OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Fwd:killing autorun
From: Gu1tarb0yAOL.COM
Date: Wed Sep 06 2000 - 11:15:38 CDT

Forgive my ignorance but what other autorun functionality is there besides for CD-ROM?
1) Set CMOS so system only boots from a hard drive.

2)Allocate the CD-ROM and Floppy drive at login time. No process or application is supposed to be able to use them, since the user now "owns" it.
HKLM\software\Microsoft\WindowsNT\CurrentVersion\winlogon\AllocateCDRoms:REG_SZ:1

HKLM\Software\Microsoft\WindowsNT\CurrentVersion\winlogon\AllocateFloppies:REG_SZ:1

3) Defeat autorun on the CD:
HKLM\System\CurrentControlSet\Services\Cdrom\Autorun:REG_DWORD:0

Does this approach what you are looking for?

Jim McFarlen

___________________Forward Header_____________________
Subject: killing autorun
Author: Focus on Microsoft Mailing List <FOCUS-MSSECURITYFOCUS.COM>
Date: 09/05/2000 8:48 AM

I am trying to completely remove autorun functionality from an NT 4.0 SP6a
server.

I have added the following registry value to do this:

Key Name:
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Class Name: <NO CLASS>
Last Write Time: 9/5/00 - 10:34 AM
Value 0
  Name: NoDriveTypeAutoRun
  Type: REG_DWORD
  Data: 0xff

HKCU (for existing users) contains the same key, and has a data value that
does allow some autorun functionality (0x95). It appears that the setting in
HKLM is taking precedence over the setting in KKCU, which is what I want.

I'm interested in comments on any potential problems I might experience if I
set this data value in HKLM and have a different setting in HKCU. I am also
open to suggestions on other methods of completely removing all autorun
functionality (preventing it on the CDROM drive is not enough).

>>