AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > OS, Software, Firmware, and BIOS


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 7th December, 2012, 11:02 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

Windows Server Attributes CMD

My work got a Trojan/Worm right before Thanksgiving and it spread to a bunch of servers with shares. Basically it would hide all the folders in the share and spoof them with .exe files so users would click them and get infected.
I have been able to secure the shares from the Trojan/Worm and allow everyone to their files, but there are still some lingering infected computers hiding folders.
The only way they could continue to work is by allowing them to see hidden and Operating System folders....

Once I am able to remove all the infected computers and unhide the folders on the server, how can I remotely turn off hidden and Operating System folders?

I use Goverlan Administration to access all workstations. It also allows me to use a console and run command directly on their computer on the backend.

Does anyone know a command or registry edit to turn that off?
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 7th December, 2012, 11:52 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

Bump!
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 8th December, 2012, 09:50 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

No AV on servers? Slack file permissions?
You can utilise GPO with an ADM admin template -see Group policy to disable showing hidden files
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 8th December, 2012, 02:16 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

Ah, thats what I needed to hear!
Thank you Aedan... apparently I couldn't think of that on my own.
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 8th December, 2012, 07:34 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

Same here! But I guess everyone knew that....sigh....":O}
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 9th December, 2012, 10:49 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Quote:
Originally Posted by booman View Post
apparently I couldn't think of that on my own.
If in doubt, think GPO.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 10th December, 2012, 05:38 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

The cool thing is our Parent server is a Win 2008. there are a LOT more Group Policy features in it than in Win Server 2003.

Do you think there is a policy to make all users "Power Users" on their local computer?
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 11th December, 2012, 10:12 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Yup, there is a way to do it. See The EXPTA {blog}: Adding users to local security groups using Group Policy
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 11th December, 2012, 07:47 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

You Rocketh Aedan!
Now I'm scared to try this because all of our users are local administrators and this could break something.
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 11th December, 2012, 08:37 PM
chrisbard's Avatar
Benchmarker
 
Join Date: March 2003
Location: Earth
Posts: 8,252
Send a message via Yahoo to chrisbard

Talking

I think if you pray before you give them full rights the system will be safe - it might be called Jesus Guards 1.0
__________________
I've heard that linux community came up with better implemented security in it's latest Linux Mint Gold version, it's actually preventing the user to log in, thus posing 0 risk in contamining the computer with malware! Well done to the open source community!

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #11 (permalink)  
Old 11th December, 2012, 08:40 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

unfortunately someone before me already did!!!
So now I'm thinking of ways to secure all of us

JesusAware 1.5
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #12 (permalink)  
Old 12th December, 2012, 10:29 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Yeah, you really don't want users to be local admin if you can help it. It's a great way to ensure that malware gets a foot in the door quickly and easily.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #13 (permalink)  
Old 12th December, 2012, 06:28 PM
booman's Avatar
AOA Staff
 
Join Date: December 2005
Location: Mesa AZ
Posts: 4,030

Yup, and that is exactly what happend. The Systems Admin before me set everyone as local admins due to legacy apps, but I think most of them could be Power Users and Limited Users.
So I play to make some changes very soon.
This stinking Trojan/Worm has occupied my last two weeks and I'm still dealing with it.
__________________
Booman
Mint 17.3 64-bit
Wine 2.0
PlayOnLinux 4.2.10
Linux Guides: PC Games Linux Beginners Tips Linux Games List
Mack Truck Dungeon Of Fire Spray Booth Tutorial
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #14 (permalink)  
Old 13th December, 2012, 10:18 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

It might be worth working out what exactly the legacy apps objected to that required admin access. You might be able to modify permissions to just whatever they need, rather than grant everyone power user.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #15 (permalink)  
Old 13th December, 2012, 11:50 AM
chrisbard's Avatar
Benchmarker
 
Join Date: March 2003
Location: Earth
Posts: 8,252
Send a message via Yahoo to chrisbard

Talking

Quote:
Originally Posted by Aedan View Post
You might be able to modify permissions to just whatever they need, rather than grant everyone power user.
But please make sure you tell them afterwards which permissions are available and print some A4 in red where you explain that they still have to get up and use the restroom since that permission isn't granted!
__________________
I've heard that linux community came up with better implemented security in it's latest Linux Mint Gold version, it's actually preventing the user to log in, thus posing 0 risk in contamining the computer with malware! Well done to the open source community!

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Tags
group policy , security , windows server



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft releases SDK for Windows Home Server danrok OS, Software, Firmware, and BIOS 0 6th April, 2007 11:18 PM
windows server 2003 enterprise edition FTP karbon86 OS, Software, Firmware, and BIOS 2 28th October, 2004 10:29 PM
windows server 2003 barneygumble742 OS, Software, Firmware, and BIOS 1 16th August, 2004 04:49 AM
8k5A3+ USB2.0 + Windows Server 2003 pgudge EPoX MotherBoards 0 2nd July, 2003 05:43 PM
Windows 2000 server and exchange! The Spyder CRASHED! 6 9th August, 2002 01:06 PM


All times are GMT +1. The time now is 02:49 AM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0