|
Posted by Paul Bergson [MVP-DS] on May 17, 2007, 9:04 am
Please log in for more thread options
Hiding drives isn't going to do much for you and will only create problems
if you did do it.
To turnoff auto play you can use a gpo (This is what we do)
Machine / Administrative Templates / System / Policy - Turn off Autoplay =
Enabled, Turn off Auto play on = all drives
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
> Would like to know
>
> 1) how to hide the computer from network browse list -
> Prevent a potential attacker inside the firewall from generating a list of
> available network resources
>
> 2) Disable Autorun- Prevent a malicious program from starting when media
> is
> inserted
>
> on windows 2003 server and DC
>
|
|
Posted by DD on May 21, 2007, 10:02 pm
Please log in for more thread options
Hi Paul,
What problems you will forsee if we hide the computer ?
"Paul Bergson [MVP-DS]" wrote:
> Hiding drives isn't going to do much for you and will only create problems
> if you did do it.
>
>
> To turnoff auto play you can use a gpo (This is what we do)
>
> Machine / Administrative Templates / System / Policy - Turn off Autoplay =
> Enabled, Turn off Auto play on = all drives
>
> --
> Paul Bergson
> MVP - Directory Services
> MCT, MCSE, MCSA, Security+, BS CSci
> 2003, 2000 (Early Achiever), NT
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> > Would like to know
> >
> > 1) how to hide the computer from network browse list -
> > Prevent a potential attacker inside the firewall from generating a list of
> > available network resources
> >
> > 2) Disable Autorun- Prevent a malicious program from starting when media
> > is
> > inserted
> >
> > on windows 2003 server and DC
> >
>
>
>
|
|
Posted by z1z1z1 on May 23, 2007, 12:50 am
Please log in for more thread options Hiding the computer from the browse list will do very little to increase
security, as many attacks are done via an IP scan by a program, not by
looking at the browse list (mostly there for human eyes). Also, an
attacker may often not be in a position (for example, in the same
workgroup/subnet) to see the browse list anyway.
> Hi Paul,
>
> What problems you will forsee if we hide the computer ?
>
>
> "Paul Bergson [MVP-DS]" wrote:
>
>> Hiding drives isn't going to do much for you and will only create
>> problems if you did do it.
>>
>>
>> To turnoff auto play you can use a gpo (This is what we do)
>>
>> Machine / Administrative Templates / System / Policy - Turn off
>> Autoplay = Enabled, Turn off Auto play on = all drives
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCT, MCSE, MCSA, Security+, BS CSci
>> 2003, 2000 (Early Achiever), NT
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> > Would like to know
>> >
>> > 1) how to hide the computer from network browse list -
>> > Prevent a potential attacker inside the firewall from generating a
>> > list of available network resources
>> >
>> > 2) Disable Autorun- Prevent a malicious program from starting when
>> > media is
>> > inserted
>> >
>> > on windows 2003 server and DC
>> >
>>
>>
>>
|
|
Posted by DD on May 22, 2007, 5:01 am
Please log in for more thread options Hi Paul,
I Only have one GPO on my DC and I can't find this system policy setting.
Is it under the local security setting - security option ?
> Hiding drives isn't going to do much for you and will only create problems
> if you did do it.
>
>
> To turnoff auto play you can use a gpo (This is what we do)
>
> Machine / Administrative Templates / System / Policy - Turn off Autoplay =
> Enabled, Turn off Auto play on = all drives
>
> --
> Paul Bergson
> MVP - Directory Services
> MCT, MCSE, MCSA, Security+, BS CSci
> 2003, 2000 (Early Achiever), NT
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> > Would like to know
> >
> > 1) how to hide the computer from network browse list -
> > Prevent a potential attacker inside the firewall from generating a list of
> > available network resources
> >
> > 2) Disable Autorun- Prevent a malicious program from starting when media
> > is
> > inserted
> >
> > on windows 2003 server and DC
> >
>
>
>
|
|
Posted by Paul Bergson [MVP-DS] on May 23, 2007, 8:17 am
Please log in for more thread options It should be under the domain. Are you running 2003?
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
> Hi Paul,
>
> I Only have one GPO on my DC and I can't find this system policy setting.
>
> Is it under the local security setting - security option ?
>
>
>
>> Hiding drives isn't going to do much for you and will only create
>> problems
>> if you did do it.
>>
>>
>> To turnoff auto play you can use a gpo (This is what we do)
>>
>> Machine / Administrative Templates / System / Policy - Turn off Autoplay
>> =
>> Enabled, Turn off Auto play on = all drives
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCT, MCSE, MCSA, Security+, BS CSci
>> 2003, 2000 (Early Achiever), NT
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> > Would like to know
>> >
>> > 1) how to hide the computer from network browse list -
>> > Prevent a potential attacker inside the firewall from generating a list
>> > of
>> > available network resources
>> >
>> > 2) Disable Autorun- Prevent a malicious program from starting when
>> > media
>> > is
>> > inserted
>> >
>> > on windows 2003 server and DC
>> >
>>
>>
>>
|
| Similar Threads | Posted | | hisecweb.inf hardening | June 5, 2005, 8:57 pm |
| Server Hardening | July 5, 2005, 9:34 am |
| Lockdown/Hardening Tool | March 21, 2006, 3:53 pm |
| Hardening Windows Registry | August 2, 2006, 10:31 pm |
| Domain Local Security vs Global Security vs Universal Security Groups | October 16, 2006, 1:26 pm |
| Role-based security from Windows Server 2003 Security Guide gives problems | November 6, 2006, 8:00 am |
| Windows Server Baseline Security - IE security warning | June 5, 2007, 9:35 am |
| security in AD | June 22, 2005, 5:38 am |
| VPN Security. | July 19, 2005, 9:44 am |
| Security? | July 25, 2005, 8:56 am |
|
XML Sitemap