Pushing out security settings configured in the Registry
WindowSecurity.com -
Unless you have been living under a rock, you have been watching the IT community stand up and take notice of all of the security issues that keep rising up, day after day. One of the most prevalent areas where you have seen this attention to security is within group policy.
Group Policy is one of the core operations that is performed by Windows Active Directory. Within the past two years, Microsoft has doubled the number of Group Policy settings that they ship with the operating system. There are now nearly 1,700 settings in a standard Group Policy. The emphasis on most of the Group Policy settings is security.
New applications are constantly being provided to help protect against the spyware, viruses, worms, malware and other malicious code that runs through our networks and the Internet. Microsoft and other companies are trying to develop solutions as fast as they can, but the core problem is still not being addressed.
The core problem to many of the security issues on a Windows computer is that the baseline security is not configured properly. When you get a computer installed for the first time, it is no where near as secure as it should be. Even if you go through every Control Panel setting and Group Policy option, you won't get the computer to the baseline security that you desire.
The only way to get a Windows computer to a security level that will be near bulletproof is to make additional Registry changes that are not exposed through any interface, except Regedt32.exe. There are many ways to get these Registry changes completed on every computer in the enterprise, but some are certainly more efficient than others.
The reality of the problem
You may think there are not that many Registry settings that can help protect your computer. The reality of the overall problem becomes prevalent when you start researching and investigating the abundance of "Registry hacks" that are discussed in Microsoft Knowledge Base articles.
Another place that you might find Registry-related security fixes is within the newsgroups. For example, I monitor a Group Policy question board and the last question that I had was with regard to controlling USB devices. A quick search on the Internet says to modify the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor Registry value to control a USB device. If you do an exhaustive search through any existing tool that is provide by Microsoft, you will not find a way to control this value without manually updating the Registry. Let's first take a look
Reprinted with permission from
Story copyright 2006 WindowSecurity.com. All rights reserved.
Security
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
