Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > articles > 2004

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Randy Franklin Smith - Articles for 2004

most recent | by year | by subject

December 2004

Access Denied: Understanding the Anonymous Enumeration Policies. By default, Windows 2003 and XP disable the Network access, which means anonymous connections can enumerate shares but can't list local user accounts. <more>

Access Denied: Restricting Anonymous Connections in Win2K. You can set the Additional restrictions for anonymous connections policy to one of three values: None. Rely on default permissions, Do not allow enumeration of SAM accounts and shares, or No access without explicit anonymous permissions. <more>

Access Denied: Comparing Anonymous-Connection Policies in Win2K and Later. Here's a look at the anonymous-connection policies in Win2K as compared with those in Windows 2003 and XP. <more>

November 2004

Tracking How Long Users Remain Logged On to a Domain. You need to check the Security event logs on a workstation to determine a user's logon time and logoff time. <more>

Event Response. Learn what you need in an event-log management tool, then take a look at offerings from three companies-Dorian Software Creations, Omnitrend Software, and Prism Microsystems. <more>

Access Denied: Scheduling Jobs on a Remote Server. You'll need a third-party product to let users schedule jobs remotely on a server. <more>

Access Denied: Securing Crucial Servers in a WLAN Environment. Here are four ways to limit access to servers on a wired network to just employees but let both employees and visitors use a wireless network to access a Web-based collaboration tool. <more>

Access Denied: Restricting Permissions on Servers Upgraded from Windows NT. Use a security template and Group Policy to restrict permissions on registry keys on servers that have been upgraded from NT Server to Windows 2003 or Win2K Server. <more>

Access Denied: Understanding the Access this computer from the network User Right. The Access this computer from the network user right applies only to the Server service and the resources it provides, including remote access to files and printers and to the resources you see in the Microsoft Management Console Computer. <more>

October 2004

Preventing Users from Accessing Event Logs Through the Network. Learn how to control access to System and Application logs. <more>

Using Group Policy to Implement Security Policies for Laptop Users. When you use Group Policy to define security policies, what happens when a laptop user disconnects from the network? <more>

Filter for Security. The third in a series, this article goes farther in depth to show you how to design LogParser queries to find important security information. <more>

Access Denied: Controlling Which CAs Windows Can Trust. Decide for yourself which Certification Authorities (CAs) are trustworthy. Use Group Policy to mandate which CAs Windows can trust. <more>

Access Denied: Specifying Spooler Permissions on Just One DC. Learn how to manually assign permissions for the print spooler service without modifying the Default Domain Controller Policy. <more>

Access Denied: Obtaining a Server Certificate from Your Own CA. Configuring IIS to use HTTPS for a secure Web site requires you to install a server certificate. If you don't have a third-party Certification Authority from which to get a certificate, an alternative is to set up your own CA. <more>

Access Denied: Allowing Guest-Client Access to the Internet Over a WLAN. How can you give visiting clients and business partners access to the Internet via your WLAN while maintaining security? Here are two approaches. <more>

Access Denied: Determining from Which Computer a User Logged On. On Win2K and later DCs, you need to use event ID 672 to discover the computer from which a user logged on. <more>

September 2004

Access Denied: Mitigating a Problem with Computer-Only Authentication to a WLAN. Basing client authentication to your wireless LAN on the computer's certificate instead of the user's certificate could let an intruder access your entire LAN. Learn how to avoid this threat. <more>

Access Denied: Alternatives for Safeguarding Your WLAN. Use a trick with your DHCP addresses to prevent an intruder from capturing information sent between wireless clients or connecting to your network and attacking your computers. <more>

Set Up Remote Access Policies to Secure VPN Access. After you've set up a secure wireless network, you can use remote access policies to define how, when, and what remote users can connect to on your network. Follow these straightforward steps. <more>

Targeting Failed Logons. Use LogParser's Strings field to identify failed logons and potential security threats. <more>

August 2004

Computer Crime Survey Findings. The Computer Security Institute has released its annual CSI/FBI Computer Crime and Security Survey, and some of the findings might surprise you. <more>

Remote Access Policy Profile Settings. Here are the dial-in settings you need to specify in a remote access policy profile so that a remote user can authenticate through the remote access policy. <more>

Modifying User Dial-In Properties to Work with Remote Access Policies. Here's how to change user dial-in properties to give priority to the remote access policies' properties and how to set an Internet Authentication Service attribute. <more>

MD5 and SHA-1 Come Under Fire. Researchers have published ways to reduce the complexity of cracking these two hashing algorithms. <more>

XP Pro SP2 Delayed for Automatic Updates; German Security Firm Announces Vulnerability in SP2. Microsoft delays XP Pro SP2 for Automatic Updates; vulnerability discovered in SP2. <more>

Editing a GPO from a Windows XP System. You need to take a few preliminary steps before you can centrally configure Windows Firewall on your XP SP2 systems. <more>

Windows XP SP2: Centralized Deployment and Defense. Use Group Policy to roll out the new Windows XP service pack to all your XP systems and centrally configure the pack's Windows Firewall feature. <more>

Tracking Kerberos Authentication Events to Workstations. Kerberos authentication events don't include workstation names, but they do provide enough information for you to determine which workstation generated the event. <more>

Using Certificates to Secure Your WLAN. Learn the simplest way to implement 802.1x and certification-based authentication on a typical network of Windows XP and Windows 2000 computers and a Win2K AD domain. <more>

Access Denied: A Basic File Encryption Tool. Windows provides no built-in utility for encrypting files, but two scripts in the Platform SDK use CryptoAPI to let you encrypt and decrypt text files from the command line. <more>

Access Denied: Enabling Users to Access Two Domain Accounts. In some cases (e.g., during a migration), you might need to let users log on to two domain accounts and access files. A freeware tool makes setting up such a scenario easy. <more>

Access Denied: Requiring VPN Users to Run Certain Software. Using Windows 2003's IAS, you can prevent VPN users who aren't running antivirus or other necessary software from logging on to your network. <more>

Access Denied: Using Windows Server 2003's Certificate Templates. Microsoft significantly enhanced certificate templates in Windows 2003 but makes the new functionality available only in Enterprise Edition and Datacenter Edition. <more>

Access Denied: Securely Administering a Remote Server. Learn why remotely administering a server through Terminal Services is more secure that using MMC snap-ins.  <more>

Windows Server 2003 Certificate Services. Discover the pros and cons of using Windows Server 2003, Standard Edition or Windows Server 2003, Enterprise Edition as your Certificate Authority. <more>

July 2004

Windows Firewall: Building Security. Set up a standalone test system to get a feel for Windows XP SP2's Windows Firewall feature. <more>

Access Denied: Letting Users View Security Logs. Simply editing a GPO will let a group of users view Security logs but will also allow them to clear the logs. A more restrictive solution takes more work. <more>

Access Denied: Using Log Parser to Audit Domain Logons. The Log Parser tool lets you use SQL-like queries to extract data from log files. <more>

Access Denied: Understanding Wireless-Security Protocols. The pursuit of wireless security has led to a plethora of protocols. Clear up the confusion with this high-level view of the relationship between 802.11, 802.1x, 802.11i, WEP, and WPA. <more>

Access Denied: The Importance of Windows XP SP2. The soon-to-be-released XP SP2 is so important to the security of your network that you should start testing it now. <more>

June 2004

Setting Up Windows Systems Securely. Learn why you shouldn't connect new systems to the network until the setup is finished. <more>

Limiting Risk Associated with Local Accounts. You can't completely remove the ability to have local accounts, but you can minimize the security risks they expose you to. <more>

Access Denied: Using the Windows .NET Framework to Control Mobile Code. The Framework can't yet mitigate the risk associated with most code that users download from the Internet, but Windows XP's software restriction policies can provide some help. <more>

Access Denied: Using Windows Update with IP Security Policies. Using IP packet filtering to lock down your system can prevent you from downloading Microsoft updates. Here's how to work around the problem. <more>

Access Denied: Safeguarding FTP Files. Get around FTP's weak authentication by using encryption and implementing proper user permissions. <more>

Access Denied: Understanding the "Increase quotas" User Right. Contrary to what you might think, "Increase quotas" applies to processor quotas, not to user disk space quotas. <more>

Access Denied: Comparing Code Access Security with User Access Permissions. Which one takes precedence? The answer is neither; they are equal. <more>

May 2004

A Secure Wireless Network Is Possible. Secure wireless doesn't have to be an oxymoron. Learn how to lock down wireless connections to your network. <more>

The WPA Alternative. The Wi-Fi Protected Access (WPA) specification addresses 802.11's key management and authentication weaknesses. <more>

Adding Fault Tolerance. Configure a second IAS server to build a secure wireless network that's fault-tolerant. <more>

Event-Log Fields. A brief description of the fields in the Windows Security log.  <more>

Access Denied: Connecting to a DC to Edit a GPO. Because the MMC Active Directory Users and Computers snap-in doesn't necessarily connect to the local DC, you might think that only some DCs will log GPO change events. <more>

Access Denied: Configuring DHCP Server Logs. If your logs are too small, you'll have holes in your logging coverage. <more>

Access Denied: Securing a Wireless Network. Use 802.1x authentication to help you secure your wireless network by leveraging the Windows and AD infrastructures you've already built. <more>

Access Denied: Viewing Hidden Permissions for Individual Properties. Many of the properties AD defines for user objects are hidden from view by default. You can cause some hidden properties to appear in the MMC Active Directory Users and Computers snap-in, but you need to use a script to access others. <more>

Access Denied: Monitoring for Unauthorized Scheduled Tasks. Windows Server 2003 offers an event ID that reveals whether someone has scheduled an unauthorized task. <more>

Access Denied: Disabling Group Policy. A registry setting in the Win2K beta that let users disable Group Policy doesn't threaten security in the final release of Win2K or XP. <more>

Access Denied: Controlling SAM Accounts and Shares. New settings in XP cause it to behave differently from Win2K with regard to allowing enumeration of SAM accounts and shares. <more>

Access Denied: Using One GPO to Control Both Windows XP and Windows 2000 Settings. To manage XP's and Win2K's settings from the same GPO, you first need to update the GPO to include XP's new settings. <more>

LogParser. Use Microsoft's LogParser tool to find the vital events buried in your Security logs. <more>

April 2004

Access Denied: Operation-Based Auditing. Whereas earlier versions of Windows can tell you only whether a file has been accessed, Windows Server 2003 can reveal whether operations were performed on the file.  <more>

Access Denied: Tracking IP Addresses to Specific Machines. Learn how to use the DHCP server log to determine which computer had a specific IP address at a certain time. <more>

Access Denied: The Microsoft Product Support Life Cycle. Want to know how much longer Microsoft will continue to support Windows NT or other products? Microsoft has a consistent and predictable policy for product support. <more>

Access Denied: Windows Server 2003's Permissions to Cmd.exe. Windows 2003's tighter security might mean that some scripts and batch files don't work after you migrate. Here's how to fix the problem. <more>

March 2004

Access Denied: Monitoring Security with Custom MMC Consoles. Set up custom MMC views to easily and efficiently monitor security events on multiple computers. <more>

Access Denied: Discouraging Administrators from Unnecessarily Using Their Privileges. You can't prevent administrators from using elevated privileges for tasks that don't require them, but you can make doing so inconvenient. <more>

February 2004

Access Denied: Identifying Logon Attempts That Use Disabled Accounts. Three event IDs can help you identify logon attempts that use accounts an administrator has disabled. <more>

Access Denied: Automating Service Pack Installation. Group Policy can install a service pack on multiple computers the next time they reboot. <more>

Access Denied: Understanding Windows Server 2003's Local Security Settings. The MMC Local Security Settings snap-in changed with Windows 2003 and XP but still tells you everything you need to know. <more>

Access Denied: Setting Permissions on Windows Server 2003 Shared Folders. Learn how Windows 2003's share-level permissions differ from Windows 2000's permissions. <more>

January 2004

L2TP Remote Access. Learn how you can use L2TP to enable a strong, two-factor authentication VPN for your remote users. <more>

Access Denied: Making MBSA Ignore Patches to Disabled Services. Prevent updates for disabled services and features from generating false positives on MBSA reports. <more>

Access Denied: Scanning for Office Updates. MBSA can't scan for missing Office updates, but you can use one of two other options to do the job. <more>

Get this valuable commentary each month as soon as Microsoft releases security updates!

Free log parser scripts, a clear explanation of Microsoft's latest security bulletin, helpful security tips, how-to's and more.

Email address:
 

Newsletter archive
Your e-mail address will be held strictly confidential and you can unsubscribe at any time.


Additional Links

A
D
V

Sick of LimitLogin? Get UserLock for real logon control

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map