Top 10 Potential Problematic Security Settings
Many enterprise management tools rely on several of these features of the operating system:
�
Enterprise and other applications may require:
Administrative Shares (C$, ADMIN$) - AutoShareWks or AutoShareServer
Remote Registry Service
Task Scheduler
RestrictAnonymous (Null User Sessions)
NTFS/Registry Permissions
NetBIOS over TCP/IP
LM VS. NTLM VS. NTLMv2 Authentication - LmCompatibilityLevel
File/Printer Sharing Bindings
Workstation Service
Server Service
To troubleshoot most of these settings, it is either:
�- Turn it on
�- Turn it off
�- Tweak the value
�
For an application to function properly, it may require tuning several of the settings listed above.
�
The settings that are more difficult to troubleshoot are NTFS and Registry permissions.�
There are two ways to troubleshoot these issues:
�- Enable auditing of Failed Object Access, and watch for Failure events in the Event Viewer.
�- Use third party tools such as FileMon and RegMon from SysInternals � http://www.sysinternals.com.� Look for �Access Denied� alerts.
�
Enterprise and other applications may require:
Administrative Shares (C$, ADMIN$) - AutoShareWks or AutoShareServer
Remote Registry Service
Task Scheduler
RestrictAnonymous (Null User Sessions)
NTFS/Registry Permissions
NetBIOS over TCP/IP
LM VS. NTLM VS. NTLMv2 Authentication - LmCompatibilityLevel
File/Printer Sharing Bindings
Workstation Service
Server Service
To troubleshoot most of these settings, it is either:
�- Turn it on
�- Turn it off
�- Tweak the value
�
For an application to function properly, it may require tuning several of the settings listed above.
�
The settings that are more difficult to troubleshoot are NTFS and Registry permissions.�
There are two ways to troubleshoot these issues:
�- Enable auditing of Failed Object Access, and watch for Failure events in the Event Viewer.
�- Use third party tools such as FileMon and RegMon from SysInternals � http://www.sysinternals.com.� Look for �Access Denied� alerts.