Virindi

I mean, the user should have no network / remote access rights. In other words, after I add the account, it should only be useable locally.

I will definately give this a shot. Thanks very much for the help.

Hi all, I posted this in the Windows XP forum, and then noticed that there was a security forum here. I apologize for the cross-post in advance. I'm working on a windows installer that adds a new user to the system to run scheduled tasks. For security, I want to disable remote login for that account. There's a utility for windows that can do this (ntrights.exe), but it's only part of the Resource Kit and not installed by default. I can't depend on the kit being installed - I have to assume the end user won't have it. I also can't re-distribute ntrights.exe as part of my installer - we don't want to make Microsoft angry So far I am thinking maybe there is a solution that falls into one of the following: 1) is it possible to disable remote login through registry editing somehow? 2) can I export the "disable remote login" part of a security policy and re-apply just that one rule during installs using gpedit or whatever? Not sure that this is possible, or that it would work on XP Home/Pro and 2000, but maybe.. 3) is there an open-source tool or something else I can use to do this? 4) Maybe there is another utility that is installed with windows that will do this, and I missed it somehow. Any help would be greatly appreciated. Thanks!

Hi all, I'm working on a windows installer that adds a new user to the system to run scheduled tasks. I generate a random password, add the user, and schedule the tasks. Here's the thing I can't figure out so far: For security, I want to disable remote login for that account. I think there's a utility for windows that can do this, in the Resource Kit. But I can't depend on the kit being installed - I have to assume the end user won't have it. I also can't re-distribute the program(s) that comes as part of the Resource Kit, as part of my installer - we don't want to make Microsoft angry Anyway, I see two programs that come as part of the Resource Kit that would do the job: Ifmember.exe - Manage user group association Ntrights.exe - Manage user rights I am trying to figure out if anyone knows a way (through registry manipulations, another open-source alternative that I could include in my installer, or anything really) to disable remote login rights for my new user. I would prefer something that works on Win9x as well as 2000/XP, but anything would help... even if the solution only worked on 2000 and up (I can warn the user that I can't disable remote login for their OS because it's too old or something). Any help would be greatly appreciated.

Thanks very much for the reply. You've made my life much easier!

Hi all, I don't have a copy of Windows XP Home Edition to test this - but with XP Pro, you can schedule tasks from the commandline using: Windows\System32\schtasks.exe Can anyone that has Home Edition confirm that this file exists on XP Home and Win2000 as well? I would very much appreciate it. I am almost certain that Win2000 also has schtasks.exe, but not so sure about XP Home. Title Edited - Please follow new posting rules from now on. --Zxian

Nicely done. Thank you.

http://support.microsoft.com/default.aspx?...kb;en-us;330132 Fix the Desktop.ini issue: Run this from XPlode, cmdlines, or whatever: attrib -h -s desktop.ini /s Followed by: attrib +h +s desktop.ini /s Doing that will fix the issue. I don't know what exactly causes it, probably one of the tweaks out there like Marshall's Visualiation Tweaks with superhidden or hidden seeting, I dont know - but whatever. This fixes it. Hope it helps.

[nevermind; irrelevant. Off I go to find more WMP 10 silent install information].

I don't have an available XP SP1 box (mine are all at SP2). If someone has MM 2.1 listed in their available updates list, please send me a quick email before downloading / installing it - I'll send you the address of my proxy so I can catch the address of MM 2.1 in the logs. -J

An excellent and informative reply, it_ybd. I'm impressed.

I see a lot of this kind of thing in your logs: 4 File(s) 3ÿ583ÿ680 bytes 2 Dir(s) 19ÿ888ÿ185ÿ344 bytes free I'm not sure what's going on there, but... Also, it somehow does not detect your source version: -------------------------------------------------------------------------------- -- 10:55:52 -- Determine Source Version. -------------------------------------------------------------------------------- (nothing else). Is this an english version of Windows 2000? -J

XPCreate works from a "clean" cd. NLite does not always work OK from an XPCreate modified cd. Best to test and see how it goes for you.

They probably did customize a version of wget, and then compressed it with UPX or something similar. I can't find a miniature version of wget, lynx, or curl for windows. :\ So I tested compressing it myself: http://www.interlog.com/~tcharron/wgetwin.html wget 1.5.3: compresses to 76k with UPX. I can't find anything smaller at the moment, but I will keep an eye out.

1) Install a machine with the "Core" OS - the same thing as whatever CD or state you start with. You may want to use vmWare or Microsoft's VirtualPC for this. 2) Run the Microsoft Baseline Security Analyzer and it should state which hotifxes are missing. 3) Take note of the list, and download the appropriate fixes. Install them on the test machine. 4) Go to windows update and see if it missed anything; take note again and download the appropriate fixes. That should at least get you started I've got to say though, unless you have a hard reason not to use SP2 -- I would consider installing it. If it breaks an application you need, or something like that... ok. Otherwise if it's just minor annoyances like the "security center" or the half-open connection limitation, or default firewall settings - those can be easily worked around with registry tweaks. I like the attempt at stack overflow protection that MS put into SP2, the increased Outlook / IE security settings, the popup blocker in IE, and some of the other features they've added. For the typical end-user, the fact that XP whines about no antivirus, or out of date antivirus, or non-automatic windows updates -- is a good thing. For you, it may not be, but again that can be overcome with a few registry tweaks. -J