ZOverLord
Premium
join:2003-10-20
Minneapolis, MN
4 edits | said by TeMerc  :Based on your experience are there any other things users should do prior to installing? Any disc cleaning, defraging so forth to make install any easier or of that nature? This seems to be a far better solution than what Mike was suggesting by far. This is going to be a good thread to keep an eye on for sure. I've linked to it from my place as well as provided the newsgroup link as well: » www.microsoft.com/communities/ne···edaccessThanks for the info. OK, this might sound insane but here goes.
On some XP home systems using F8 any user can revert to the prior image, so for security reasons this is what I would do, once you have installed the toolkit and done testing, and are sure you have a good baseline with any user restrictions in place.
1. Turn Off Windows disk protection.
2. Do a disk cleanup, use the advance feature and remove all but the most current restore point, then also do the normal disk cleanup.
3. Create another restore point.
4. Do a defrag.
5. Turn on Windows Disk Protection.
6. Uncheck the check box in the getting started window in "Show Getting Started at Startup" unless you want this pop-up for the Admin ID for the toolkit to see this every-time in the future ("You can launch getting started via the program start menu when needed").
Change Windows Disk Protection to "Save Changes On Next Restart".
7. Restart.
8. Change Windows Disk Protection to "Save Changes On Next Restart". Again and restart.
9. Make some change and restart to make sure it does not stick and you then know your setup is working.
The reason why is on some XP systems all users can use F8 and revert to the prior disk image, if that was missing some settings they might get by the protection, this way both stored disk images will be the same.
That pretty much does it. You should be able to change, delete anything, suck up any type of malware even a rootkit, and when you reboot, Poof...it's all back to normal. 
Please note that if you allow users to have persistent data on other partitions or drives, or allow users to run programs on those drives, malware can still park there, but it will never be allowed to propagate to the Windows Partition, so you will have sand boxed it from embedding itself in Windows at least.
Of course, I would still be very careful when adding new things but even then, you can revert to one prior disk image if needed, or even use a restore point or worse case use an A/V to remove whatever and get back to a stable disk image.
If your careful, this is very hard to break.
It is also VERY important to change your BIOS to boot first from disk, otherwise if a CD or floppy is before the Hard Drive in the boot order, someone might be able to still enter the system using these methods, also add a strong password to your BIOS setup and you are covered.
My clients are doing back-flips over this, lol.
If anyone needs help on how to create a template .bat file to apply to many users the same restrictions let me know, it beats doing it manually.
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
