For #1, Win Folder Protection may be kicking in. If youw want to
remove/change protected files, first delete their 'backups' from
system32\dllcache. Then do with the files as you want. You'll get a
warning message, choose not to replace.

Does anyone know of way to toggle WFP on and off dynamically? The reg edit
is kinda ugly . . .

CC

-----Original Message-----
From: Focus on Microsoft Mailing List
[mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Speight, Howard F.
Sent: Wednesday, May 02, 2001 2:19 PM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Hardening Windows 200

Using the guide provided by the good folks at SystemExperts I'm having two
problems.

1. Cannot Delete c:\winnt\system\os2 Access is denied: Source file may be
in use
    Folder/File Permissions look okay, event log shows a windows service
putting the files back to maintain the integrity of the OS or something to
that effect. Turned on auditing for that folder and it showed up once in
Event Viewer, but I didn't make a note of the service and it hasn't shown up
since, course I cleared the log...

2. When setting "UnSigned Driver installation Behavior" to Do not allow and
then installing SP1 or a patch/hotfix I get numerous messages about files
not being signed by Microsoft. Course, I changed setting to Warn, But allow
then told it to run...

Thanks, Howard

Howard Speight, Systems Programmer, East Carolina University

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]