Home / sysadmin / Documentation



scripts I wrote to secure Windows

Here are a few tricks Ive picked up on either through experimenting or from online documentation:

Port filtering in Windows 2000.
It's possible to do port filtering in NT as well. Although I have done this, I cant say I recommend it as several services have been broken because of filtering.


Using SecEdit.exe is highly recommended.
I have a simplified INF file of what I consider to be manditory in securing a Windows server. My full-blown version, bastion.ini, is much longer than this.


Remote logging via NTsyslog to a remote UNIX server is a good idea.


Encrypting the TEMPORARY INTERNET FILES directory.

Encryption is only supported on a NTFS 5.0 partition (Windows 2000, XP, or later).
  1. Pick a new location other than C:\WinNT
  2. Create a new folder and label it "Temporary Internet Files"
  3. Right-click on the folder --> Properties --> Advanced...
  4. Check on "Encrypt contents to secure data"
  5. When prompted, "Apply changes to this folder, subfolders and files"
  6. Go to the Desktop
  7. Right-click on Internet Explorer --> Properties --> Settings...
  8. Change the "Current Location" to the new folder that you just created and encrypted
  9. Log out for changes to take effect. No reboot required.

    This will allow all of your files to be encrypt so that only you can access them.
    For more information, search Windows 2000 Help for EFS
    Additional security can be used if the new folder is located on a PGP Disk. Look for PGP 6.0.2i



Problem: Difficulty killing processes. You get the "Access Denied" message when you try to kill a process owned by the OS, even when logged on as Administrator.
Resoultion: Run Task Manager as the SYSTEM
  1. START --> RUN --> cmd
  2. at 09:00 /interactive /every:M TaskMgr.exe
  3. START --> SETTINGS --> CONTROL PANEL --> SCHEDULED TASKS --> at1 (right-click and choose run)
Believe me this works. I use it all the time to kill InetInfo.exe.

I once had to explain this to an instructor at a SANS GSEC conferenece I attended in Sept 2002.


I discovered that the Windows registry tracks files that I recently used. I dont like that. So I wrote a .REG file to clean out that mess. (If you plan on cron'ing that .REG file into Scheduled Tasks, use this .BAT file to call regedit.exe




net use error
C:\WinNT\system32\net.exe use Drive \\server\drive PASSWORD /USER:user /PERSISTENT:YES
The process cannot access the file because it is being used by another process.


Dumping the Windows registry: HKEY_CURRENT_USER


How to use Windows print screen captures for troubleshooting problems


Problem while installing/uninstalling software:
Error 1606. Could not access network location B[]\.

Resolution: Similar to KB 315352. Better reference here.

Regedit HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Regedit HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders



Problem The Services MMC (mmc.exe) wont launch for some reason.
Resolution: Use sc.exe from the CMD prompt.


Access denied (0x8007005) in Scheduled Tasks 


Encrypting Temorary Internet Files  EFS  Encrypt  Encrypting Temorary Internet Files  EFS  Encrypt  Encrypting Temorary Internet Files  EFS  Encrypt