On 12/7/05, Geof <[EMAIL PROTECTED]> wrote: > I'm trying to restrict remote access to the Service Control Manager on a > Windows box in order to forbid a local admin to remotely manage the > services. Indeed, with such an access, it's possible to restart services > that where disabled for security reasons, like remote registry access, or to > install remotely new services. > (See > http://www.hsc.fr/ressources/articles/win_net_srv/ch04s07s09.html > for the available operations) > > Using the pipeaclui from bindview, I guess it's possible to define ACL that > deny any access but it is said that "Anytime a named pipe is restarted (or a > system reboot), the changes made using pipeaclui will be discarded and the > defaults of whatever started the named pipe will be used". > http://www.bindview.com/Services/RAZOR/Utilities/Windows/pipeacltools1_0.cfm > > So, I'm wondering if someone known how to stop definitively this feature.
I would go about this a different way than you: just drop in managed firewalls that say only port 135-139, 445, etc from the servers then you dont have to worry about VPN or cross workstation attacks or am I totally off base here? -JP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
