O'Reilly logo

Securing Windows NT/2000 Servers for the Internet by Stefan Norberg

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuring Administrative Tools and Utilities

Many system administrators have a set of favorite tools and scripts they copy to the hosts they administer. If you have some tools that you just can’t live without, copy them to a directory of their own (such as c:\admintools), create a new group called Admintools, and allow only members of that group access to this directory. Consider encrypting the directory with PGP-disk[32] or a similar tool. Since Local System is a member of the Administrators group, it’s important that you don’t add the built-in Administrators group to any new groups you create.

You also need to reset permissions on the standard Windows NT administrative tools in the system32 directory. I recommend setting the DACL on the files listed in Table 2.8 to Admintools:F (Full Control) only.

Table 2-8. Administrative Tools and Utilities

Filename

Description

arp.exe

Used to display and modify the ARP cache

at.exe

Used to submit jobs to the Schedule service

cacls.exe

Used to modify DACLs on files

cscript.exe

Windows Script Host (if installed)

cmd.exe

Command interpreter

ipconfig.exe

Shows the IP configuration and can be used to manage DHCP addresses

net.exe

Used to manage users, groups, shares, and more

net1.exe

Used to manage users, groups, shares, and more

netstat.exe

Shows network connections, routes, and statistics

nslookup.exe

DNS lookup

ntbackup.exe

NT Backup software

ping.exe

Used to test network connectivity ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required