access checks, 127
access control list entries (ACEs), 24, 174
components, 174
deny, 184-186
Documents and Settings with, 184-185
icalcls tool and find all, 195
SIDs and, 174
access control lists (ACLs), 114-117, 171-201. See also ACL UI; discretionary access control lists; mandatory access control lists; system access control lists
default, 183
significant changes in, 183
definition, 171
earlier versions, 178-179
editor, 177
forms of, 173
major changes in, 178-179
management, 171-201
best practices, 201
permissions, 24, 171
modification, 156
registry, 199-200
representations, 174
resetting, 195
icacls and, 195
restoring, 192-193
icacls and, 192-193
saving, 191, 192
editing and, 192
icacls tool and, 191, 192
subinacl tool and, 199, 201
terminology, 172-175
tools for managing, 190-199
using, 175-178
verification of, 177
Windows XP, 178-179
default, 179
problems in, 178-179
access control permissions, IIS, 326-332
"Access Credential Manager as a trusted caller," 141
Access data sources across domains (setting), 270, 279
access masks, 174
access points (APs), 462. See also Wi-Fi
access tokens, 114, 125. See also security tokens
account lockout, 47, 539-546
facts, 540-541
parameters/settings, 539-540
password strength and, 541-545
account rights, 140
privileges v., 140
accounts. See specific accounts
ACEs. See access control list entries
ACL editor, 177. See also access control lists
ACL UI, 177, 197-199. See also access control lists
changes to, 197-199
Windows XP, 197
ACLs. See access control lists
Active Directory, 112.
See also Security Accounts Manager
SAM v., 112
Schema, 514
Active Scripting (setting), 275, 281
ActiveX controls, 33, 222, 223, 257
ActiveX controls and plug-ins (settings), 265-268, 278-279. See also specific settings
summary of, 278-279
ActiveX Installer service, 136, 137, 218-220, 222
Adobe Flash Player and, 219
configuration, 218-220
documentation on, 219
usage, 219
Add-on management, 256-257
Address Space Layout Randomization (ASLR), 5
Ad-Hoc mode, 462-463
admin-approval mode, 133, 136, 168
consent prompt settings for, 150
administrative templates, 492-493
settings, 504
new, 504-510
reboot/logon required, 510
Administrator account, built-in, 146-147, 180
disabled by default, 180
security importance of, 528, 529
filtered token for, 150
setting, 150
RID 500, 124, 146, 180
in safe mode, 146, 147
special treatment of, 146-147, 180
Administrator Lists, 317
administrators (admins), 128
non-, 129
UAC and, 129-130
power of, 129
ADMX files, 39, 492-493, 514, 515
migration tool, 493
template embedding, 493
Adobe Flash Player, 219
ActiveX Installer and, 219
Advanced Group Policy Management toolkit, Microsoft, 222
advfirewall, 424
adware, 64-65
browser cookies, 237
AES. See Asymmetric Encryption Standard
Airsnort, 465
All Users profile, 91
Allow META REFRESH (setting), 270, 279
Allow previously unused ActiveX controls to run without prompting (setting), 265, 278
Allow programmatic clipboard access (setting), 275-276, 281
Allow scripting of Internet Explorer web browser control (setting), 270-271, 279
Allow script-initiated Windows without size or position constraints (setting), 271, 279
Allow scriptlets (setting), 266, 278
Allow status bar updates via script (setting), 276, 281
Allow web pages to use restricted protocols for active content (setting), 271, 280
Allow websites to open Windows without address or status bars (setting), 271, 280
Allow websites to prompt for information using scripted window (setting), 276, 281
Anonymous authentication, 320, 323
anti-hammering defense, 47
anti-malware. See malware, automated
anti-phishing filter. See phishing filter
anti-virus programs. See viruses
API. See Application Programming Interfaces
application(s)
malware location in, 66
manifests, 165
misconfiguration, 56-57
security, 203-223
best practices, 222-223
UAC leveraging in, 164-167
UIAccess and, 152
vulnerabilities, 54-56
web server, 294-295
application pools, 309-311
identities, 311-314
Application Programming Interfaces (API), 424
Windows Firewall, 424-425
APs. See access points
Aronoff, Andrew, 70
ASLR. See Address Space Layout Randomization
ASP.NET Impersonation, 320-321
other authentication methods v., 325
Asymmetric Encryption Standard (AES), 26, 466
at.exe, 216
Attachment Manager, 506
attachments, malicious. See malicious file attachments
attacks. See specific attacks
auditing, 162, 533
elevation, 162-164
Process Tracking, 538
security tweak, 533
Auditpol.exe, 30
authentication exemption rules, 428
authentication methods, 14-16, 109. See also logon authentication; specific authentication methods
IIS, 318-325
support for, 14-16
authentication protocols, 110-112. See also Kerberos; LAN Manager; NT LAN Manager
challenge-response, 111
Authenticode, 265
reliant components-Run signed/not signed with, 265, 278
AuthIP, 451-452
multiple credentials and, 451-452
SDI and, 451-452
automated malware. See malware, automated
Automatic prompting for ActiveX controls (setting), 266, 278
Automatic prompting for file downloads (setting), 268-269, 279
Automatic Updates, 230
autorun programs, 99-100
locations for, 99-100
Autoruns utility, 70, 100, 235
example, 100
Web site location, 100