Jan 222008
 

Windows 2000 and later including Windows XP & Windows 2003 supports Remote Registry access using Remote Registry service. This allows a remote user or a remote administrator to connect to the PC or server systems registry remotely and view or modify it. While this is ideally a feature for Remote Administrator or Management Applications to efficiently manage systems without having to manally logging onto the system, this can be a potential security risk.

In simple terms, if this service is not used for any management purpose then needs to be disabled.

Continue reading »

Incoming search terms:

Jan 222008
 

NTLast from FoundStone is a simple security auditing command line tool for Windows specifically targeted for serious security and IIS administration. Scheduled review of your NT event logs is critical for your network. A server breach can be uncovered by regular system auditing. Identifying and tracking who has gained access to your system, then documenting the details is now made easier with NTLast. This tool is able to quickly report on the status of IIS users, as well as filter out web server logons from console logons. NTLast can distinguish between remote and interactive logons and match Logon/Logoff times.

While NTLast is designed for Windows NT, it is a Win32 command line tool which works perfectly on Windows 2000, Windows XP and Windows 2003. NTLast can be run on the local system or on a remote system which has the Audit Logging enabled and the user running the command has Administrator privileges.

Continue reading »

Incoming search terms: