OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dunlevy, Timothy S. (Tim.Dunlevyjhuapl.edu)
Date: Wed May 23 2001 - 06:34:58 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    A new Windows 2000 feature, Windows File Protection, is restorng the files
    (See Microsoft article Q222193). To remove the files, delete them from the
    %SystemRoot%\System32\Dllcache folder first then delete them from the
    protected folders.

    If you then run the SFC utility (See Q222471) the files will be restored
    again so be aware of that as well.

    Tim S. Dunlevy
    BIS Computing Systems Group
    The Johns Hopkins University Applied Physics Laboratory
    11100 Johns Hopkins Rd.
    Laurel, MD. 20723-6099
    (443) 778-0366

    -----Original Message-----
    From: Brian Murphy [mailto:bem9127yahoo.com]
    Sent: Tuesday, May 22, 2001 4:27 PM
    To: focus-mssecurityfocus.com
    Subject: IIS 5.0

    I have been working on getting our IIS 5.0 server
    ready for production. I have read and implemented all
    of the suggestions made from Microsoft Security and
    Securityfocus.com whitepapers for securing IIS 5.0 and
    Windows 2000 Advanced Server. The system will be
    located in a Hard DMZ (Behind a PIX Firewall) and
    running IPSec.

    I have installed all the latest patches and hotfixes
    to the system. I have verfied the system with HFCheck
    for IIS 5.0. And tested the system with "Patchwork".

    I have made all the recommended changes to NTFS
    permissions and removed everything from the IIS 5.0
    directories and relocated the wwwroot and ftproot
    directories.

    HOWEVER, I am having a strange problem implementing a
    suggested solution to remove certain *.EXE Files from
    the system (Edlin.exe, xcopy.exe. etc..........).
    Everytime I move these files to a secure location they
    reappear in the directory (C:\winnt,
    C:\winnt\system32, etc.......). I have tried
    performing a SHIFT+DELETE on the files and they still
    return. I know there is something simple to resolve
    this issue but I have not found it yet. So, can
    someone make a suggestion?

    Also, if you have any additional recommendations that
    I might have missed please comment.

    Thanks for your time.

    Brian Murphy, MCSE
    Data Center Manager
    Carter Bloodcare

    __________________________________________________
    Do You Yahoo!?
    Yahoo! Auctions - buy the things you want at great prices
    http://auctions.yahoo.com/