hpntbast101_5
- 5 -
csrss.exe
Client Server Subsystem
winlogon.exe
The logon process
services.exe
The main service handler process
pstores.exe
Protected storage
lsass.exe
Local Security Authority
rpcss.exe
The RPC end-point mapper
explorer.exe
The Explorer GUI
loadwc.exe
Explorer related
nddeagnt.exe
Explorer related
Encrypt the system accounts database
Run the syskey.exe utility (with the key on disk option). This will provide protection against password cracking
tools like L0pht Crack (http://www.l0pht.com/).
Apply policies and ACLs
Run the Microsoft Security Configuration Editor (SCE) in command line mode. This tool is included in the same
archive as this document. This tool is a part of the service pack 4 CD. Our configuration file is called bastion.inf.
This file is an ASCII text file. You can take a look at it in your favorite editor, but its best viewed with the SCE
Microsoft Management Console snap-in.
C:> secedit /configure /cfg bastion.inf /db %TEMP%\secedit.sdb /verbose /log %TEMP%\scelog.txt
This will make a number of changes to your configuration. Here is a summary of the most significant changes:
Account policies
Password policy
Enforce password uniqueness by remembering last passwords
6
Minimum password age
2
Maximum password age
42
Minimum password length
10
Complex passwords (passfilt.dll)
Enabled
User must logon to change password
Enabled
Account lockout policy
Account lockout count
5
Lockout account time
Forever
Reset lockout count after
720 mins
Local policies
Audit policy
Audit account management
Success, Failure
Audit logon events
Success, Failure
Audit object access
Failure
Audit policy change
Success, Failure
Audit privilege use
Failure
Audit process tracking
No auditing
Audit system events
Success, Failure
User rights assignment
SeAssignPrimaryTokenPrivilege
No one
SeAuditPrivilege
No one
SeBackupPrivilege
Administrators
SeCreatePagefilePrivilege
Administrators
SeCreatePermanentPrivilege
No one
SeCreateTokenPrivilege
No one