MSInfluentials
A new blog site for influential people
Jesper's Blog » Downloads from the Vista Security Book

Downloads from the Vista Security Book

As with Protect Your Windows Network I wrote some tools for the Windows Vista Security book that just came out. However, the Vista book does not come with a CD. Rather, Wiley has made the tools available for download. If you solemnly promise that you will buy the book, you may get the tools from there. Smile

The tools are:

  • A couple of Windows Management Instrumentation (WMI) Scripts that demonstrate how to interact with the Windows Firewall with Advanced Security. These scripts check if the firewall is on and which profile is active.
  • An electronic version of chapter 1. The link to this is currently broken. I will update the post as soon as I know what the link should be.
  • A very long (200 pages) Word document detailing the default security parameters for every built-in service in Windows Vista Ultimate. It has the ACL on the service as well as the process security parameters. I originally intended this as an appendix but it got too long.
  • WMI is essentially an object store that lets applications store all kinds of configuration information and lets other programs read that information using standard interfaces. While developing the group policy object (GPO) for the new Windows Firewall that is shown in the firewall chapter I needed a way to filter the GPO by operating system. WMI filters is a good way to do that, but to ensure that I had the right WMI data I wrote a little WMI script that dumps out all WMI data about the operating system. I figured you can use it to learn about what data WMI provides that you can leverage for other things, like GPO filtering.
  • The default Group Policy settings for User Account Control (UAC) leaves out one of the UAC settings: the one that controls whether a locally defined administrator gets a full or filtered token when connecting to the computer remotely. To enable that setting to be managed using Local Security Policy or Group Policy requires a new sceregvl.inf file. The UAC chapter discusses the setting and how to use this file to add it to the security policy tools.
  • A tool that enables you to launch a process elevated from a command line. You run "elevate <program> [program arguments]" and it will give you the standard elevation prompt. Since much of the code is reusable I also added the ability to run a process with low integrity with almost all the privileges stripped. Many programs won't work properly that way but I thought it was a nice way to test what will happen when you run them low.
  • One of my favorite utilities is the cmdhere.inf tool from the Windows 2000 Resource Kit. It puts a "command prompt here" command on the context menu for folders in Windows Explorer. However, with Vista cmdhere no longer works, and if you tweak it to work you get a non-elevated command prompt. Using the elevate tool, this little utility adds an "elevated command prompt here" item to the shortcut menu. Here is what it looks like:

Enjoy the tools, and the book!

Read the complete post at http://msinfluentials.com/blogs/jesper/archive/2007/07/11/tools-from-the-vista-security-book.aspx

Posted Jul 11 2007, 01:39 PM by Jesper's Blog
Filed under: ,
All postings are copyright Jesper M. Johansson, in the year they were made. These postings are provided "AS IS" with no warranties, and confer no rights. All postings are the sole opinions of Jesper M. Johansson and do not reflect any official opinion of anyone else with whom the poster is affiliated or has been affiliated in the past. Use of included code samples is permitted for non-commercial use, with no warranties of fitness express or implied. All use of any information or code snippets posted in this blog at the user's sole risk. The blog site would like to thank www.ownwebnow.com and www.exchangedefender.com for their support.
Powered by Community Server (Commercial Edition), by Telligent Systems