|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: securing HKLM
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: securing HKLM
- From: Eric Lochstet <lochstetPOBOX.UPENN.EDU>
- Date: Wed, 18 Nov 1998 10:40:54 -0500
- Approved-By: Russ.CooperRC.ON.CA
- Comments: To: David Mahon <ddmn_ssTROI.CC.ROCHESTER.EDU>
- Organization: U. of Pa. Library Systems Office
- References: <000d01be124b$638a0770$a1dc9780glorpy.cif.rochester.edu>
- Reply-To: Eric Lochstet <lochstetPOBOX.UPENN.EDU>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
David Mahon wrote:
>
> > When securing HKEY_LOCAL_MACHINE, one area that definitely
> > needs attention
> > is \software\classes (note: this is the same as editing
> > HKEY_CLASSES_ROOT).
>
> The only difficulty with securing this area as it should be (Read-only for
> authenticated, local users) is that many programs are not Windows NT aware.
>
> Many programs (including Netscape Navigator/Communicator 4.x, Office 97,
> etc.) write to this area at startup. Worse, they tend to either crash or
> popup weird mesages. When I secured HKLM, Netscape Navigator advised the
> normal user account that it couldn't edit the registry - "try using
> REGEDIT."
I also encountered this problem with Netscape when securing HKLM.
Fortunately, Netscape Navigator/Communicator 4.x, does not need write
access to every thing in HKLM\SOFTWARE\Classes. The solution is to
unsecure the following sub keys:
HKLM\SOFTWARE\Classes\NetscapeMarkup\protocol\StdFileEditing
HKLM\SOFTWARE\Classes\NetscapeMarkup
(but you can secure the subkeys in NetscapeMarkup)
HKLM\SOFTWARE\Classes\CSLID\{61D8DE20-CA9A-11CE-9EA5-0080C82BE3B6}
(you can also secure the subkeys in this CSLID)
I have not tried to discover which subkeys Office 97 writes to. So I
can not comment on what you would need to unsecure for it to work
without error.
______________________________________________________________________
Eric Lochstet lochstetpobox.upenn.edu
Programmer Analyst Phone: (215) 898-4824
Library Systems Office FAX: (215) 898-0559
University of Pennsylvania 3420 Walnut St. Philadelphia PA 19104
______________________________________________________________________
- References:
- Re: securing HKLM
- From: David Mahon <ddmn_ssTROI.CC.ROCHESTER.EDU>
- From: David Mahon <ddmn_ss
- Re: securing HKLM
- Prev by Date: Re: NAI-30: Windows NT SNMP Vulnerabilities
- Next by Date: The Son of Cuartango Hole
- Prev by thread: Re: securing HKLM
- Next by thread: Re: securing HKLM
- Index(es):