OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: SecureNT Script fails to create registry keys
From: Brownell, Michael (Michael.BrownellEXCHANGE1.ECHOSTAR.COM)
Date: Fri Jun 30 2000 - 12:57:31 CDT

Dan Rembolt wrote:
>I also got a copy of a toolkit from an HP consultant. It uses a program
called SecEdit which I think is written at HP. It sets a whole lot more
registry keys than SecureNt. It did run successfully on my target system but
it locked it down so much that I couldn't get any of my user stuff to run.
SecEdit is the command line version of the MS Security Configuration Manager
that shipped on the SP4 CD. The script that the HP guy created was for a
Bastion host. The Gui SCM has scripts for 4 different levels of security:
Basic, Secure, Comprehensive, and High Security. the Basic one is to allow
you to rollback in case you lock down the system too hard. They state in
their documentation that you will probably be ok with Secure, but that
Comprehensive and High Security will probably cause trouble with most apps
and require detailed testing. The cool thing is you can create your own
custom config based on these original ones. If you run SMS you can push
these configs out to desktops and servers as well making mass customization
easier (although I haven't tried this personally)

* Michael K. Brownell
*
* Network Administrator
* Echostar Satellite Communications
* Gilbert Uplink Facility
*
* michael.brownellechostar.com