Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > articles > 2007

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Randy Franklin Smith - Articles for 2007

most recent | by year | by subject

Over the past 7 years, Randy has written scores of articles on a variety of security topics. Follow the links below for a sampling of Randy's most recent articles. You can find earlier articles archived by date or by topic. (Some articles require a subscription or monthly pass for online access.) Then make your plans to get even more from a seminar or onsite training.

June 2007

Requiring a Password When Resuming from Hibernation or Stand by Mode. If users disable the password dialog box that's typically required to resume from hibernation or Stand by mode, they put your network at risk. Here's how you can prevent the problem. <more>

Disabling Specific Types of Email Attachments. Learn how to disable certain types of email attachments in Vista and XP SP2 according to the file type and the zone in which the file originated. <more>

Protecting Your Network Using NAQC. Do your users need to access your network from insecure computers that might lack up-to-date anti-malware? Here's one way to protect your network from such computers. <more>

Using NAP to Control LAN Access. NAP lets you enforce system health policies on computers before allowing them to access your network. <more>

Using RDP to Access Servers Over the Internet. Do you have trouble accessing your server over the Internet because you're on a network that won't let you use port 3389? Here are two workarounds. <more>

August 2007

Granting Users Read Access to the Registry
Do you need to give users the authority to monitor the performance of your servers without giving them administrator authority? Find out how to grant users remote access to only certain areas of the registry. <more>

Distinguishing User Accounts from User Groups in an ACL
Learn how to tell whether the principal in the name column of an ACE is a user or a group.<more>

Getting Vista to Recognize Internet Connections
Do you have problems connecting your Vista computer to your VPN? Learn how to get Vista to enable your VPN connection. <more>

Checking the Security Event Log for Logon Failures Caused by Disabled Accounts
Here are the logon failure codes and event IDs that you need to watch for in the Security event log when looking for disabled account logon attempts.<more>

Access Denied
Answers to your Windows security questions.<more>

July 2007

Composing SDDL for Defining Custom Event Log Permissions
Do you need read access to the Security event log, but you can't have administrator authority? Learn how to grant an account read access using SDDL in Windows Server 2003. <more>

Computer Accounts in the Authenticated Users Group
Learn about the relationship between the Authenticated Users group and the computer accounts in a domain.<more>

Letting a User Log on from Only a Specific Computer
Do you want to make it so that a user can log on only from a specific computer? Here's how to do just that.<more>

Securing an OS by Using TPM
TPM isn't just for securing encryption keys—it also uses Platform Configuration Registers to authenticate the OS at start-up.<more>

June 2007

Requiring a Password When Resuming from Hibernation or Stand by Mode. If users disable the password dialog box that's typically required to resume from hibernation or Stand by mode, they put your network at risk. Here's how you can prevent the problem. <more>

Disabling Specific Types of Email Attachments. Learn how to disable certain types of email attachments in Vista and XP SP2 according to the file type and the zone in which the file originated. <more>

Protecting Your Network Using NAQC. Do your users need to access your network from insecure computers that might lack up-to-date anti-malware? Here's one way to protect your network from such computers. <more>

Using NAP to Control LAN Access. NAP lets you enforce system health policies on computers before allowing them to access your network. <more>

Using RDP to Access Servers Over the Internet. Do you have trouble accessing your server over the Internet because you're on a network that won't let you use port 3389? Here are two workarounds. <more>

May 2007

Using the Correct Certificate Template for Client Certificates. Using the wrong certificate template to secure Web applications, especially for external business partners, can cause problems with EFS. <more>

Logging Remote Desktop Connections. Here's a cautionary tale that illustrates the importance of enabling auditing on workstations and member servers as well as DCs. <more>

Comparing BitLocker with EFS. Learn why BitLocker beats the stuffing out of EFS when it comes to protecting laptops. <more>

April 2007

Controlling User Access to Removable Storage Devices. If you're worried about viruses or malware being introduced into your environment through removable storage devices, you'll be happy to know that Vista includes policies for controlling access to these devices. <more>

Assigning Administrators Ownership of Objects. To prevent users from modifying an object's permissions, you can change the ownership of the object and enable object access auditing. <more>

Requiring DC Authentication to Unlock Workstations. Find out how to require DC authentication to unlock user workstations and why you might not want to. <more>

March 2007

Setting the Kill Bit on ActiveX Controls To prevent users from modifying an object's permissions, you can change the ownership of the object and enable object access auditing. <more>

February 2007

Requiring DC Authentication to Unlock Workstations. Find out how to require DC authentication to unlock user workstations and why you might not want to. <more>

Creating a Domain Global Group Called Member Computer Local Admins. Don't give computers Domain Admins rights to deploy SMS to clients; if you do, both the computer and its administrator have full access to AD. <more>

Using Logon Rights to Secure AD Service Accounts. You can keep AD service accounts from being used to log on to your network by locking down those accounts with logon rights. <more>

Using Netstat to Get a List of Open Ports. Netstat lists the open ports and the programs using them by protocol and DNS names instead of by port numbers and IP addresses. <more>

Security Annoyances. Information security presents a variety of headaches, such as password resets, wireless access, and patch management. Learn about 6 of the most annoying—as well as what you can do to overcome them. <more>

Creating a site-to-site VPN connection from a branch office to the corporate datacenter. Learn several tricks for configuring secure communications between a company's branch offices and the company datacenter. <more>

Perimeter Security. You need much more than firewalls and intrusion detection--you need a multilayer perimeter ssecurity solution to keep your system safe. <more>

Perimeter Security Checklist. <more>

Get this valuable commentary each month as soon as Microsoft releases security updates!

Free log parser scripts, a clear explanation of Microsoft's latest security bulletin, helpful security tips, how-to's and more.

Email address:
 

Newsletter archive
Your e-mail address will be held strictly confidential and you can unsubscribe at any time.


Additional Links

A
D
V

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit

Sick of LimitLogin? Get UserLock for real logon control


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map