works versus a variable anomoly in which we have to guess at it's safe preformance.

    2. If an intruder learns C is in fact not the windows critical system, it is not a large deal for him/her to figure out it's on another partition, and thus simply change a single letter.


    All in all, it's a trust factor versus an experimentation factor. I will simply stick to leaving the base OS exactally how it is, and working to secure it, rather than changing that base OS functionality and then wondering if it is still as secure.

    Sun Tzu teaches us that once we know the terrain of the battlefield, it is yet another grasp upon victory. If we choose to alter that terrain from it's origonal state, we can no longer trust in the stability of that terrain, while also instantly alerting the enemy that someone here has changed the landscaping, and lies in wait. This slides the advantage into the hands of your enemy, because no longer will they go uncautiously into a battlefield in which they know you can not trust.

  2. #22
    UPDATE:

    The primary partition needs to be 4 GB, not 3GB. A typo on my part but something that needs to be updated ASAP! I've contacted the webadministrator about 1440 minutes and beyond editing, but have received no responce. Mittens, Neg, is there anything we can do so I can alter this document?

  3. #23
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    Does anyone know how to change the default location (C:\Documents and Settings) for the Documents and Settings folder.
    cgkanchi since PST obviously isn't going to tell you - I will... tweak UI will allow you to do this, go to the 'My computer' on the tree and then to 'Special folders' it'll allow you to change it through that. Just one thing I had a bit of trouble getting it to 'stick' on this setting so I had to mess around in the registry and change it all manually... but I'd try the easy method first - PM me if you want the reg keys.

    As to system issues... well I didn't change this over for security or anything like that - I prefer to keep my data on a seperate drive and I got fed up of not being able to use the 'My documents' shortcuts which is why I changed the default setting - I've not personally noted any issues, the systems still as stable as it was and since the registry points to the non default location I've not had any issues with any program saving to the non default location. Once you've changed the default location you can set the new location as 'Private' etc and do everything that you'd be able to do with the default location.

    One thing, I wouldn't delete the actual user folder C:\Documents and Settings\user as that may cause problems - since it will be just an empty set of folders space on the HD shouldn't be an issue

    Z

    PS In deference to PST I will say - if you are going to do this kind of thing, it is at your own risk I'll gladly acknowledge that changing the system in this way may cause issues - it just hasn't caused a problem for me.

    [edit] oh PST... I have the greatest respect for Sun Tzu... and you actually.... but if the enemy starts being cautious it means they have started to fear - learn how to use fear as a weapon is all I'll say
    Quis Custodiet Ipsos Custodes

  4. #24
    A cautious enemy does not mean fearful, it means wise to know that something may be up.

    Example:

    Solider comes across a bush that looks slightly out of place. Soldier becomes cautious because he knows there is a trick going on, smiles, and lobs a grenade into the bush. This kills the hiding enemy in the bush.

    Fear does not go hand in hand with cautious. While for some fear is a constant in being carful, to those aware of a trap it is something to smile over, and take the steps to eliminate the trap.

  5. #25
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    Solider comes across a bush that looks slightly out of place. Soldier becomes cautious because he knows there is a trick going on, smiles, and lobs a grenade into the bush. This kills the hiding enemy in the bush.
    always assuming said enemy is actually hiding in the bush of course and is not lining up his sights through a snipers rifle.... I agree fear doesn't always go hand in hand with being cautious... thats why it's useful to learn the proper application of fear... for example the soldier above having lobbed his grenade realises there was never anyone there behind the bush.... so where are they?? Uncertainty causes fear more often than not (not always I'll give you that)

    But having said that this is a subject we could talk on for hours - I don't want to hijack your thread to talk about finer points of psychological war - maybe over PM?

    Z
    Quis Custodiet Ipsos Custodes

  6. #26
    I agree with you, so long as we emphasize "does not always go hand in hand with fear", as there are equally enough scenarios where cautiousness is the result of hardened experience from the past to balance those who are cautious through fear.

    To end the discussion on the philosophy of war for now, and to explain what brought up my war example for the directory changing, I think I can say something that we both agree on which was my base thought on this:

    Never understimate your enemy.

  7. #27
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    LOL... yeah ok... the result of hardened experience would of course be the true black hat (or in your analogy the full time professional soldier) rather than a script kiddie (a new recruit) - but as for your base thought... absolutely we agree on that

    nice to have a quick discussion with you PST

    Z
    Quis Custodiet Ipsos Custodes

  8. #28
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    PST, I'm not changing the location of Documents and Settings for network security. However, I want to have a separate drive for the (duh) documents and settings for all the users. That way, I can contain their permissions and not have them write to the System drive too often.

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  9. #29
    Junior Member
    Join Date
    Jul 2002
    Posts
    1
    If you're taking the time to set up the partitions to secure the system, might it be possible to create 2 4G install partitions (C and D), Install to D, then copy the Windows install to C so that if someone does hack into the network, when they go to alter anything in the C:\Windows or C:\Winnt directory, they're wasting their time with dummy files?

  10. #30
    Because that is, quite simple, a complete waste of 4 gigs and an introduction to paranoid 101. Not to mention, crucial security services depend on Windows residing in C. No need to duplicate things, because if someone is smart enough to break past these layers of security, they will catch on quickly when they learn C is a fake, and easily overtake D.

    Also, XP does not allow directory structure changes in the installation, and conversions are always warned against simply because it is an unknown and unrecommended enviroment. And such unknown variables in security are a "bad thing".

    I'd rather have a rock solid C drive with built in security functions running properly, then risk fscking a setting or missing something under the hood that leads to compromised data.

    edit:

    I understand how you may view what I said as rude, instead of how I meant it to come off as ("just the facts only ma'me"), so know that it was not an attack upon your suggestion. Replacing it on D instead of C (without the dummy file idea) is a great idea Unfortunatally, Windows is not as forgiving as *nix when it comes to that. Thanks for your thoughts!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •