Page 4 of 6 « First<23456>
Topic Options
#90531 - 2003-01-20 08:23 AM Re: PostPrep-Test Post , please ignore code
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
ummmm .... so that what I understand is :

You took the form(Controls, color chooser, textboxes etc.), left out the converter udf and wrote a new one ?

I'd like to see that in advance of any publication [Wink]

well , If those network problems related to my provider, simply use : jochenpolster@hotmail.com or if this fails ibm.polster@smart.com

[ 20. January 2003, 08:25: Message edited by: jpols ]
_________________________



Top
#90532 - 2003-01-20 08:27 AM Re: PostPrep-Test Post , please ignore code
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
sure, but I can't reach e-mail!
_________________________
!

download KiXnet

Top
#90533 - 2003-01-20 10:09 AM Re: PostPrep-Test Post , please ignore code
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
It's looking pretty good!

I noticed you've not colourised variables and macros which are in strings (there is a @crlf embedded in one of the strings in your example).
It's probably quite hard to add to the parser, but it is useful to highlight what is a fairly common error.

Top
#90534 - 2003-01-20 11:27 AM Re: PostPrep-Test Post , please ignore code
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
Yeah ... really nice , eh ?

But it isn't added into the form yet !
Lonkero ... you somehow failed to send it ... My hotmail inbox is empty after the meeting (Thought you said you'll send it as it is [Confused] )

J.
_________________________



Top
#90535 - 2003-01-20 01:09 PM Re: PostPrep-Test Post , please ignore code
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
Ok, here is again the old BoxKite sample of showing ASCII code (gets a standard for postprep checking more and more [Big Grin] )



setascii("on")
$a = 1
cls
while $a < 5 ;Change this value to get more or less numbers
   $y = 1
       while $y <= 80
           $z = 1
           while $z <= 20
               at($z,$y) "$x " + chr($x)
               $z = $z + 1
               $x = $x + 1
           loop
           $y = $y + 10
       loop
   ? shell "%comspec% /c pause"
   $a = $a + 1
loop
exit



What does this look like ?
_________________________



Top
#90536 - 2003-01-20 01:54 PM Re: PostPrep-Test Post , please ignore code
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
j, are you asking for opinions about the colors ? If yes - imho i really like the colors except for the comments - the green is too light.
Top
#90537 - 2003-01-20 04:00 PM Re: PostPrep-Test Post , please ignore code
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
Green :



setascii("on")
$a = 1
cls
while $a < 5 ;Change this value to get more or less numbers
   $y = 1
       while $y <= 80
           $z = 1
           while $z <= 20
               at($z,$y) "$x " + chr($x)
               $z = $z + 1
               $x = $x + 1
           loop
           $y = $y + 10
       loop
   ? shell "%comspec% /c pause"
   $a = $a + 1
loop
exit



Is this better ? Or is the function color again too quirky ? [Big Grin]
_________________________



Top
#90538 - 2003-01-20 05:45 PM Re: PostPrep-Test Post , please ignore code
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
better...
the brown might have been better though for the vars [Wink]
_________________________
!

download KiXnet

Top
#90539 - 2003-01-20 10:08 PM Re: PostPrep-Test Post , please ignore code
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
ah damnit !

still can't understand what speaks against green coloured comments [Roll Eyes]

Still have them exactly with this color in Uedit (Ok, a bit darker maybe and the background is set to a light grey)

J.

Will be online later on for discussion and or verbal attacks [Big Grin]
_________________________



Top
#90540 - 2003-01-22 10:16 AM Re: PostPrep-Test Post , please ignore code
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
TEST TEST...
060 milliseconds to complete
Commands 16
Functions 7
Macros 2



break on
; this is a comment test for color GREEN
? "System Memory = "val(WMIQuery("TotalPhysicalMemory","Win32_LogicalMemoryConfiguration"))/1024 " MB"
for each $dimm in Split(WMIQuery("Capacity","Win32_PhysicalMemory"),"|")
? "Dimm Size = "val($dimm) / 1048576 " MB"
next

FUNCTION WMIQuery($what,$where,)
dim $strQuery, $objEnumerator, $value
$strQuery = "Select $what From $where"
$SystemSet = GetObject("winmgmts:{impersonationLevel=impersonate}!//@WKSTA")
$objEnumerator = $SystemSet.ExecQuery($strQuery)
For Each $objInstance in $objEnumerator
If @Error = 0 and $objInstance <> ""
$=execute("$$value = $$objInstance.$what")
$WMIQuery="$value"+"|"+"$WMIQuery"
EndIf
Next
$WMIQuery=left($WMIQuery,len($WMIQuery)-1)
exit @error
ENDFUNCTION



TEST 2 TEST 2



; arrayenumkey.kix
break on
$subkey='HKEY_LOCAL_MACHINE\SOFTWARE'
$array=arrayenumkey($subkey)
? 'Number of software Packages:'+ubound($array)
for $counter=0 to ubound($array)
 ? 'Software Package '+right('  '+$counter,2)+' = '+$array[$counter]
next
exit 0
function arrayenumkey($regsubkey)
 dim $retcode, $subkeycounter, $currentsubkey, $subkeyarray
 
 if not keyexist($regsubkey)
   $arrayenumkey=''
   return
 endif
 
 $subkeycounter=0
 do
   $currentsubkey=enumkey($regsubkey,$subkeycounter)
   if $currentsubkey<>259 and @ERROR=0
     redim preserve $subkeyarray[$subkeycounter]
     $subkeyarray[$subkeycounter]=$currentsubkey
     $subkeycounter=$subkeycounter+1
   endif
 until $currentsubkey=259 or @ERROR
 
 $arrayenumkey=$subkeyarray
endfunction



[ 22. January 2003, 10:20: Message edited by: NTDOC ]

Top
#90541 - 2003-01-22 10:23 AM Re: PostPrep-Test Post , please ignore code
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
To all those who are tired of copying code to Wordpad to preserve spacing :

Try to copy Rons second code sample (the one with indentation) directly to any Editor [Wink]
_________________________



Top
#90542 - 2003-01-22 10:34 AM Re: PostPrep-Test Post , please ignore code
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Okay.. BIGGER Test

TEST TEST #3

49K File size
Convert time: 03 Seconds 996 milliseconds
Commands: 281
Functions: 161
Macros: 16



; Original date script downloaded: 05/10/2001
; Registry Security Script (Kix32)
; Allows an administrator to set 46 security-related Registry edits for NT defined in 3
; increasingly-secure (and modifiable) levels. Includes the ability to prompt the user for
; each edit or wholly automate the entire process. Also includes debug functions
;
;
; ************************************************************************************
;
;                                  REGSEC.KIX
;                           Registry Security Script
;                               rpuckett@snl.com
;                                Version 1.0.3
;                              February 3, 2000
;
; ************************************************************************************
;
; This script is designed to provide Administrators with a mechanism for importing
; (currently) 46 individual Security-related Registry edits to systems on a network.
; The script employs 3 levels of security (DEFCON 1-3) that define a tailorable
; set of edits based on the level.  I have segmented the edits as I would use them,
; but they can be moved into different DEFCON settings (and these can be expanded)
; to suit your needs by changing the $LEVEL value for each defined edit.  You may
; also wish to provide a prompt to the User, providing them with a messagebox that
; defines the edit type which they can then accept or decline.  This is set using the
; $QUERYUSR variable.  If set to "1", a messagebox is displayed for each edit.  This
; can also be expanded upon as the value can be placed in (and reset for) specific
; edits, while others can remain automated (with a setting of "0").  All of these
; variables can also be mixed and matched based on the use of the INGROUP function,
; allowing you to tailor the installation method(s) even further.
;
; Ex. IF INGROUP ("SYSTEMS") = 1
;          $QUERYUSR = "1"
;          $DEFCON = 2    
;          blah, blah, blah...    
;      ENDIF
;
; Finally, you can simply output the types of edits associated with each DEFCON level
; by setting the $DEGBUG variable to "1" ("0" actually runs the edits for each level).
;
; As this script employs looping through each edit, it is easily updated as new
; security edits become available.  Simply add a new label (:SECREGxx - with the 'xx'
; representing the next available number after 46) and replace the $NEXT variable of
; the preceding label with the name of the new label.   Finally, be sure to add a
; $NEXT variable to the last new :SECREGxx label with a value of "END".  Make sure to
; set the $LEVEL value of each edit to identify it's DEFCON level.
;
; NOTE: The $SPECIAL variable, when set to "1", defines an additional action for the
; edit it is assigned to in the GOSUB 'ADDFUNT'.  This can be used to run functions
; or options to preclude an edit.  If you employ the $SPECIAL value in future edits,
; be sure to add the additional functions to the ADDFUNCT GOSUB routine by referencing
; the $REGVALUE as an added CASE value.  All files referenced in special functions are
; copied from the $GETFILES value (currently @LSERVER\NETLOGON), but this can be
; changed to whatever location you desire.
;
; WARNING (and DISCLAIMER):
; Nothing replaces common sense, especially when it comes to the Registry and
; Security.  The documentation added to each edit (along with the associated MSKB
; Article/Whitepaper Information) should help you to understand the basic function of
; the edit as well as to provide you with another location for more information.  
; Avoid potentially serious consequences by reading everything available on a
; particular edit if it is unfamiliar to you.  Do not use edits that are untested
; in your environment as they may have unforseeable (and undesireable) outcomes.
;
; ************************************************************************************

; SCRIPT VARIABLES

; OPTIONAL SETTINGS - 0 or 1
;    0 - Automatic Addition of Values
;    1 - Display Messagebox Query for each Setting
$QUERYUSR = "1"

; OPTIONAL SETTINGS - 0 or 1
;    0 - Run DEFCON Level Defined Registry Changes
;    1 - Display DEFCON Level Registry Information Only (No Changes Made)
$DEBUG = "1"

; OPTIONAL SETTINGS - 1, 2, 3
;    1 - DEFCON 1 / Basic Security (Good for most environments)
;    2 - DEFCON 2 / Enhanced Security (Disables connectivity to LM/9x Clients)
;    3 - DEFCON 3 / Advanced Security (Near C2 Settings)
$DEFCON = "3"

; LOG LOCATION & NAME (Root of C:\ *not* recommended)
$LOGNAME = "C:\@WKSTA.TXT"

; SERVER TO BE NOTIFIED OF ERRORS
$NOTIFYSVR = "NOTIFY_SERVER_HERE"

; SPECIAL VARIABLE SETTING FOR REGISTRY CHANGES  
; REQUIRING ADDITIONAL OPERATIONS
$SPECIAL = "0"

; LOCATION FROM WHICH $SPECIAL FUNCTION FILES ARE COPIED (like PASSFILT.DLL, etc.)
$GETFILES = "@LSERVER\NETLOGON"

; OPERATING SYSTEM TYPES
; IF THE SYSTEM IS NOT NT WORKSTATION 4.0, THEN EXIT THE SCRIPT...
SELECT
   ; WINDOWS 95
   CASE((@INWIN = 2) AND (@DOS = 4.0))
       EXIT
   ; WINDOWS 98
   CASE((@INWIN = 2) AND (@DOS >= 4.10))
       EXIT
   ; WINDOWS 2000
   CASE((@INWIN = 1) AND (@DOS = 5.0))  
       EXIT
   ; WINDOWS NT 4.0
   CASE((@INWIN = 1) AND (@DOS = 4.0))
       
       ; CHECK THE NT INSTALLATION TYPE...
       $NTREG = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions"
       $NTTYPE = READVALUE($NTREG, "ProductType")
       
       IF @ERROR = 0
           SELECT
               CASE $NTTYPE = "WinNT"
                   $OS = "Windows NT Workstation 4.0"
                   GOTO START
               CASE $NTTYPE = "ServerNT"
                   $OS = "Windows NT Server 4.0 (Stand-Alone)"
                   GOTO START    
               CASE $NTTYPE = "LanmanNT"
                   $OS = "Windows NT Server 4.0 (Domain Controller)"
                   GOTO START
               CASE 1
                   $ERRCODE = SENDMESSAGE($NOTIFYSVR,
                   "An unknown wersion of Windows NT [" + $NTTYPE + "] was detected on @WKSTA at @TIME on @DATE")
                   EXIT
           ENDSELECT    
       ENDIF
       
       IF @ERROR <> 0    
           $ERRCODE = SENDMESSAGE($NOTIFYSVR,
           "Unable to read the 'ProductType' value from the Registry on @WKSTA at @TIME on @DATE")
           EXIT            
       ENDIF
   
   CASE 1
       $ERRCODE = SENDMESSAGE($NOTIFYSVR,
       "Unable to determine the OS type installed on @WKSTA at @TIME on @DATE")
       EXIT

ENDSELECT

:START    
; **OPTIONAL FUNCTION - PRIVILEGE CHECKING
; REMOVE IF UNNEEDED IN YOUR ENVIRONMENT
;$ACCESS = @PRIV
;SELECT
;    CASE $ACCESS = "GUEST"
;        ? "GUEST"
;        ? "You must possess Administrative privileges to perform these security updates"
;        SLEEP 4
;        EXIT
;    CASE $ACCESS = "USER"
;        ? "USER"
;        ? "You must possess Administrative privileges to perform these security updates"
;        SLEEP 4
;        EXIT
;    CASE $ACCESS = "ADMIN"
;        ? "ADMIN"
;        ? "The required Administrative privileges are held, continuing..."
;        ? " "
;    CASE 1
;        ? "OTHER"
;        ? "You must possess Administrative privileges to perform these security updates"
;        SLEEP 4
;        EXIT
;ENDSELECT

; CHECK THE INSTALLED SERVICE PACK VERSION...
$SPREG = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
$SPVER = READVALUE($SPREG, "CSDVersion")
   
IF @ERROR = 0    
   ? "This system is running - " + $OS
   ? "Service Pack Version - " + $SPVER    
ENDIF

IF @ERROR <> 0
   $ERRCODE = SENDMESSAGE($NOTIFYSVR,
   "Unable to read the 'CSDVersion' value from the Registry on @WKSTA at @TIME on @DATE")
ENDIF

; DISPLAY SELECTED DEFCON LEVEL
? "DEFCON Level " + $DEFCON + " Selected"

; SETUP SECURITY LOG
IF OPEN(1, $LOGNAME, 5) = 0
   $X = WRITELINE (1, Chr(13) + Chr(10) + "Security Log for @WKSTA" + Chr(13) + Chr(10) + "Time - @TIME / Date - @DATE"  
                   + Chr(13) + Chr(10)  + "System is running - " + $OS + Chr(13) + Chr(10) + "Service Pack Version - "
                   + $SPVER+ Chr(13) + Chr(10) + "Selected Security Level is DEFCON - " + $DEFCON
                   + Chr(13) + Chr(10) + Chr(13) + Chr(10))
ELSE
   $ERRCODE = SENDMESSAGE($NOTIFYSVR,
   "Unable to write to the Security Log on @WKSTA at @TIME on @DATE")            
ENDIF
IF CLOSE(1) = 0 ENDIF

; DEBUG MODE - Display DEBUG Header
IF $DEBUG = "1"
   ? "In Debug Mode, No changes will be made..."
   ? "DEFCON LEVEL " + $DEFCON + " REGISTRY CHANGES:"
   ? " "
ENDIF
GOTO SECREG1

; SECURITY REGISTRY EDITS

; These values are recursed through by passing into the CHECKSEC
; function the values of each desired change and using the $NEXT
; variable to send the function to the next desired change.
; NOTE: Registry edits that possess the $SPECIAL variable utilize
; the ADDFUNC GOSUB routine to perform additional required
; operations.

:SECREG1
$DSCRIPTN = "Enable Auditing of Base Objects"
; Enable auditing of objects not in the File System or Registry.
; Useful in debugging or high-level security environments.  The
; Audit Policy option "File and Object Access" must be enabled.
; WARNING - leads to high volume of event records recorded in the
; event log.
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"
$REGVALUE = "AuditBaseObjects"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG2
GOTO CHECKSEC

:SECREG2
$DSCRIPTN = "Shutdown System with Full Event Log"
; Shut the system when the Security Event Log is full.  Ensure that
; the Event Log is configured large enough to allow for long periods
; between shutdowns.
; See MSKB Article Q140058 for an explanation of the function
; See MSKB Articles Q232564, Q149393 & Q178208 for additional configuration
; issues and potential problems with this edit's use.
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"
$REGVALUE = "CrashOnAuditFail"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG3
GOTO CHECKSEC

:SECREG3
$DSCRIPTN = "Restrict Anonymous Users from Enumerating Shared Resources"
; Restrict non-authenticated accounts (anonymous or NULL connections
; from enumerating Local/Domain User names or network shares (as well as obtaining
; the local system's password policy).  This should be used in conjunction with the  
; securing of the NullSessionShares & NullSessionPipes under HKLM\SYSTEM; CurrentControlSet\Services\LanmanServer\Parameters.  Also, see SECREG37/ "Restrict
; All Null Session Access".  See MSKB Article Q143474 for further details
$LEVEL = "1"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"
$REGVALUE = "RestrictAnonymous"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG4
GOTO CHECKSEC

:SECREG4
$DSCRIPTN = "Enable Full Privilege Auditing"
; This enables the auditing of those privileges that are not normally
; in the NT audit schema, they are:
; 1. Bypass Traverse Checking(SeChangeNotifyPrivilege)
; 2. Debug Programs (SeDebugPrivilege)
; 3. Create a Token Object (SeCreateTokenPrivilege)
; 4. Replace a Process-Level Token (SeAssignPrimaryTokenPrivilege)
; 5. Generate Security Audits (SeAuditPrivilege)
; 6. Backup Files & Directories (SeBackupPrivilege)
; 7. Restore Files & Directories (SeRestorePrivilege)
; NOTE: Enabling this edit will lead to huge Security event logs (and slow
; server performance) as every backup and restore operation will be FULLY logged.
; See the Microsoft Security Whitepaper located on their \Security website for
; further information
$LEVEL = "2"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"
$REGVALUE = "FullPrivilegeAuditing"
$REGTYPE = "REG_BINARY"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG5
GOTO CHECKSEC

:SECREG5
; Restricts the installation of Printer Drivers to the members of the local
; Administrators group only.  See the Microsoft Security Whitepaper located
; on their \Security website for further information
$DSCRIPTN = "Restrict Print Driver Installation"
$LEVEL = "1"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers"
$REGVALUE = "AddPrintDrivers"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "1"
$NEXT = SECREG6
GOTO CHECKSEC

:SECREG6
$DSCRIPTN = "Disable CD-ROM Auto-Run"
; This disables the automatic playing of CD-ROMs when they are inserted into
; the CD-ROM drive.  Really a nuisance more than a security risk but there exists
; the potential for *someone* to create a CD that automatically runs (via
; AUTORUN.INF) a segment or series of code that can insert a trojan, destroy data,
; etc. From the TWEAKUI settings.
$LEVEL = "2"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom"
$REGVALUE = "Autorun"
$REGTYPE = "REG_DWORD"
$GOOD = "0"
$BAD = "1"
$SPECIAL = "0"
$NEXT = SECREG7
GOTO CHECKSEC

:SECREG7
$DSCRIPTN = "Disable Caching of Logon Credentials"
; This edit disables the caching of credentials used to establish connections to
; remote systems.  These credentials allow for seemless reconnection to resources
; during an active logon session should that session be broken for any reason.  
; The danger is when a user stays logged onto a system and then walks away, leaving
; the cached credentials available to the next user if they had failed to logoff.  
; See MSKB Article Q172931 for further details.
$LEVEL = "2"
$REGKEY = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
$REGVALUE = "CachedLogonsCount"
$REGTYPE = "REG_DWORD"
$GOOD = "0"
$BAD = "1"
$SPECIAL = "0"
$NEXT = SECREG8
GOTO CHECKSEC

:SECREG8
$DSCRIPTN = "Restrict Allocation of CD-ROMs"
; This, alone with SECREG9, restict the access to the CD and Floppy drives by remote
; users so that they can only be used by an interactively logged-on user.
; See MSKB Article Q172520
$LEVEL = "1"
$REGKEY = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
$REGVALUE = "AllocateCDRoms"
$REGTYPE = "REG_SZ"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG9
GOTO CHECKSEC

:SECREG9
$DSCRIPTN = "Restrict Allocation of Floppy Drives"
; This, alone with SECREG8, restict the access to the CD and Floppy drives by remote
; users so that they can only be used by an interactively logged-on user.
; See MSKB Article Q172520
$LEVEL = "1"
$REGKEY = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
$REGVALUE = "AllocateFloppies"
$REGTYPE = "REG_SZ"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG10
GOTO CHECKSEC

:SECREG10
$DSCRIPTN = "Disable Shutdown Button at Logon"
; This edit removes the Shutdown button from NT's logon screen.  This denies an
; unauthenticated user the ability to shut a system down (though the power switch, reset
; button and power cable will also need to be secured to make this option effective).  
; See MSKB Article Q114817 & 143164 for further details
$LEVEL = "2"
$REGKEY = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
$REGVALUE = "ShutdownWithoutLogon"
$REGTYPE = "REG_SZ"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG11
GOTO CHECKSEC

:SECREG11
$DSCRIPTN = "Disable Display of the Last Logged-on User"
; Security through obscurity.  This edit ensures that the last logged-on username does
; not appear in the logon dialog box so that it might be used to attempt to gain
; unauthorized access to a system.  See MSKB Article Q114463 for further details
$LEVEL = "2"
$REGKEY = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
$REGVALUE = "DontDisplayLastUserName"
$REGTYPE = "REG_SZ"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG12
GOTO CHECKSEC

:SECREG12
$DSCRIPTN = "Disable Caching of Roaming Profiles"
; This edit deletes a cached Roaming Profile once the user logs off of the system.  This  
; can be useful if you have an administrative profile that may contain sensitive data in
; the NTUSER.DAT file and you wish to secure it from prying eyes.  The downside is that the
; profile will have to be reloaded from the server each time you logon, making it a long
; logon process if the profile is rather large.  See MSKB Article Q173870 for further details
$LEVEL = "1"
$REGKEY = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
$REGVALUE = "DeleteRoamingCache"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG13
GOTO CHECKSEC

:SECREG13
$DSCRIPTN = "Disable Administrative Shares"
; This edit removes the default Administrative shares (C$, D$) on a workstation running
; the Server service.  It can be replaced by a more stringent security policy and obscure
; hidden share names (appended with the $ at the end of the share name).  See MSKB Articles
; Q156365 & Q185590 for further details.
$LEVEL = "2"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
$REGVALUE = "AutoShareWks"
$REGTYPE = "REG_DWORD"
$GOOD = "0"
$BAD = "1"
$SPECIAL = "0"
$NEXT = SECREG14
GOTO CHECKSEC

:SECREG14
$DSCRIPTN = "Secure Base System Objects"
; This enables a greater degree of protection on such objects as known System DLLs.  It
; is recommended if you have interactive users who are *not* local Administrators who may
; be attempting to gain greater access to a system (such as with kiosk machines).  See MSKB
; Article Q218473 for further details.
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager"
$REGVALUE = "ProtectionMode"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG15
GOTO CHECKSEC

:SECREG15
$DSCRIPTN = "Clear the Pagefile at Shutdown"
; This edit clears the System Pagefile(s) at shutdown to ensure that potentially sensitive data
; is not written to it at shutdown (as some third-party products may do).  See MSKB Article Q182086
; for more information.
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management"
$REGVALUE = "ClearPageFileAtShutdown"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG16
GOTO CHECKSEC

:SECREG16
$DSCRIPTN = "Restrict Guest Access to the Application Event Log"
; This edit, along with SECREG17 & 18, remove the ability for members of Guests to view
; or manipulate the Event Log settings on the local station.
$LEVEL = "1"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application"
$REGVALUE = "RestrictGuestAccess"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG17
GOTO CHECKSEC

:SECREG17
$DSCRIPTN = "Restrict Guest Access to the Security Event Log"
; This edit, along with SECREG16 & 18, remove the ability for members of Guests to view
; or manipulate the Event Log settings on the local station.
$LEVEL = "1"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security"
$REGVALUE = "RestrictGuestAccess"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG18
GOTO CHECKSEC

:SECREG18
$DSCRIPTN = "Restrict Guest Access to the System Event Log"
; This edit, along with SECREG16 & 17, remove the ability for members of Guests to view
; or manipulate the Event Log settings on the local station.
$LEVEL = "1"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System"
$REGVALUE = "RestrictGuestAccess"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG19
GOTO CHECKSEC

:SECREG19
$DSCRIPTN = "Disable Source Routing of IP Packets"
; This key, while available since SP3, was apparently not doing it's job.  The new hotfix
; IPSRFIXI.EXE resolves the vulnerability regarding the undesired routing of IP Source packets
; or for using non-routing systems to "bounce" packets off of (in order to make the traffic
; appear to be coming from that system).  See MSKB Articles Q240382 & Q217336 for further details.
$LEVEL = "1"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
$REGVALUE = "DisableIPSourceRouting"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG20
GOTO CHECKSEC

:SECREG20
$DSCRIPTN = "Sign Secure Session Channel Traffic"
; This edit enables the signing of SSC traffic between members of a Domain to ensure that
; the sender/receiver of session authentication traffic (such as the $MACHINE.ACC & password) is
; verified.  See MSKB Article Q183859 for further details.
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters"
$REGVALUE = "SignSecureChannel"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG21
GOTO CHECKSEC

:SECREG21
$DSCRIPTN = "Seal Secure Session Channel Traffic"
; This edit enables the encryption of SSC traffic, so that the machine name is encrypted and the
; password is doubly-encrypted, as well as all additional SSC-related traffic.  See MSKB Article
; Q183859 for further details.
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters"
$REGVALUE = "SealSecureChannel"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG22
GOTO CHECKSEC

:SECREG22
$DSCRIPTN = "Require Sign/Seal of Secure Session Channel Traffic"
; this setting ensures that all SSC traffic is either signed or sealed.  If enabled, all DCs
; MUST also have this value set.  See MSKB Article Q183859 for further details.
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters"
$REGVALUE = "RequireSignOrSeal"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG23
GOTO CHECKSEC

:SECREG23
$DSCRIPTN = "Enable Forced Logoffs"
; By default, this value is set to 1 but is normally not visible under this subkey unless
; someone has run NET CONFIG SERVER /HIDDEN:YES|NO, in which case all of the values
; normally controlled dynamically by the operating system are written as static entries
; under this key.  This key ensures that the server can force connections off of
; the system.
$LEVEL = "2"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
$REGVALUE = "EnableForcedLogOff"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG24
GOTO CHECKSEC

:SECREG24
$DSCRIPTN = "Disable Clear Text Passwords"
; See SP3 Documentation on this Registry edit.  Some environments that support UNIX
; interoperability may require that authentication be allowed to be sent in the clear.  
; This change ensures that if a system (such as a mobile/laptop NT user) has been in
; an environment such as this, the setting is checked (and disabled).
$LEVEL = "1"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters"
$REGVALUE = "EnablePlainTextPassword"
$REGTYPE = "REG_DWORD"
$GOOD = "0"
$BAD = "1"
$SPECIAL = "0"
$NEXT = SECREG25
GOTO CHECKSEC

:SECREG25
$DSCRIPTN = "Disable 8.3 Name Generation for Win16/DOS"
; Not only a security issue but a performance enhancer as well, this edit disables
; the creation of short filenames/paths for use with DOS/Win16 applications.  
; See MSKB Articles Q121007 & Q210638 for further details.
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem"
$REGVALUE = "NtfsDisable8dot3NameCreation"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG26
GOTO CHECKSEC

:SECREG26
$DSCRIPTN = "Disable Caching of Encrypted Web Pages to Disk"
; Configurable through the Properties/ Advanced page of Internet Explorer, the value is
; actually listed as 'Do not save encrypted pages to disk'.  This can be set under
; HKEY_USERS\.DEFAULT\.. to ensure that the value is added for all new users as well.
$LEVEL = "1"
$REGKEY = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
$REGVALUE = "DisableCachingOfSSLPages"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG27
GOTO CHECKSEC

:SECREG27
$DSCRIPTN = "Enable SMB Packet Signing on NT Workstations"
; This edit enables the signing of all CIFS/SMB traffic from the workstation verifying
; the originating address.  This edit can produce significant overhead (greater than the
; 10-15% specified in the MSKB Article).  See MSKB Article Q161372 for further details.
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters"
$REGVALUE = "EnableSecuritySignature"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG28
GOTO CHECKSEC

:SECREG28
$DSCRIPTN = "Require SMB Packet Signing on NT Workstations"
; This edit enables the requirement of all CIFS/SMB traffic from the workstation to be signed.  
; This edit can produce significant overhead (greater than the 10-15% specified in the
; MSKB Article).  See MSKB Article Q161372 for further details.
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters"
$REGVALUE = "RequireSecuritySignature"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG29
GOTO CHECKSEC

:SECREG29
; If you are absolutely certain that you have clients that are NOT using DCOM,
; use this edit.  Read the COM Security whitepaper or MSKB Article Q158508 for
; further details.
$DSCRIPTN = "Disable DCOM"
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole"
$REGVALUE = "EnableDCOM"
$REGTYPE = "REG_SZ"
$GOOD = "N"
$BAD = "Y"
$SPECIAL = "0"
$NEXT = SECREG30
GOTO CHECKSEC

:SECREG30
$DSCRIPTN = "Restrict All Null Session Access"
; This edit purportedly removes a Null session's ability to perform operations normally
; available to Null Sessions, it may cause problems with applications running as services that
; attempt to access UNC paths or some COM apps.  See MSKB Article Q158508 for further details.
; NOTE: The edit is incorrectly referenced in the article as "RestrictNullSessionAccess".
$LEVEL = "2"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
$REGVALUE = "RestrictNullSessAccess"
$REGTYPE = "REG_DWORD"
$GOOD = "1"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG31
GOTO CHECKSEC

:SECREG31
$DSCRIPTN = "Enable PASSFILT/Complex Passwords"
; This edit sets up complex password requirements for the local station.  
; 1. Passwords must be at least 6 characters long.
; 2. Passwords must contain characters from at least 3 of the following 4 classes:
;
;        Class                         Examples
;        -----                         --------
;        English Upper Case Letters    A, B, C, ... Z
;        English Lower Case Letters    a, b, c, ... z
;        Westernized Arabic Numerals   0, 1, 2, ... 9
;        Non-alphanumeric characters   .,;:*&%!
;    
; 3. Passwords may not contain your user name or any part of your full name.
; This edit contains a GOSUB routine ($SPECIAL = "1") that runs the copy of
; PASSFILT.DLL from the NETLOGON directory of the authenticating server to
; the %SystemRoot%\System32 subdirectory of the local station.  This edit should
; be used in conjunction with the NT Resource Kit tool PASSPROP.EXE on all NT Servers.
; See the SP3 documentation for more information on PASSFILT.DLL
$LEVEL = "2"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"
$REGVALUE = "Notification Packages"
$REGTYPE = "REG_MULTI_SZ"
; For those users of Netware, otherwise Nuke FPNWCLNT.
;$GOOD = "FPNWCLNT|PASSFILT|"
$GOOD = "PASSFILT|"
$BAD = "FPNWCLNT"
$SPECIAL = "1"
$NEXT = SECREG32
GOTO CHECKSEC

:SECREG32
$DSCRIPTN = "Disable LM Authentication"
; This edit has several options that you can configure for your environment as you see
; fit.  For the full functionality of this edit to be used, several conditions must be met.
; You must have SP4 or greater installed and for settings above 3, these values must
; exist on all DCs as well.  As there are many configuration options involved here, you
; must be very careful when applying this value.  The default established here is 2, disabling
; all LM activity (95 clients).  
;
;   Value: LMCompatibilityLevel  
;   Valid Range: 0-5   Default: 0
;   Description: This parameter specifies the type of authentication to be used.
;   Level 0 - Send LM response and NTLM response; never use NTLMv2 session
;             security   Level 1 - Use NTLMv2 session security if negotiated
;   Level 2 - Send NTLM authenication only
;   Level 3 - Send NTLMv2 authentication only
;   Level 4 - DC refuses LM authentication
;   Level 5 - DC refuses LM and NTLM authenication (accepts only NTLMv2)
;
; WARNING: Read *ALL* of MSKB Article Q147706 before using this edit!
$LEVEL = "3"
$REGKEY = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"
$REGVALUE = "LMCompatibilityLevel"
$REGTYPE = "REG_MULTI_SZ"
$GOOD = "2"
$BAD = "0"
$SPECIAL = "0"
$NEXT = SECREG33
GOTO CHECKSEC

:SECREG33
$DSCRIPTN = "Disable the OS/2 & Posix Subsystems"
; This edit removes both the OS/2 & Posix subsystem entries as well as the individual values
; for each (as denoted by the GOSUB $SPECIAL = "1" value) and the files OS2SS.EXE and PSXSS.EXE.  
; These two subsystems leave a potentially exploitable hole in a Workstations security.  

Top
#90543 - 2003-01-22 11:47 AM Re: PostPrep-Test Post , please ignore code
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
Ron, all

I won't post this [Eek!] , only for the stats :

Conversion - 2668 lines
Duration - 7 seconds, 861 milliseconds
Commands - 1318
Functions - 493
Macros - 21

Jooel ! You did a hell of an improvement with your conversion engine !!!
_________________________



Top
#90544 - 2003-01-22 05:35 PM Re: PostPrep-Test Post , please ignore code
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
I think that was the plan in the first place, eh?

but seems that doc is skeptic still does it work [Razz]
_________________________
!

download KiXnet

Top
#90545 - 2003-01-22 09:38 PM Re: PostPrep-Test Post , please ignore code
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Heck no I'm not skeptic. I think it is a GREAT tool and can't hardly wait till you guys release it for general use.

Darn good job Jooel and Jochen.... Hopefully Shawn will complete build 38 soon and you guys can finish up any other little minor glitches and the rest of us can then start using this [Cool] new tool.

Thanks Jochen and Jooel for spending the time on this so that we can all enjoy it.

LOVE IT...LOVE IT...LOVE IT...LOVE IT...LOVE IT...

Top
#90546 - 2003-01-23 01:06 AM Re: PostPrep-Test Post , please ignore code
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
k...
as you guys wanted multiline text, here it is.
only thing it did bring up was the execution time.
which currently was for checker over 4s! [Mad]

not sure I like this change at all! [Frown]

anyway, here is the code... look for blocks of multiline green:

{edit}
code removed for saving space on the HD [Wink]
also the linefeed issues have been removed in current alpha.
{/edit}

[ 24. January 2003, 17:07: Message edited by: Lonkero ]
_________________________
!

download KiXnet

Top
#90547 - 2003-01-23 01:08 AM Re: PostPrep-Test Post , please ignore code
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
jochen???
what has changed?

why my code is with spread that way?
_________________________
!

download KiXnet

Top
#90548 - 2003-01-23 03:05 AM Re: PostPrep-Test Post , please ignore code
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
k, got the code improved a little...
now it took only 3s 876ms
but with 417 lines that is much too.

dunno.
still, jochen, wasn't this script supposed not to write the lf-char to the html-file?

for me it does and that screws it up.
_________________________
!

download KiXnet

Top
#90549 - 2003-01-23 04:13 AM Re: PostPrep-Test Post , please ignore code
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
trying to optimize my code...
does anyone have faster way of doing:


case $c='"' $s=$s+$t+$c do if $=$_ $f[$a]=$s $a=$a+1 $i=$f[$a] $s='' $=0 $_=len($i) endif do $=$+1 $c=substr($i,$,1) $s=$s+$c until $c='"' or $=$_ until $c='"' $s=$s+$te



all volunteers of helping me out are welcome [Wink]
_________________________
!

download KiXnet

Top
#90550 - 2003-01-23 08:20 AM Re: PostPrep-Test Post , please ignore code
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
Just to proof that you screwed [Big Grin]



setascii("on")
$a = 1
cls
while $a < 5 ;Change this value to get more or less numbers
   $y = 1
       while $y <= 80
           $z = 1
           while $z <= 20
               at($z,$y) "$x " + chr($x)
               $z = $z + 1
               $x = $x + 1
           loop
           $y = $y + 10
       loop
   ? shell "%comspec% /c pause"
   $a = $a + 1
loop
exit



The script as is adds only on save as html an additional <_br> tag
_________________________



Top
Page 4 of 6 « First<23456>


Moderator:  Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 557 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.093 seconds in which 0.03 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org