Using Secedit to permission EVERYTHING
In this thread I'm going to post some examples of using Secedit to permission files and registry keys in a way that will help ensure that only the users that are supposed to modify files/keys are allowed to.
This sort of security stops worms and Denial Of Service attacks dead in their tracks.
More to come soon.
This sort of security stops worms and Denial Of Service attacks dead in their tracks.
More to come soon.
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
ZhuBaJie
19 years ago
In my company they force the policies every hour thereby resetting all rights set by packages.
Using Security templates to set the rights for your package is fairly easy and you can give the Security Templates to the system managers so they can import it so your rights won't be reset.
I wrote a very detailed instruction on how to do it with the VB script and how to make a custom action of it. However, it's in Dutch so I need to find time to translate it.
Marcel
Using Security templates to set the rights for your package is fairly easy and you can give the Security Templates to the system managers so they can import it so your rights won't be reset.
I wrote a very detailed instruction on how to do it with the VB script and how to make a custom action of it. However, it's in Dutch so I need to find time to translate it.
Marcel
Posted by:
Gekris
18 years ago
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_secedittopnode.mspx?mfr=true
is a good place to start if your new to securty templates and secedit.
I use cmd file to call secedit and the inf created by the MMC
I also use secedit to create the smb and log files. besure to use the name name for all the files to ensure you know what template is for latter.
IE
appname_version.cmd
appname_version.inf
install the files to the securty templates folder (or use one u created for applicatin securty on the local box)
call the cmd file from a custem action in your MSI at the end of your install or u can create an exe for it with wise script or simualer tool (sms installer) and call that from your package.
u can give that inf file to your administrator if you are useing domain level application securty.
is a good place to start if your new to securty templates and secedit.
I use cmd file to call secedit and the inf created by the MMC
I also use secedit to create the smb and log files. besure to use the name name for all the files to ensure you know what template is for latter.
IE
appname_version.cmd
appname_version.inf
install the files to the securty templates folder (or use one u created for applicatin securty on the local box)
call the cmd file from a custem action in your MSI at the end of your install or u can create an exe for it with wise script or simualer tool (sms installer) and call that from your package.
u can give that inf file to your administrator if you are useing domain level application securty.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
so that the conversation will remain readable.