Windows Server Hack [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Windows Server Hack [Electronic resources] - نسخه متنی

Mitch Tulloch

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Windows Server Hacks

Table of Contents

Copyright

Credits

About the Author

Contributors

Acknowledgments

Foreword: I''m a Sci-Fi freak

Preface

Why Windows Server Hacks?

Getting and Using the Scripts

How to Use This Book

How This Book Is Organized

Conventions Used in This Book

Using Code Examples

How to Contact Us

Got a Hack?

Chapter 1. General Administration

Hacks #1-16

Hack 1 Use Run As to Perform Administrative Tasks

Hack 2 Drag and Drop to the Run Menu

Hack 3 Find and Replace Registry Keys from a Command Line

Hack 4 Automatically Log On After Booting

Hack 5 Wait for and Optionally Terminate a Process

Hack 6 Shut Down a Remote Computer

Hack 7 Rename Mapped Drives

Hack 8 Execute a Command on Each Computer in a Domain

Hack 9 Add, Remove, or Retrieve Environment Variables

Hack 10 Extend Group Policy

Hack 11 Disable EFS

Hack 12 Get Event Log Information

Hack 13 Shortcut to Remote Assistance

Hack 14 Desktop Checker

Hack 15 Top Five Tools

Hack 16 myITforum.com

Chapter 2. Active Directory

Hacks #17-24

Hack 17 Retrieve the List of Old Domain Computer Accounts

Hack 18 Automate Creation of OU Structure

Hack 19 Modify All Objects in the OU

Hack 20 Delegate Control of an OU to a User

Hack 21 Send OU Information in Active Directory to an HTML Page

Hack 22 Display Active Directory Information

Hack 23 Store and Display Contact Information in Active Directory

Hack 24 Restore the Active Directory Icon in Windows XP

Chapter 3. User Management

Hacks #25-35

Hack 25 Search for Domain Users

Hack 26 Manage User Accounts in Active Directory

Hack 27 Get a List of Disabled Accounts

Hack 28 Get User Account Information

Hack 29 Check for Passwords that Never Expire

Hack 30 Enumerate Group Membership to a CSV File

Hack 31 Modify User Properties for All Users in a Particular OU

Hack 32 Check Group Membership and Map Drives in a Logon Script

Hack 33 Script Creation of a User''s Home Directory and Permissions

Hack 34 Prevent Ordinary Users from Creating Local Accounts

Hack 35 Put a Logoff Icon on the Desktop

Chapter 4. Networking Services

Hacks #36-47

Hack 36 Manage Services on Remote Machines

Hack 37 Simplify DNS Aging and Scavenging

Hack 38 Troubleshoot DNS

Hack 39 Manually Recreate a Damaged WINS Database

Hack 40 Change WINS for All Enabled Adapters

Hack 41 Ensure DHCP Server Availability

Hack 42 Change a Network Adapter''s IP Info

Hack 43 Change from Static IP to DHCP

Hack 44 Release and Renew IP Addresses

Hack 45 Use netsh to Change Configuration Settings

Hack 46 Remove Orphaned Network Cards

Hack 47 Implement Windows 2000 Network Load Balancing

Chapter 5. File and Print

Hacks #48-53

Hack 48 Map Network Drives

Hack 49 Determine Who Has A Particular File Open on the Network

Hack 50 Display a Directory Tree

Hack 51 Automate Printer Management

Hack 52 Set the Default Printer Based on Location

Hack 53 Add Printers Based on Name of Computer

Chapter 6. IIS

Hacks #54-61

Hack 54 Back Up the Metabase

Hack 55 Restore the Metabase

Hack 56 Map the Metabase

Hack 57 Metabase Hacks

Hack 58 Hide the Metabase

Hack 59 IIS Administration Scripts

Hack 60 Run Other Web Servers

Hack 61 IISFAQ

Chapter 7. Deployment

Hacks #62-68

Hack 62 Get Started with RIS

Hack 63 Customize RIS

Hack 64 Tune RIS

Hack 65 Customize SysPrep

Hack 66 Remove Windows Components from the Command Line

Hack 67 Unattended Installation of Windows Components

Hack 68 Easily Create a Network Boot Disk

Chapter 8. Security

Hacks #69-78

Hack 69 Fundamentals of a Virus-Free Network

Hack 70 Antivirus FAQ

Hack 71 Rename the Administrator and Guest Accounts

Hack 72 Get a List of Local Administrators

Hack 73 Find All Computers that Are Running a Service

Hack 74 Grant Administrative Access to a Domain Controller

Hack 75 Secure Backups

Hack 76 Find Computers with Automatic logon Enabled

Hack 77 Security FAQ

Hack 78 Microsoft Security Tools

Chapter 9. Patch Management

Hacks #79-89

Hack 79 Best Practices for Patch Management

Hack 80 Beginners Guide to Enterprise Patch Management

Hack 81 Patch-Management FAQ

Hack 82 Enumerate Installed Hotfixes

Hack 83 Apply Patches in the Correct Order

Hack 84 Windows Update FAQ

Hack 85 Obtain Updates via the Windows Update Catalog

Hack 86 Use Automatic Updates Effectively

Hack 87 Use Group Policy to Configure Automatic Updates

Hack 88 Automatic Updates FAQ

Hack 89 Software Update Services FAQ

Chapter 10. Backup and Recovery

Hacks #90-100

Hack 90 Collect Disaster Recovery Files

Hack 91 Back Up Individual Files from the Command Line

Hack 92 Back Up System State on Remote Machines

Hack 93 Back Up and Restore a Certificate Authority

Hack 94 Back Up EFS

Hack 95 Work with Shadow Copies

Hack 96 Back Up and Clear the Event Logs

Hack 97 Back Up the DFS Namespace

Hack 98 Recover with Automated System Recovery

Hack 99 Recovery Roadmap

Hack 100 Data Recovery of Last Resort

Colophon

Index

index_A

index_B

index_C

index_D

index_E

index_F

index_G

index_H

index_I

index_K

index_L

index_M

index_N

index_O

index_P

index_Q

index_R

index_S

index_T

index_U

index_V

index_W

index_X
توضیحات
افزودن یادداشت جدید









Hack 11 Disable EFS







While the Encrypted File System of Windows
2000/XP can be useful for protecting data, your best approach might
actually be to disable it.



The Encrypted File System (EFS) feature was first introduced in
Windows 2000 and is also available in Windows XP Professional. EFS
provides a much higher level of security than the one offered by NTFS
alone, which can be circumvented without much effort as long as
physical access to the computer is allowed. EFS is extremely easy to
use and is available without any special configuration because it is
enabled by default. Even though it seems that with all these
advantages EFS should quickly find its place in
everyone's environment, implementating it properly
is a fairly complex task.




The Problem




Your two primary concerns are the ability to recover encrypted files
and the protection of private keys used for encryption, which are
associated with each user's account and the recovery
agent's account. Recovery of encrypted files might
be a fairly common occurrence. Because the private keys necessary for
decryption are stored in the user's profile, if the
profile gets deleted or corrupted, the user can no longer access
their encrypted files. The process of recovery involves simply
logging on as an account that is designated as a data recovery agent.
By default, this account is a local administrator on a standalone
computer and a domain administrator in a domain environment. Because
the private keys for data recovery agents are also stored as part of
their profiles, it is recommended that private keys for data recovery
agents should be exported from the computer that contains them and
stored in a secure place until a recovery needs to be performed.



Currently, without using any custom solution, backup and storage of a
user's private keys (without backing up the entire
profile) tends to be a time-consuming process. In addition, using
nondefault recovery agents (which is the recommended procedure)
requires installation of the Certificate Authority feature, which
also needs to be managed properly. If you are not ready to handle all
these additional tasks, your best bet might simply be to temporarily
disable EFS on users' machines.




The Solution




In the Windows 2000 domain environment, launch the Group Policy MMC
snap-in and select the Group Policy Object (GPO) linked to your
domain. Then, drill down to Computer
ConfigurationWindows
SettingsSecurity SettingsPublic
Key PoliciesEncrypted Data Recovery Agents,
right-click on the folder labeled Encrypted Data Recovery Agents, and
select Delete Policy to delete the default recovery policy. Then,
right-click on Encrypted Data Recovery Agents again and select
Initialize Empty Policy. This will remove users'
ability to use EFS on any Windows 2000 system that belongs to the
domain. In absence of EFS recovery agent, Windows 2000 clients will
refuse to encrypt any files or folders.



However, you might be in for a surprise if you try to use the same
approach in Windows XP, because Microsoft changed the default EFS
behavior to allow a Windows XP client to use encryption even if no
Data Recovery Agent is available (the same is true for Windows Server
2003). Fortunately, there are several new ways of preventing this,
which we'll look at now.



Disabling EFS for a file






Windows XP offers greater flexibility in configuring the scope of
reach of EFS. If your
intention is to disable EFS for a
single file, you can simply assign the system attribute to the file.
Although this is not the most elegant solution, it does provide a
quick workaround. In order to apply the system attribute to a file,
use the attrib command with +s
parameter. For example, to apply the system attribute to the
info1.txt file, type the following at the
command prompt:



attrib +s info1.txt

Disabling EFS for a folder






If you instead want to prevent EFS on the folder
level, you can create a desktop.ini file in the
folder. The desktop.ini file should contain the
following two lines:



[Encryption]
Disable=1



This will affect the folder itself and all of its files. However, it
does not have any impact on its subfolders and their content.



Disabling EFS for a system






Finally, if you prefer, you can disable EFS on the system level. This
can be accomplished by editing the Registry. Set the following entry
of DWORD type to the value 1:



HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS\EfsConfiguration



It is easier, however, to use Group Policy for this purpose. Start by
launching Local Security Policy from the Administrative Tools menu.
Next, double-click on the Public Key Policies folder. You will see a
subfolder named Encrypting File System. Right-click on it and select
Properties from the context-sensitive menu. You will notice a
checkbox labeled "Allow users to encrypt files using
Encrypting File System (EFS)," as shown in Figure 1-13.




Figure 1-13. Disabling EFS in Windows XP/2003




Unchecking this box will disable EFS altogether on the system. Note
that this setting can be also used to together with Group Policy to
disable EFS for all computers residing in any of Active Directory
containerssites, domains, or organizational units.



Marcin Policht




/ 163