getting better score with belarc advisor

Discussion in 'other security issues & news' started by WSFuser, Jul 10, 2006.

Thread Status:
Not open for further replies.
  1. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    is there any utility that can help you better secure your PC without having to change all the settings manually?

    CIS offers some security templates, but they warn that it could break functionality.

    i was looking for a program that could prompt for each change and provide simple details or info. something like harden-it or secure-it but for windows xp pro security.
     
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Would love one myself. I think MS has one, "Security Baseline Analyzer"......? (not sure if it will change settings as much as point out potential weaknesses.)How ever, just by the nature of the beast, Win XX thru XP, almost anything you do can break functionality. Many security related programs\settings are like that sorry to say.
     
  3. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I created security template myself many times, but it never did, what it had to. [​IMG]

    I use mostly registry setting to set up about 95% settings after clean instal. Some of them are Belarc related like: Password Policies, Event Log Policies, Anonymous Account Restrictions, Security Options (all except renaming Admin & Guest), Additional Security Settings (most of them). I have to set up manually only Audit and Account Policies & User Rights, the rest is fine by default, although I do not set up things like File and Registry Permissions, because I consider it useless, I put all those aplications to blocked in firewall and to Service Permisssion, I have all bad services disabled (by registry of course). If you want to make a list, I will do it. By the way, all my reg settings are in this file (ods & xls in 7z), you can review it and use it at will. ;)
     
    Last edited: Jul 15, 2006
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    thats a lot of changes thetom_sk.

    if i wanted to make some of these changes, how could i have a registry file out of the some of the setting in the excel spreadsheet?
     
  5. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Create txt - open it and add anything you want - close - change its extension to ".reg" - run.

    Windows Registry Editor Version 5.00 - this must be at the beginning, like this (Event Log set up):
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]
    "Start"=dword:00000002
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
    "RestrictGuestAccess"=dword:00000001
    "MaxSize"=dword:01400000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security]
    "RestrictGuestAccess"=dword:00000001
    "MaxSize"=dword:05000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System]
    "RestrictGuestAccess"=dword:00000001
    "MaxSize"=dword:01400000
    Here is my reg file (DO NOT ADD TO REGISTRY), set it to open with Notepad and you can edit it.
     
    Last edited: Jul 15, 2006
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i have to delete any comments after the numbers right?

    and for teh changes in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters], are these the same things that harden-it would change?
     
  7. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Yes, just copy, what you need, only from the line B.
    Belarc should show, when the settings are properly set up.
    I would sugest to backup whole registry before making any changes:
    Start - Run - regedit - File - Export - Save (it will take a min or two).
     
  8. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    good news. after picking and choosing what i needed and importing the registry entries, my cis benchamrk score went from 3.96 to 4.79.
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Congrats and Good Luck (whatever happens). ;)
     
  10. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    another boost. a few other changes got me to 6.46. i need to figure the registry keys for them tho.
     
  11. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Yeah I know, they are not at one place and I did not write the best descriptions. [​IMG]
     
  12. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    its not the descriptions. some of the changes i had to do manually but i dont know their registry keys.
     
  13. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Some things do not exists in registry, only in ini files or somewhere else.

    Eg I can set up IE completelly via reg file (disable addons, cookies & trusted zone exceptions, etc), but I have to add/remove favorites manually, because they are stored on HDD like files.
     
  14. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    most of the Local Security Settings are in teh registry tho, arent they?
     
  15. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Well, it is possible, registry denies Full Control permission to some keys by default.
    So maybe it is hidden somewhere in the registry, but there is no helpfull guide online.
     
  16. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i did not know there was a hidden portion of the registry. thanks anyways.
     
Loading...
Thread Status:
Not open for further replies.