Tech Tips

Windows NT : Security

Keeping passwords unique with domain account policies

A solid password aging policy can help secure network resources by forcing users to select different passwords periodically. Not only does this make it more difficult for intruders to guess user passwords, it also limits the amount of time that a cracked password can be used for illicit purposes. To...

Password expiration notification

As you know, security-minded administrators apply policies to user accounts that define password length, uniqueness, and expiration requirements. By default, Windows NT displays the password expiration notification 14 days in advance. If users complain that this is too little or too much time, you can edit the registry to change...

Secure the Administrator account

One of the most important user accounts in any network is the Administrator account. Users that can access this account can pretty much do anything they darn well please. You definitely don't want this account falling into the hands of intruders or other unauthorized personnel. So what can you do...

Access denied

Suppose you'd like to deny everyone but administrators access to create new shares, thereby controlling who can access a computer from its network interface and the information that's shared over that interface. Here's a quick how-to. Run the Registry Editor (Regedt32.exe). Go to the following key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Shares. Select Shares and...

When you create a DNS zone, the name of the logged-on user is automatically placed in the SOA record

Did you know that when you create a new zone file in DNS, you might inadvertently reveal the name of the administrator account? When you create a DNS zone, the name of the logged-on user is automatically placed in the Responsible Person field in the Start of Authority (SOA) property...

Stopping unauthorized DNS zone transfers

If you do not specifically configure your DNS server to accept zone transfer requests only from designated sources, anyone on the Internet with the proper tools can transfer a complete copy of your DNS zone database to their system. This is normally done using the NSLOOKUP program and the...

Dealing with file types that execute automatically

Virus and script attacks leave many users and administrators feeling vulnerable, and for good reason. Antivirus software and other security tools are available, but another way to address some of these attacks is by using certain system settings that can help prevent rogue software from running. It's possible, for example,...

Another possible security leak

As all good network admins know, an Emergency Repair Disk is an absolute necessity and you, of course, frequently create one using the Rdisk utility from the command line. However, there's a possible security vulnerability if the ERD creation process is interrupted. During the creation process, a temporary file is...

Adding a security warning

In some situations, you may want to add a security warning to Windows NT that users will see before they log on. Doing so is easy but requires you to edit the registry. To create a security warning, open the registry editor and navigate to \HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\WinLogon. Next, double-click...

Auditing failed logons to track hacker activity

Hackers often gain access to a system by setting up an automated program that bombards a server with thousands of possible password combinations. Windows NT provides an auditing utility that can help you recognize these hacking attempts by tracking events at the system and object level. By default, this auditing...

Contact Us | Authors | Subject Index | Directory | RSS Feeds

Copyright ©2006 Setup32.com