|
|
Hide shared folders - based on users access level
There is something that has always annoyed me about the way windows shares are displayed to a user - they get to see all of them!
Yes I know about putting a $ after the share, such as c$, or admin$, but what about those shares that the president of the company wants to have - and doesn't want his employees to even know that they exist?
Finally Microsoft has put out a utility to fix this. It is called "Access-based Enumeration". It is only available for Windows 2003 SP1
The offical download page is located here:
Microsoft Access-Based Enumeration
Once you start the install, you get asked a simple question:
If you select all, then access based enumeration will be enabled for all current shares on the system - otherwise you will need to set them each individually.
Once the install is finished, a new tab appears when looking at the properties of a share:
Thats all there is! You can either turn it on or off.
Too bad they don't have this type of functionality for 2000, or 2003 without SP!
Posted By: Steve Wiseman on Monday, April 24, 2006
Run Internet Explorer in a secure sandbox
It seems that there is a new vulnerability found in Internet Explorer every day.
This stems from the fact that it was designed to allow ActiveX controls to install just about anything on your PC.
Even with the most robust antivirus programs installed on your computer, you are still at risk of getting bad software installed on your system.
There are a few remedies:
1. Get off the Internet totally and go outside and ride your bike
2. Dump Internet Explorer, and start using FireFox all the time
3. Only login as a user that does not have administrative, or Power User rights.
These alternatives can be really painful. Especially if you have users that need administrative rights for many of the applications they use. In the same vein, FireFox is not always the solution either - there are still too many sites that do not support it (Bastards).
I have come up with a compromise. It provides you the protection of a limited user account, but the ability to only run Internet Explorer in this sandbox. That way other applications that you know and trust suffer no ill consequences.
Let me start out by saying this will not keep all of the baddies out there from getting on your pc. When your hands are tied and you need administrative access, and must run IE - this is a decent compromise.
Here is how it works: It creates a shortcut to our reduced permissions application. This app in turn launches IE with the Power User, and Administrators groups removed from the process. Actually, the program that will execute anything with reduced permissions, but it is streamlined for IE.
First, download it from our site
(No spyware, or other crap included - complete freeware goodness)
If you execute it without any command line options you will get an automatic installer. It will create a 'secure' shortcut to Internet Explorer on your desktop:
If you want to run other programs this way, just create a shortcut to the ReducedPermissions.exe with the first argument the full path of the exe.
Lets take it for a test drive. Logged in as administrator, I surf to the Windows Update website:
It works the way it should - it lets me start running windows updates.
Now I do the same after launching IE with my 'Secure' icon
It's hard to read, but you can tell from the big red X that Internet explorer cannot run windows updates because it is lacking the sufficient privileges.
This is just one more step you can take to protect yourself while using IE.
Oh yea...and BTW - IE 7 has this type of functionality built in.
Let me know how it works for you.
Update:
It seems after some unspecified Microsoft update - IE refuses to run with reduced permissions! Currently it only seems to affect Windows 2003 - I Will post an update here if we find a way around it
Posted By: Steve Wiseman on Monday, April 24, 2006
|
 |
