• We've upgraded our forums. Please post any issues/requests in this thread.

Securing Windows 2000/XP/Server 2003 services HOW TO

Status
Not open for further replies.
Joined
May 15, 2006
Messages
4,677 (1.11/day)
Likes
86
Location
Someone who's going to find NewTekie1 and teach hi
Processor DualCore AMD Athlon 64x2 4800+ (o/c 2801mhz STABLE (Ketxxx, POGE, Tatty One, ME))
Motherboard ASUS A8N-SLI Premium (PCIe x16, x4, x1)
Cooling PhaseChange Coolermaster CM754/939 (fan/heatsink), Thermalright heatspreaders + fan built on (RAM)
Memory 512mb PC-3200 DDR400 (set DDR-33 for o/c) by Corsair (matched pair, 2x256mb) 200.1/200mhz
Video Card(s) BFG GeForce 7900 GTX OC 512mb GDDR3 ram (o/c manually to 686 core/865 memory) - PhaseChange cooled
Storage Dual "Raptor X" 16mb 10krpm/RAID 0 Promise EX8350 x4 PCIe 128mb & Intel IO chip/CENATEK RocketDrive
Display(s) SONY 19" Trinitron MultiScan 400ps 1600x1200 75hz refresh 32-bit color
Case Antec Super-LanBoy (aluminum baby-tower w/ lower front & upper rear cooling exhaust fans)
Audio Device(s) RealTek AC97 onboard mobo stereo sound (Altec Lansing ACS-45 speakers - 10 yrs. still running!)
Power Supply Antec 500w ATX 2.0 "SmartPower" powersupply
Software Windows Server 2003 SP #1 fully patched, & massively tuned/tweaked to-the-max (plus latest drivers)
#1
This is all i could save. I dont know if people can see what I can in the Wiki, but I got this article the others he deleted b4 he posted them in the wiki and i dont have the powers even in my sections to bring them back...perhaps a back up but Im not sure we have one ill go see. He did a damn good job at making sure nothing of his existed after he left...Im at school but when i get home ill email him and see if i can get him back im not done fighting yet.-Solaris17




Securing Windows 2000/XP/Server 2003 services HOW TO
I went at ALL of the services in Windows Server 2003 (some will not be in XP for instance, & Windows 2000 has no NETWORK SERVICE or LOCAL SERVICE as far as I know, but not sure, you can always make a limited privelege user too for this on 2000 if needed)...

I did testing to see which services could be run/logged in as LOCAL SERVICE, or NETWORK SERVICE, rather than the default of LOCAL SYSTEM (which means Operating System entity level privileges - which CAN be "misused" by various spyware/malware/virus exploits).


LOCAL SERVICE startable list (vs. LocalSystem Logon Default):


--------------------------------------------------------------------------------

Acronis Scheduler 2 Service
Alerter (needs Workstation Service Running)
COM+ System Application
GHOST
Indexing Service
NVIDIA Display Driver Service
Office Source Engine
O&O Clever Cache
Remote Registry
Sandra Service
Sandra Data Service
SmartCard
Tcp/IP NetBIOS Helper
Telnet
UserProfile Hive Cleanup Service
Volume Shadowing Service
Windows UserMode Drivers
Windows Image Acquisition
WinHTTP Proxy AutoDiscovery Service
NETWORK SERVICE startable list (vs. LocalSystem Logon Default):


--------------------------------------------------------------------------------

ASP.NET State Service
Application Layer Gateway
Clipbook (needs Network DDE & Network DDE DSDM)
Microsoft Shadow Copy Provider
Executive Software Undelete
DNS Client
DHCP Client
Error Reporting
FileZilla Server
Machine Debug Manager
Merger
NetMeeting Remote Desktop Sharing Service
Network DDE
Network DDE DSDM
PDEngine (Raxco PerfectDisk)
Performance Logs & Alerts
RPC
Remote Desktop Help Session Manager Service
Remote Packet Capture Protocol v.0 (experimental MS service)
Resultant Set of Policies Provider
SAV Roam
Symantec LiveUpdate
Visual Studio 2005 Remote Debug
PLEASE NOTE: Each service uses a BLANK password when reassigning their logon entity (when you change it from the default of LOCAL SYSTEM Account), because they use SID's as far as I know, not standard passwords.


--------------------------------------------------------------------------------

WHEN YOU TEST THIS, AFTER RESETTING THE LOGON USER ENTITY EACH SERVICE USES: Just run your system awhile, & if say, Norton Antivirus refuses to update, or run right? You KNOW you set it wrong... say, if one you test that I do NOT list won't run as LOCAL SERVICE? Try NETWORK SERVICE instead... if that fails? YOU ARE STUCK USING LOCAL SYSTEM!

If you cannot operate properly while changing the security logon entity context of a service (should NOT happen w/ 3rd party services, & this article shows you which ones can be altered safely)?

Boot to "Safe Mode", & reset that service's logon entity back to LOCAL SYSTEM again & accept it cannot do this security technique is all... it DOES happen!

If that fails? There are commands in the "Recovery Console" (installed from your Windows installation CD as a bootup option while in Windows using this commandline -> D:\i386\winnt32.exe /cmdcons, where D is your CD-Rom driveletter (substitute in your dvd/cd driveletter for D of course)) of:

ListSvc (shows services & drivers states of stopped or started)

Enable (starts up a service &/or driver)

Disable (stops a server &/or driver)

Which can turn them back on if/when needed

Last edited by APK on 03/04/2007
I.E. -> I removed Telephony, Symantec AntiVirus, & Virtual Disk Service!

(ON Virtual Disk Service being removed, specifically: This was done solely because, although it will run as LOCAL SERVICE, diskmgmt.msc will not be able to work! Even though the Logical Disk Manager service does not list VirtualDisk as a dependency, this occurs, so VirtualDisk service was pulled from BOTH the LOCAL SERVICE and NETWORK SERVICE lists here... apk)

SECURING SERVICES @ THE ACL LEVEL VIA A SECURITY POLICY HOW-TO:

STEP #1: CONFIGURE A CUSTOM Microsoft Management Console for this!

Configuring yourself a "CUSTOM MMC.EXE (Microsoft Mgt. Console)" setup for security policy templates, here is how (these are NOT default Computer Mgt. tools, so you have to do this yourself, or run them by themselves, but this makes working w/ them convenient):

===============================================================
The next part's per BelArcGuy of BELARC ADVISOR's advice (pun intended):
==============================================
http://forums.techpowerup.com/showthread.php?p=282551#post282551

==============================================
"Security Configuration and Analysis" is an MMC snap-in. To access the MMC, type in mmc to the Windows Run.. command to pop up the console. Then use it's File|Add/Remove Snap-in... command and click the Add button on the resulting dialog. Choose both "Security Configuration and Analysis" and "Security Templates", close that dialog, and OK. You'll end up with a management console that has both of those snap-ins enabled. The whole MMC mechanism is a bit weird, but does work"

(It's easy, & it works, & is necessary for the actual steps to do this, below)


--------------------------------------------------------------------------------

(Next, is the actual "meat" of what we need to do, per Microsoft, to set ACLs)


--------------------------------------------------------------------------------

STEP #2: HOW TO: Define Security Templates By Using the Security Templates Snap-In in Windows Server 2003

http://support.microsoft.com/kb/816297

Create and Define a New Security Template

(To define a new security template, follow these steps)

1. In the console tree, expand Security Templates. 2. Right-click %SystemRoot%\Security\Templates, and then click New Template. 3. In the Template name box, type a name for the new template.

(If you want, you can type a description in the Description box, and then click OK)

The new security template appears in the list of security templates. Note that the security settings for this template are not yet defined. When you expand the new security template in the console tree, expand each component of the template, and then double-click each security setting that is contained in that component, a status of Not Defined appears in the Computer Setting column.

1. To define a System Services policy, follow these steps: a. Expand System Services. b. In the right pane, double-click the service that you want to configure. c. Specify the options that you want, and then click OK.

==============================================
)
APK (added 03/08/2007)
 
Last edited by a moderator:
Joined
May 15, 2006
Messages
4,677 (1.11/day)
Likes
86
Location
Someone who's going to find NewTekie1 and teach hi
Processor DualCore AMD Athlon 64x2 4800+ (o/c 2801mhz STABLE (Ketxxx, POGE, Tatty One, ME))
Motherboard ASUS A8N-SLI Premium (PCIe x16, x4, x1)
Cooling PhaseChange Coolermaster CM754/939 (fan/heatsink), Thermalright heatspreaders + fan built on (RAM)
Memory 512mb PC-3200 DDR400 (set DDR-33 for o/c) by Corsair (matched pair, 2x256mb) 200.1/200mhz
Video Card(s) BFG GeForce 7900 GTX OC 512mb GDDR3 ram (o/c manually to 686 core/865 memory) - PhaseChange cooled
Storage Dual "Raptor X" 16mb 10krpm/RAID 0 Promise EX8350 x4 PCIe 128mb & Intel IO chip/CENATEK RocketDrive
Display(s) SONY 19" Trinitron MultiScan 400ps 1600x1200 75hz refresh 32-bit color
Case Antec Super-LanBoy (aluminum baby-tower w/ lower front & upper rear cooling exhaust fans)
Audio Device(s) RealTek AC97 onboard mobo stereo sound (Altec Lansing ACS-45 speakers - 10 yrs. still running!)
Power Supply Antec 500w ATX 2.0 "SmartPower" powersupply
Software Windows Server 2003 SP #1 fully patched, & massively tuned/tweaked to-the-max (plus latest drivers)
#2
The method above is good vs. the faults noted in Windows vs. MacOS X noted in URL

Suggestions + critique are welcome, & add on ideas too... especially THIS part, to improve it!

:)

* DONE!

(When I first got here, somebody asked me to "write the damn book of knowledge" lol, well... there tis', consolidated from ALL of my posts on the subject of internet security & speeding it up as well @ the SAME TIME!)

APK

P.S.=> Moderators: AGAIN - if you feel this 'makes the grade' as to consolidating a secure your system & speedup online STICKY THREAD? Go for it...

LOL, personally speaking? I do think so, but... it's NOT up to me to judge! apk
 
Last edited by a moderator:

PVTCaboose1337

Graphical Hacker
Joined
Feb 1, 2006
Messages
9,501 (2.19/day)
Likes
1,097
Location
Dallas, Texas
System Name Whim
Processor Intel Core i5 2500k @ 4.4ghz
Motherboard Asus P8Z77-V LX
Cooling Cooler Master Hyper 212+
Memory 2 x 4GB G.Skill Ripjaws @ 1600mhz
Video Card(s) Gigabyte GTX 670 2gb
Storage Samsung 840 Pro 256gb, WD 2TB Black
Display(s) Shimian QH270 (1440p), Asus VE228 (1080p)
Case Cooler Master 430 Elite
Audio Device(s) Onboard > PA2V2 Amp > Senn 595's
Power Supply Corsair 750w
Software Windows 8.1 (Tweaked)
#3
OMG sticky, good job Alec§taar!
 
Joined
May 15, 2006
Messages
4,677 (1.11/day)
Likes
86
Location
Someone who's going to find NewTekie1 and teach hi
Processor DualCore AMD Athlon 64x2 4800+ (o/c 2801mhz STABLE (Ketxxx, POGE, Tatty One, ME))
Motherboard ASUS A8N-SLI Premium (PCIe x16, x4, x1)
Cooling PhaseChange Coolermaster CM754/939 (fan/heatsink), Thermalright heatspreaders + fan built on (RAM)
Memory 512mb PC-3200 DDR400 (set DDR-33 for o/c) by Corsair (matched pair, 2x256mb) 200.1/200mhz
Video Card(s) BFG GeForce 7900 GTX OC 512mb GDDR3 ram (o/c manually to 686 core/865 memory) - PhaseChange cooled
Storage Dual "Raptor X" 16mb 10krpm/RAID 0 Promise EX8350 x4 PCIe 128mb & Intel IO chip/CENATEK RocketDrive
Display(s) SONY 19" Trinitron MultiScan 400ps 1600x1200 75hz refresh 32-bit color
Case Antec Super-LanBoy (aluminum baby-tower w/ lower front & upper rear cooling exhaust fans)
Audio Device(s) RealTek AC97 onboard mobo stereo sound (Altec Lansing ACS-45 speakers - 10 yrs. still running!)
Power Supply Antec 500w ATX 2.0 "SmartPower" powersupply
Software Windows Server 2003 SP #1 fully patched, & massively tuned/tweaked to-the-max (plus latest drivers)
#4
Suggestions + critique are welcome, & add on ideas too... especially THIS part, to improve it!



* DONE!

(LOL - Hey: I remember when I first got here a year ago? Well, somebody asked me to "write the damn book of knowledge" lol, well... there tis', consolidated from ALL of my posts on the subject of internet security & speeding it up as well @ the SAME TIME!)

APK

P.S.=> Moderators: AGAIN - if you feel this 'makes the grade' as to consolidating a secure your system & speedup online STICKY THREAD? Go for it...

LOL, personally speaking? I do think so, but... it's NOT up to me to judge! apk
 
Last edited by a moderator:

PVTCaboose1337

Graphical Hacker
Joined
Feb 1, 2006
Messages
9,501 (2.19/day)
Likes
1,097
Location
Dallas, Texas
System Name Whim
Processor Intel Core i5 2500k @ 4.4ghz
Motherboard Asus P8Z77-V LX
Cooling Cooler Master Hyper 212+
Memory 2 x 4GB G.Skill Ripjaws @ 1600mhz
Video Card(s) Gigabyte GTX 670 2gb
Storage Samsung 840 Pro 256gb, WD 2TB Black
Display(s) Shimian QH270 (1440p), Asus VE228 (1080p)
Case Cooler Master 430 Elite
Audio Device(s) Onboard > PA2V2 Amp > Senn 595's
Power Supply Corsair 750w
Software Windows 8.1 (Tweaked)
#5
You have the longest and most informative posts! Of course I expect this quality of article.
 
Joined
Jan 15, 2005
Messages
5,458 (1.16/day)
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#6
Well I only just got round to sorting this out for my services. thanks for the guide Alec. So far no problems, but I have found that the diskeeper service will not start if it has Local or Network Service so I left it as local system. Going to move to perfect disk soon anyway because I read much better reviews about it.
 
Joined
Jan 15, 2005
Messages
5,458 (1.16/day)
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#8
QUESTION:

Did you have ANY others than I did not list above, besides Diskeeper (I use this too, it will NOT work that way, you are right)?

(If so, please provide them, if you have services diff. from the list above & also IF they work doing this technique).
I will try changing their settings sometime, the one thing I've noticed about this guide is that it doesn't list the Windows services that NEED to be left as local system, so some people might not be too sure what they're doing and worry about any that aren't listed. Just a suggestion that you might want to include in any future revisions. :)

The non-default ones I have that you have not listed are:

.Net Runtime Optimization Service v2.0.50727_X86
Ati HotKey Poller
ATI Smart
AVG E-mail Scanner
AVG7 Alert Manager Server
AVG7 Update Service
BlueSoleil Hid Service
Bluetooth Support Service
ewido anti-spyware 4.0 guard
iPod Service
Messenger Sharing USN Journal Reader Service
Service Layer
Windows Defender Service

The problem is that the only ones of these I actually use are The AVG and Windows Defender services and occasionally the "Service Layer" service (related to Nokia PC Suite) and the "Messenger Sharing USN Journal Reader Service" (related to WindowsLive Messenger). Anyway, I'll see how much I can secure those and post back how I get on. I'll try to test it sometime this week just I'm a bit waring of changing the AVG settings because the only way to test if it was still working would be for a virus to be detected... and I' rather I didn't get viruses!
 

pt

not a suicide-bomber
Joined
Mar 11, 2006
Messages
8,956 (2.08/day)
Likes
167
Location
Portugal
Processor AMD Turion 64 X2 Mobile TL-60 (Trinidad)
Motherboard ASUS F3Ka (ATI RS690M)
Cooling stock
Memory Nanya 2x1GB ddr2 667@5-5-5-15-2T
Video Card(s) ATI Mobility Radeon HD2600 512MB DDR2@ 580mhz/486mhz
Storage 160GB on laptop+250GB external
Display(s) ASUS 15.4
Case Asus Laptop F3Ka chassis
Audio Device(s) on-board
Power Supply 1:30minutes battery
Software "genui xp", 'cause i hated vista
#10
cool guide
too bad my school starts tomorrow :( , my time on the pc will be far less
 
Joined
Jan 15, 2005
Messages
5,458 (1.16/day)
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#11
I don't normally have time during the day to play with settings, but if I find time in the evenings I will have a go. Concentrating on Vista atm though.
 
Joined
Jan 15, 2005
Messages
5,458 (1.16/day)
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#12
I'm considering setting up my PC to work as a limited account except for installing stuff, but I just wondered if you know whether all programs work then Alec (or anyone else). Thanks.
 
Joined
Jan 15, 2005
Messages
5,458 (1.16/day)
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#13
this is what RUNAS is for! apk
Well the whole vista setup is what inspired me to want to use a limited account. Although those messages get annoying they are good for security and like you say "RunAs" could be used. I've decided to stick as an administrator account for now, but I might give it a go in the future.

One service that I have found out needs Local System rights is the AVG7 Update Service, if it is set to Network Serivce it brings up a message about not being able to change files next startup or something along those lines. I'll try to get round to testing the rest later in the week/ at the weekend.
 
Joined
Jan 15, 2005
Messages
5,458 (1.16/day)
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#15
Alec, I've found two settings in oyur guide that don't work well with my computer:

UserProfile Hive Cleanup Service
DHCP Client

Both of the above need to be set to local system in order for them to work correctly (seems unusual considering that M$ puts DHCP client in that list...)

For DHCP I get the message "Error 1079.The account specified is different from the account specified for other services running in the same process." Not too sure how I can conquer that, guessing that it's linked to the whole svchost.exe generic process.
 
Last edited:
S

Slater

Guest
#16
P.S.=> I am personally surprised they have not issued a security update altering this in the registry really, on ALL of their Win32 OS of NT-based nature/ancestry.

That is, if they have NOT done so already in hotfixes (they have with ACL's & I mention it in other threads here in fact)... because of this year's past exploits of services! apk
Wait a couple days, you just gave them the idea :roll:
 
Joined
Sep 20, 2006
Messages
1,998 (0.49/day)
Likes
0
Location
ashentech.com
Processor Athlon64 3500+(2.2gz)@2.94gz(3.03gz)
Motherboard Biostar Tforce550 (RMA) (m2n-sli delux)
Cooling PIB cooler
Memory 2gb ocz 533 +1gb samsung 533 4-4-4-12
Video Card(s) x1900xtx 512mb+zalman vf900 cooler(kicks stock coolers arse)
Storage 80gb,200gb,250gb,160gb
Display(s) 20.1 in dell 2001fp + KDS visual sensations 19"
Case Codegen briza seirse
Audio Device(s) ADI SoundMax HD audio onboard,using Ket's driver pack
Power Supply FSP 400watt SAGA seirse w/noise killer
Software Windows 2003 ent server as workstation(kills xp in perf and stab)
#17
ok question, i forgot to dissable printer port b4 i installed windows 2003 this last time, how do i remove the service so it dosnt bitch about the service failing to load each time windows starts now that i dissabled it(my board dosnt acctualy have a printer port just a header for one)
 
Joined
Jan 15, 2005
Messages
5,458 (1.16/day)
Likes
242
Location
England
System Name Jimmy 2004's PC
Processor S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard ASUS K8N
Cooling AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory 1GB Kingston PC3200 (2x512MB)
Video Card(s) Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage 500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s) Digimate 17" TFT (1280x1024)
Case Antec P182
Audio Device(s) Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply Corsair HX520W
Software Windows XP Home
#18
I really should get round to testing those services soon. :D
 
Joined
Feb 6, 2007
Messages
2,576 (0.65/day)
Likes
510
Processor Mysterious Engineering Prototype
Motherboard Intel 865
Cooling Custom block made in workshop
Memory Corsair XMS 2GB
Video Card(s) FireGL X3-256
Display(s) 1600x1200 SyncMaster x 2 = 3200x1200
Software Windows 2003
#19
Alec... Great post.

Could you please load www.belarc.com and run an audit. It will give you a security rating. See what you get. If you don't get a score of 10... figure out what's wrong. My score is about 4 and to be honest, I'm stuck! LOL
 
Joined
Feb 6, 2007
Messages
2,576 (0.65/day)
Likes
510
Processor Mysterious Engineering Prototype
Motherboard Intel 865
Cooling Custom block made in workshop
Memory Corsair XMS 2GB
Video Card(s) FireGL X3-256
Display(s) 1600x1200 SyncMaster x 2 = 3200x1200
Software Windows 2003
#20
Belarc Advisor is free. And it is pretty good. Shows you the status of security upgrades and other "hardening" issues. I can recommend it. Just don't know how to implement all of its recommendations.
 
Joined
Feb 6, 2007
Messages
2,576 (0.65/day)
Likes
510
Processor Mysterious Engineering Prototype
Motherboard Intel 865
Cooling Custom block made in workshop
Memory Corsair XMS 2GB
Video Card(s) FireGL X3-256
Display(s) 1600x1200 SyncMaster x 2 = 3200x1200
Software Windows 2003
#21
Here is some of the output from Belarc. As you can see I'm up to date on hotfixes, but my CIS score has gone down to 3.13 with new verion of Belarc. Ooohps. It seems that I need to manage permissions better. But not sure how to do this.





 
Joined
Feb 6, 2007
Messages
2,576 (0.65/day)
Likes
510
Processor Mysterious Engineering Prototype
Motherboard Intel 865
Cooling Custom block made in workshop
Memory Corsair XMS 2GB
Video Card(s) FireGL X3-256
Display(s) 1600x1200 SyncMaster x 2 = 3200x1200
Software Windows 2003
#22
Thanks Alec. I think the greatest help would be to understand the technique for handling each section, rather than each specific item itself. Thanks in advance.

P.S. Use the left-right scroll bar in your browser windows to see the screen. The gifs might appear wide if you are not using a 1600+ pixel screen
 
Joined
May 15, 2006
Messages
4,677 (1.11/day)
Likes
86
Location
Someone who's going to find NewTekie1 and teach hi
Processor DualCore AMD Athlon 64x2 4800+ (o/c 2801mhz STABLE (Ketxxx, POGE, Tatty One, ME))
Motherboard ASUS A8N-SLI Premium (PCIe x16, x4, x1)
Cooling PhaseChange Coolermaster CM754/939 (fan/heatsink), Thermalright heatspreaders + fan built on (RAM)
Memory 512mb PC-3200 DDR400 (set DDR-33 for o/c) by Corsair (matched pair, 2x256mb) 200.1/200mhz
Video Card(s) BFG GeForce 7900 GTX OC 512mb GDDR3 ram (o/c manually to 686 core/865 memory) - PhaseChange cooled
Storage Dual "Raptor X" 16mb 10krpm/RAID 0 Promise EX8350 x4 PCIe 128mb & Intel IO chip/CENATEK RocketDrive
Display(s) SONY 19" Trinitron MultiScan 400ps 1600x1200 75hz refresh 32-bit color
Case Antec Super-LanBoy (aluminum baby-tower w/ lower front & upper rear cooling exhaust fans)
Audio Device(s) RealTek AC97 onboard mobo stereo sound (Altec Lansing ACS-45 speakers - 10 yrs. still running!)
Power Supply Antec 500w ATX 2.0 "SmartPower" powersupply
Software Windows Server 2003 SP #1 fully patched, & massively tuned/tweaked to-the-max (plus latest drivers)
#23
Ok, some of it, I agreed with... other parts, not.

Examples: (coming, will edit it in & explain why I did not agree w/ some of its assessments).

Scored just a WEE BIT better than what you did, initially (you should do better once you use secpol.msc, regedit.exe, & explorer.exe for NTFS, etc. & follow some of its recommendations there) ->

APK SCORE -> 4.17 of 10 (I don't agree w/ all of its recommendations, see next post)



(Some of it though, I definitely DO NOT AGREE WITH - 1 example being that IF I cutoff using a service completely? It's downgrading me for it... that's not right, lol!)

Check it -> A service IS NOT vulnerable, if I do not allow it to run, period, SET TO DISABLED: And, I lower their logon entity to less than SYSTEM (NETWORK SERVICE or LOCAL SERVICE) for the DISABLED ONES ontop of doing that cutting them off!

(You ALL KNOW that saves I/O, CPU, RAM, you-name-it, another reason I do it (why run something I don't need or use))

I also do that for the few I run.

Lessening their logon priority makes them a LOT less powerful IF overtaken, what little services I run (they are secure afaik)))!

Plus, I am on a non-HOME-LAN type networked rig presently, & some of its complaints are bugging me, saying I am limiting functionality - FUNNY, BUT THAT IS WHAT I AM OUT TO DO, especially to 'remote users'/potential interlopers: Run less background apps that MIGHT have exploitable holes in them, & save CPU cycles &/or RAM, & secure the ones that you DO run.

APK

P.S.=> I'll point out next, where I personally feel it is 'cutting users down too much', especially for things like turning off services you do NOT use, hey - how can they be 'vulnerable' if not active, or disabled, period, for instance (answer - they're NOT)... apk
 
Last edited:
Joined
May 15, 2006
Messages
4,677 (1.11/day)
Likes
86
Location
Someone who's going to find NewTekie1 and teach hi
Processor DualCore AMD Athlon 64x2 4800+ (o/c 2801mhz STABLE (Ketxxx, POGE, Tatty One, ME))
Motherboard ASUS A8N-SLI Premium (PCIe x16, x4, x1)
Cooling PhaseChange Coolermaster CM754/939 (fan/heatsink), Thermalright heatspreaders + fan built on (RAM)
Memory 512mb PC-3200 DDR400 (set DDR-33 for o/c) by Corsair (matched pair, 2x256mb) 200.1/200mhz
Video Card(s) BFG GeForce 7900 GTX OC 512mb GDDR3 ram (o/c manually to 686 core/865 memory) - PhaseChange cooled
Storage Dual "Raptor X" 16mb 10krpm/RAID 0 Promise EX8350 x4 PCIe 128mb & Intel IO chip/CENATEK RocketDrive
Display(s) SONY 19" Trinitron MultiScan 400ps 1600x1200 75hz refresh 32-bit color
Case Antec Super-LanBoy (aluminum baby-tower w/ lower front & upper rear cooling exhaust fans)
Audio Device(s) RealTek AC97 onboard mobo stereo sound (Altec Lansing ACS-45 speakers - 10 yrs. still running!)
Power Supply Antec 500w ATX 2.0 "SmartPower" powersupply
Software Windows Server 2003 SP #1 fully patched, & massively tuned/tweaked to-the-max (plus latest drivers)
#24
CompletelyBonkers, got my score on BELARC ADVISOR higher finally



:)

* Up, from 4.17 before, to a 5.0... "she's getting there!"

APK
 
Last edited:

pt

not a suicide-bomber
Joined
Mar 11, 2006
Messages
8,956 (2.08/day)
Likes
167
Location
Portugal
Processor AMD Turion 64 X2 Mobile TL-60 (Trinidad)
Motherboard ASUS F3Ka (ATI RS690M)
Cooling stock
Memory Nanya 2x1GB ddr2 667@5-5-5-15-2T
Video Card(s) ATI Mobility Radeon HD2600 512MB DDR2@ 580mhz/486mhz
Storage 160GB on laptop+250GB external
Display(s) ASUS 15.4
Case Asus Laptop F3Ka chassis
Audio Device(s) on-board
Power Supply 1:30minutes battery
Software "genui xp", 'cause i hated vista
#25
i have 4.338 on that thing :)
 
Status
Not open for further replies.