Dan Thomson at myITforum.com

Pacifying the call of an undying passion

Syndication

News


    If they don't find you handsome, maybe they'll find you handy (Red Green).
    Proud member of the myITforum Network

Links: Helpful forums

Links: Interesting blogs

Links: User Groups

Stuff I do

May 2005 - Posts

GUI interface for RoboCopy

Do you use RoboCopy? Are you interested a nice GUI interface to help make executing RoboCopy easier?

Look here --> RoboCopy GUI

RoboCopy is included in the Windows Server 2003 Resource Kit Tools

Thanks to Duncan McAlynn for sharing the link on the SMS email list!

Posted Tuesday, May 24, 2005 10:32 AM by dthomson | 2 comment(s)

Filed under:

SMS 2003 Advanced Client install via Group Policy (Part 2)

Pertaining to my previous post (SMS 2003 Advanced Client install via Group Policy), a thread has also been started in the myITforum SMS 2003 forum. Check out what is being discussed and add your thoughts.

Here's a link to the forum post:

SMS 2003 Client Health /install, Logon / Startup Script

Posted Wednesday, May 18, 2005 9:25 PM by dthomson | with no comments

Filed under:

SMS 2003 Advanced Client install via Group Policy

If you are interested in how to deploy and maintain the SMS 2003 Advanced client via Group Policy and you are not a subscriber to the myITforum SMS E-mail list, then you might want to get subscribed. There is a terrific thread titled SMS 2003 Advanced Client install via Group Policy currently being discussed that may be of benefit.

Links of reference:

myITforum email discussion lists

myITforum SMS email discussion list

Posted Wednesday, May 18, 2005 1:42 PM by dthomson | with no comments

Filed under:

Motivation to physically secure your systems
I was recently helping another admin figure out how he could deploy operating system updates to a bunch of laptops which never connect to the network and which the users were not local administrators. We came up with an interesting method which exploits what I consider to be a security loophole in Windows 2000 and XP. After I thought about our findings a bit, I realized that this could be a huge vulnerability for many organizations and thought I should share it so that you can be informed. (I contacted Microsoft prior to writing this article, but this scenario was deemed to not be a security issue since it involves the user having physical access to the system.)

We all know that we should consider the following items when securing our computer systems:
  1. Set alternate boot devices (cd-rom, usb flash, floppy, ...) to disabled in the BIOS so that the system only boots from the hard drive.
  2. Physically secure the computer case by using a locking device of some sort which prevents access to the case internals.
  3. Rename default local accounts (Administrator and Guest) and possibly do something with local groups as well.
  4. Setup some sort of alert system to notify an admin when a computer case has been opened.
  5. Password protect the BIOS.
Well, if we haven't properly considered the above list and the user has the ability to boot using a tool such as BartPE, WinPE or the Sysinternals recovery tools, the user can make an alteration to the operating system startup scripts and subsequently gain higher system access from within Windows than desired.

Here is a scenario to consider:
  1. I am a standard user on the local system with either a local or domain user account.
  2. I am able to boot my computer from cd-rom or USB flash drive using a tool such as BartPE, WinPE, etc. (Booting from an alternate source allows me to bypass most security settings of the operating system on the hard drive.)
  3. I can copy an executable or script to the Windows file system on the hard drive.
  4. I can modify the C:\Winnt/Windows\System32\GroupPolicy\Machine\Scripts\script.ini file so that it runs a command of my choice. IE: Make it run the script or executable I copied over in step 3. (The script.ini file is where Group Policy stores the list of items to be run during system startup. This file is in plain text and easily editable.)
  5. I reboot the system and my script runs at startup under the context of the System account using elevated privileges.

    Such a script might give my account local administrative privileges by adding my account to the local administrators group.
Being able to edit the script.ini file is neat for those of us who want an easy way to automate some system tasks, but I consider it to be a big hole. I would like to see Microsoft consider encrypting the contents of the script.ini file as such a measure would help to prevent this scenario from happening.

I hope this little bit of information provides inspiration to those out there who have not yet secured against the use of alternate boot devices.

BTW: There are a few variations to the above scenario which can accomplish the same results, but I'll leave them out for now.

Please feel free to send me an email with any comments on this post.

See my myITforum articles

Posted Sunday, May 15, 2005 7:55 PM by dthomson | with no comments

Filed under:

I have to mention this....

I read John's article regarding the WiGLE site and wanted to check the WiFi stats on wardriving activities in my area. I found that the site requested that I register prior to being able to gain any information. During the registration process, I provided my hotmail email address because I really don't care too much if it gets hit with junk. However, I soon learned that I needed to create a new email account strictly for SPAM, viruses, trojans, etc...

My Inbox and Junk folders had been staying pretty clean prior to registering, but now the account is getting innundated with emails which appear to be trojans. It may possibly be a coincidence because John said he's not noticed anything on his end, but the timing of my account getting hit right after registering is very suspicious.

So, lesson of the day is: When registering on sites which seem suspicious (even some which seem ok), be sure to use an account that you don't care about. If you don't have such an account, then now would be a good time to create one and use it the next time you're asked for registration information.

This is one of the biggest topics I tried to educate my users on: If you provide your home or work email address when registering on all the joke and “freeware“ sites, then you are bound to begin to receive junk email and lots of it.

BTW: I was glad to see that my area is not listed anywhere on this and a few other similar sites that I keep tabs on.

Posted Tuesday, May 03, 2005 9:48 PM by dthomson | with no comments

Filed under: