Configuring Administrative Tools and Utilities
Many system administrators have a set of favorite tools and scripts they copy to the hosts they administer. If you have some tools that you just can’t live without, copy them to a directory of their own (such as c:\admintools), create a new group called Admintools, and allow only members of that group access to this directory. Consider encrypting the directory with PGP-disk[32] or a similar tool. Since Local System is a member of the Administrators group, it’s important that you don’t add the built-in Administrators group to any new groups you create.
You also need to reset permissions on the standard Windows NT administrative tools in the system32 directory. I recommend setting the DACL on the files listed in Table 2.8 to Admintools:F (Full Control) only.
Table 2-8. Administrative Tools and Utilities
|
Filename |
Description |
|---|---|
|
|
Used to display and modify the ARP cache |
|
|
Used to submit jobs to the Schedule service |
|
|
Used to modify DACLs on files |
|
|
Windows Script Host (if installed) |
|
|
Command interpreter |
|
|
Shows the IP configuration and can be used to manage DHCP addresses |
|
|
Used to manage users, groups, shares, and more |
|
|
Used to manage users, groups, shares, and more |
|
|
Shows network connections, routes, and statistics |
|
|
DNS lookup |
|
|
NT Backup software |
|
|
Used to test network connectivity ... |
Get Securing Windows NT/2000 Servers for the Internet now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
