Click here to get back home

Microsoft Crypto Directory
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Microsoft Crypto Directory Will 12-06-2005
Posted by Will on December 6, 2005, 2:50 am
Please log in for more thread options
 On one of our member servers, the directory

\Documents and settings\All Users\Application
Data\Microsoft\Crypto\RSA\Machinekeys

is missing and there are messages in the event viewer indicating that the
SYSTEM is trying to load these unsuccessfully. Is it cause for concern
that these keys don't exist, and what is their purpose? How do we recreate
these?

I noticed the default permissions give Everyone read access to these keys.
Are they just public keys that we shouldn't worry about exposing to the
world?

--
Will



Posted by S. Pidgorny on December 6, 2005, 4:54 am
Please log in for more thread options
 As a Microsoft KB article says (http://support.microsoft.com/?id=278381) -
"The default permissions on the folder may be misleading when you attempt to
determine the minimum permissions that are necessary for proper installation
and the accessing of certificates."

The folder isn't exposed to the world - just to the local users.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-


> On one of our member servers, the directory
>
> \Documents and settings\All Users\Application
> Data\Microsoft\Crypto\RSA\Machinekeys
>
> is missing and there are messages in the event viewer indicating that the
> SYSTEM is trying to load these unsuccessfully. Is it cause for concern
> that these keys don't exist, and what is their purpose? How do we
> recreate
> these?
>
> I noticed the default permissions give Everyone read access to these keys.
> Are they just public keys that we shouldn't worry about exposing to the
> world?
>
> --
> Will
>
>



Posted by Will on December 6, 2005, 1:48 pm
Please log in for more thread options
Should it be a concern that the folder doesn't exist and that we have
eventviewer messages with the system trying to access it? How do we
recreate it if it is missing?

The user Everyone implies a much broader scope than just local users doesn't
it?

--
Will


> As a Microsoft KB article says (http://support.microsoft.com/?id=278381) -
> "The default permissions on the folder may be misleading when you attempt
to
> determine the minimum permissions that are necessary for proper
installation
> and the accessing of certificates."
>
> The folder isn't exposed to the world - just to the local users.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-



Posted by S. Pidgorny on December 11, 2005, 12:43 am
Please log in for more thread options
IMO the fact that the folder doesn't exist should be a concern - I prefer
not to see any error messages in the logs during normal operation. How to
recreate - I don't know, I'd start by creating the folder manually.

Everyone is more than local users but unless the folder is shared, that
makes virtually no difference.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

> Should it be a concern that the folder doesn't exist and that we have
> eventviewer messages with the system trying to access it? How do we
> recreate it if it is missing?
>
> The user Everyone implies a much broader scope than just local users
> doesn't
> it?
>
> --
> Will
>
>
>> As a Microsoft KB article says
>> (http://support.microsoft.com/?id=278381) -
>> "The default permissions on the folder may be misleading when you attempt
> to
>> determine the minimum permissions that are necessary for proper
> installation
>> and the accessing of certificates."
>>
>> The folder isn't exposed to the world - just to the local users.
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>
>



Similar ThreadsPosted
How are derived the crypto keys used in SMB client and server Sign November 27, 2005, 3:41 pm
auditing active directory not working properly directory serviceaccess October 21, 2005, 7:47 pm
Linking PKI directory accounts with Active Directory? February 11, 2007, 5:29 am
Oracle with Microsoft September 7, 2005, 9:10 am
Microsoft Security Bulletin(s) for 11/8/2005 November 8, 2005, 1:19 pm
Microsoft Security Bulletin(s) for 12/13/2005 December 13, 2005, 1:22 pm
Pushing non microsoft updates to users April 7, 2006, 11:27 am
urgent please help ..microsoft event id +4199 June 29, 2006, 5:47 am
Microsoft Security Bulletin(s) for June 2005 June 14, 2005, 10:28 am
Microsoft Security Bulletin(s) for July 2005 July 12, 2005, 10:08 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap