Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: services running in windows domain (winXP clients)

from [Starks, Brad] Network Security [Permanent Link]
Subject: RE: services running in windows domain (winXP clients)
Date: Tue, 28 Dec 2004 10:04:39 -0800 
The way I understand it, software restriction policies only work for
applications that are called by the Windows explorer process. If they
are called by any other process, then the restriction policy does not
work.


-----Original Message-----
From: Frank Knobbe [mailto:frank@knobbe.us] 
Sent: Monday, December 27, 2004 10:35 AM
To: Mike Lyman
Cc: focus-ms@securityfocus.com
Subject: Re: services running in windows domain (winXP clients)

On Wed, 2004-12-22 at 14:12 -0600, Mike Lyman wrote:

Software restriction policies work both in the "allow all but..." and 
"allow none but..." The allow all should be the easier to test and 
configure but the other approach should work since only those things

you 

allowed will run.



Are these restrictions limited to "applications" you run from Explorer,
or does it include any ".exe/.com/.dll" or otherwise executable files?
If enabled, do all required/desired services (like W32Time) have to be
explicitly listed as "allowed to execute" or is there some assumption
Windows makes about services and runs them by default? In that case,
software restrictions wouldn't be of help.

I agree with Christos that a Policy setting that says "All Services,
except the list below, are to be stopped/disabled" would be very useful
(just from a logic point of view).

Regards,
Frank



Email Disclaimer: http://www.co.marin.ca.us/nav/misc/EmailDisclaimer.cfm


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: services running in windows domain (winXP clients), Frank Knobbe
Next by Date:  SecurityFocus Microsoft Newsletter #221, Marc Fossi
Previous by Thread:  RE: services running in windows domain (winXP clients), Zack Schiel
Next by Thread:  Corrupt Certificate information on local system, Allan S
Indexes:  [Date] [Thread] [Top] [All Lists]