Topic awaiting preservation: help with winxp security — OZONE Asylum, home of the Mad Scientists

Topic awaiting preservation: help with winxp security (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=26271" title="Pages that link to Topic awaiting preservation: help with winxp security (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: help with winxp security <span class="small">(Page 1 of 1)</span>\$

Arthemis Paranoid (IV) Inmate From: Milky Way Insane since: Nov 2001	posted 07-18-2005 08:06 Right, so what happened was this: i used Belarc Advisor and it verified my computer to have a rather limited security level according to the Center for Internet Security. I consulted the center for internet security http://www.cisecurity.org/ and was confronted with the information that even tho they were not supporting the recent versions of windowsXP professional with their benchmarking tools, they had none the less available, some .inf files, each for a different type of user. After downloading, I tried the normal "right click -> install" on the .inf file, but that came to no results. Some further reading and this came up: one had to import it with the adminstrative tool: Local Security Policy . After an expected system warning, that these policies could be overrided by group policies, the file was finally put to use. Subsequently: a higher security mark on Belarc Advisor. This was all fine and dandy, and i hope some of you can use this information. Belar Advisor can be found here: http://www.belarc.com/free_download.html Now for the bad part: The problem came when i tried to use p2p clients. I use emule and limewire. They were fine before, but now they are downloading like snails. I don't know why. Browsers work fine, with high dl speeds. Online connection speed tests put my connection where it's supposed to be. I pretty much believe it has to do with new security policies. I'm running winxp professional sp2 \| firewall: sygate professional \| antivirus: norton 2005 all of them fully updated Waiting for advice. Thanks in advanced.
Arthemis Paranoid (IV) Inmate From: Milky Way Insane since: Nov 2001	posted 07-18-2005 08:12 Here are the contents of the .inf file. code: ; (c) Microsoft Corporation 1997-2000 ; ; Security Configuration Template for Security Configuration Editor ; ; Template Name: CIS-WinXP-Legacy-v1.0.1.inf ; Template Version: 1.0.1 ; ; Revision History ; 1.0.0 - February 2004 Original Release. ; 1.0.1 - March 13, 2004 Changed SeDebug to "None". ; ; Designed for: The Center for Internet Security - http://www.cisecurity.org ; ; Authors: Jeff Shawgo: windows-feedback@cisecurity.org ; Kerry Steele: windows-feedback@cisecurity.org ; [Unicode] Unicode=yes [Version] signature="$CHICAGO$" Revision=1 [System Access] MinimumPasswordAge = 1 MaximumPasswordAge = 90 MinimumPasswordLength = 8 PasswordComplexity = 1 PasswordHistorySize = 24 LockoutBadCount = 50 ResetLockoutCount = 15 LockoutDuration = 15 ClearTextPassword = 0 LSAAnonymousNameLookup = 0 EnableGuestAccount = 0 [System Log] MaximumLogSize = 16384 RestrictGuestAccess = 1 [Security Log] MaximumLogSize = 81920 RestrictGuestAccess = 1 [Application Log] MaximumLogSize = 16384 RestrictGuestAccess = 1 [Event Audit] AuditSystemEvents = 1 AuditLogonEvents = 3 AuditObjectAccess = 3 AuditPrivilegeUse = 2 AuditPolicyChange = 1 AuditAccountManage = 3 AuditAccountLogon = 3 [Group Membership] S-1-5-32-555__Memberof = S-1-5-32-555__Members = [Registry Values] MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes=7, MACHINE\Software\Microsoft\Driver Signing\Policy=3,1 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,"2" MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,"2" MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,"1" MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,"Warning!" MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,This system is for the use of authorized users only. Individuals using this computer system without authority,or in excess of their authority,are subject to having all of their activities on this system monitored and recorded by system personnel. Anyone using this system expressly consents to such monitoring,and is advised that if such monitoring reveals possible evidence of criminal activity,system personnel may provide the evidence of such monitoring to law enforcement officials. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0 MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0 MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0 MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,3 MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1 MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1 MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,1 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares=7, MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0 MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1 MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,2 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1 MACHINE\Software\Microsoft\DrWatson\CreateCrashDump=4,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AEDebug\Auto=4,0 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun=4,255 USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun=4,255 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon=4,0 MACHINE\System\CurrentControlSet\Control\CrashControl\AutoReboot=4,0 MACHINE\System\CurrentControlSet\Services\CDrom\Autorun=4,0 MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks=4,0 MACHINE\System\CurrentControlSet\Services\MrxSmb\Parameters\RefuseReset=4,1 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting=4,2 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect=4,0 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect=4,0 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery=4,0 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime=4,300000 MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand=4,1 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery=4,0 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect=4,2 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen=4,100 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpenRetired=4,80 MACHINE\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt=4,1 MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden=4,1 MACHINE\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode=4,1 [Privilege Rights] SeNetworkLogonRight = S-1-5-32-545,S-1-5-32-544 SeTcbPrivilege = SeRemoteInteractiveLogonRight = S-1-5-32-544 SeBackupPrivilege = S-1-5-32-544 SeChangeNotifyPrivilege = S-1-5-32-545 SeSystemtimePrivilege = S-1-5-32-544 SeCreatePagefilePrivilege = S-1-5-32-544 SeCreateTokenPrivilege = SeCreatePermanentPrivilege = SeDebugPrivilege = SeDenyNetworkLogonRight = S-1-5-32-546 SeRemoteShutdownPrivilege = S-1-5-32-544 SeAuditPrivilege = S-1-5-20,S-1-5-19 SeIncreaseBasePriorityPrivilege = S-1-5-32-544 SeLoadDriverPrivilege = S-1-5-32-544 SeBatchLogonRight = SeServiceLogonRight = SeInteractiveLogonRight = S-1-5-32-545,S-1-5-32-544 SeSecurityPrivilege = S-1-5-32-544 SeSystemEnvironmentPrivilege = S-1-5-32-544 SeManageVolumePrivilege = S-1-5-32-544 SeProfileSingleProcessPrivilege = S-1-5-32-544 SeSystemProfilePrivilege = S-1-5-32-544 SeUndockPrivilege = S-1-5-32-545,S-1-5-32-544 SeAssignPrimaryTokenPrivilege = S-1-5-20,S-1-5-19 SeRestorePrivilege = S-1-5-32-544 SeShutdownPrivilege = S-1-5-32-545,S-1-5-32-544 SeTakeOwnershipPrivilege = S-1-5-32-544 SeLockMemoryPrivilege = [Registry Keys] "USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Enum",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CI;KA;;;SY)" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CI;KA;;;SY)" "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" [File Security] "%SystemRoot%\system32\at.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\attrib.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\cacls.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\debug.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\drwatson.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\drwtsn32.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\edlin.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\eventcreate.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\eventtriggers.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\ftp.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\net.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\net1.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\netsh.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\rcp.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\reg.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\regedit.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\regedt32.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\regsvr32.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\rexec.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\rsh.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\runas.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\sc.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\subst.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\tlntsvr.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\telnet.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)" "%SystemRoot%\system32\tftp.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)" [Service General Setting] Alerter,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" ClipSrv,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" MSFtpsvc,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" IISADMIN,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" Messenger,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" mnmsrvc,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" RDSessMgr,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" RemoteAccess,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" SMTPSVC,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" SNMP,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" SNMPTRAP,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" TlntSvr,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" W3SVC,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" [Profile Description] Description=Center for Internet Security Windows XP Legacy Security - v1.0.1 Windows XP Professional note: The firewall is properly configured. I changed from norton 2003 to 2005 recently, but had the same problem with the old one, even if norton 2005 is much more restrictive.
Arthemis Paranoid (IV) Inmate From: Milky Way Insane since: Nov 2001	posted 07-20-2005 00:17 i have been given hell because i posted the exact same request for help on annoyances.org. Please don't tell me you also have a problem with the word p2p.
jdauie Bipolar (III) Inmate From: Missoula, MT Insane since: Jan 2003	posted 07-20-2005 00:56 Arthemis: Your problem is likely within the TCPIP key. I don't know more specifically what the issue is, because I am not familiar with how emule/limewire in particular transfer data at that level. Try increasing the number of allowed SYN-RCVD connections before synflood protection is enabled.
jdauie Bipolar (III) Inmate From: Missoula, MT Insane since: Jan 2003	posted 07-20-2005 00:57 [ double post: network problems on my end :) ] (Edited by jdauie on 07-20-2005 00:58)
Arthemis Paranoid (IV) Inmate From: Milky Way Insane since: Nov 2001	posted 07-21-2005 09:52 thank you i'll give some feedback on the results later ~this is not a signature~
Arthemis Paranoid (IV) Inmate From: Milky Way Insane since: Nov 2001	posted 07-21-2005 11:42 well, i investigated a bit and then changed the registry synattack value, first to 1 (limited protection), and then to 0 (no protection). I got no result. Probably one of the other settings up there is to be blamed. I read a bit more about security settings and figured out how to apply the templates that come with windows. And to a lower level too =P. Then i applied the one for default settings. As a result i got back to my unsecure settings, but now the connections seem normal. Of all the sites i consulted here's one that sums up the information http://www.net-security.org/article.php?id=732 Now for a question, do you know of any website that provides security templates? This one i posted, is obviously directed to workstations, and not to home users. And i'm not inclined to go with the ones provided with windows.

Here are the contents of the .inf file.

code:

; (c) Microsoft Corporation 1997-2000
;
; Security Configuration Template for Security Configuration Editor
;
; Template Name:        CIS-WinXP-Legacy-v1.0.1.inf
; Template Version:     1.0.1
;
; Revision History
; 1.0.0 - February 2004 Original Release.
; 1.0.1 - March 13, 2004 Changed SeDebug to "None".
;
; Designed for:		The Center for Internet Security - http://www.cisecurity.org
;
; Authors:		Jeff  Shawgo:  windows-feedback@cisecurity.org
;			Kerry Steele:  windows-feedback@cisecurity.org
;

[Unicode]
Unicode=yes

[Version]
signature="$CHICAGO$"
Revision=1


[System Access]
MinimumPasswordAge = 1
MaximumPasswordAge = 90
MinimumPasswordLength = 8
PasswordComplexity = 1
PasswordHistorySize = 24
LockoutBadCount = 50
ResetLockoutCount = 15
LockoutDuration = 15
ClearTextPassword = 0
LSAAnonymousNameLookup = 0
EnableGuestAccount = 0

[System Log]
MaximumLogSize = 16384
RestrictGuestAccess = 1

[Security Log]
MaximumLogSize = 81920
RestrictGuestAccess = 1

[Application Log]
MaximumLogSize = 16384
RestrictGuestAccess = 1

[Event Audit]
AuditSystemEvents = 1
AuditLogonEvents = 3
AuditObjectAccess = 3
AuditPrivilegeUse = 2
AuditPolicyChange = 1
AuditAccountManage = 3
AuditAccountLogon = 3

[Group Membership]
*S-1-5-32-555__Memberof =
*S-1-5-32-555__Members =
[Registry Values]
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes=7,
MACHINE\Software\Microsoft\Driver Signing\Policy=3,1
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,"2"
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,"2"
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,"1"
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,"Warning!"
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,This system is for the use of authorized users only.  Individuals using this computer system without authority,or in excess of their authority,are subject to having all of their activities on this system monitored and recorded by system personnel.  Anyone using this system expressly consents to such monitoring,and is advised that if such monitoring reveals possible evidence of criminal activity,system personnel may provide the evidence of such monitoring to law enforcement officials.
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,3
MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares=7,
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,2
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
MACHINE\Software\Microsoft\DrWatson\CreateCrashDump=4,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AEDebug\Auto=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun=4,255
USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun=4,255
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon=4,0
MACHINE\System\CurrentControlSet\Control\CrashControl\AutoReboot=4,0
MACHINE\System\CurrentControlSet\Services\CDrom\Autorun=4,0
MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks=4,0
MACHINE\System\CurrentControlSet\Services\MrxSmb\Parameters\RefuseReset=4,1
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting=4,2
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect=4,0
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect=4,0
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery=4,0
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime=4,300000
MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand=4,1
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery=4,0
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect=4,2
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen=4,100
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpenRetired=4,80
MACHINE\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt=4,1
MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode=4,1
[Privilege Rights]
SeNetworkLogonRight = *S-1-5-32-545,*S-1-5-32-544
SeTcbPrivilege =
SeRemoteInteractiveLogonRight = *S-1-5-32-544
SeBackupPrivilege = *S-1-5-32-544
SeChangeNotifyPrivilege = *S-1-5-32-545
SeSystemtimePrivilege = *S-1-5-32-544
SeCreatePagefilePrivilege = *S-1-5-32-544
SeCreateTokenPrivilege =
SeCreatePermanentPrivilege =
SeDebugPrivilege =
SeDenyNetworkLogonRight = *S-1-5-32-546
SeRemoteShutdownPrivilege = *S-1-5-32-544
SeAuditPrivilege = *S-1-5-20,*S-1-5-19
SeIncreaseBasePriorityPrivilege = *S-1-5-32-544
SeLoadDriverPrivilege = *S-1-5-32-544
SeBatchLogonRight =
SeServiceLogonRight =
SeInteractiveLogonRight = *S-1-5-32-545,*S-1-5-32-544
SeSecurityPrivilege = *S-1-5-32-544
SeSystemEnvironmentPrivilege = *S-1-5-32-544
SeManageVolumePrivilege = *S-1-5-32-544
SeProfileSingleProcessPrivilege = *S-1-5-32-544
SeSystemProfilePrivilege = *S-1-5-32-544
SeUndockPrivilege = *S-1-5-32-545,*S-1-5-32-544
SeAssignPrimaryTokenPrivilege = *S-1-5-20,*S-1-5-19
SeRestorePrivilege = *S-1-5-32-544
SeShutdownPrivilege = *S-1-5-32-545,*S-1-5-32-544
SeTakeOwnershipPrivilege = *S-1-5-32-544
SeLockMemoryPrivilege =
[Registry Keys]
"USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
"MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Enum",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CI;KA;;;SY)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CI;KA;;;SY)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
[File Security]
"%SystemRoot%\system32\at.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\attrib.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\cacls.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\debug.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\drwatson.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\drwtsn32.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\edlin.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\eventcreate.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\eventtriggers.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\ftp.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\net.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\net1.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\netsh.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\rcp.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\reg.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\regedit.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\regedt32.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\regsvr32.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\rexec.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\rsh.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\runas.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\sc.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\subst.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\tlntsvr.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\telnet.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\tftp.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
[Service General Setting]
Alerter,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
ClipSrv,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
MSFtpsvc,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
IISADMIN,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Messenger,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
mnmsrvc,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
RDSessMgr,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
RemoteAccess,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
SMTPSVC,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
SNMP,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
SNMPTRAP,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
TlntSvr,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
W3SVC,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
[Profile Description]
Description=Center for Internet Security Windows XP Legacy Security - v1.0.1 Windows XP Professional

note: The firewall is properly configured. I changed from norton 2003 to 2005 recently, but had the same problem with the old one, even if norton 2005 is much more restrictive.

Topic awaiting preservation: help with winxp security (Page 1 of 1)