MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.
Top 10 Potential Problematic Security Settings
Many enterprise management tools rely on several of these features of the operating system:
Enterprise and other applications may require: Administrative Shares (C$, ADMIN$) - AutoShareWks or AutoShareServer Remote Registry Service Task Scheduler RestrictAnonymous (Null User Sessions) NTFS/Registry Permissions NetBIOS over TCP/IP LM VS. NTLM VS. NTLMv2 Authentication - LmCompatibilityLevel File/Printer Sharing Bindings Workstation Service Server Service
To troubleshoot most of these settings, it is either: - Turn it on - Turn it off - Tweak the value
For an application to function properly, it may require tuning several of the settings listed above.
The settings that are more difficult to troubleshoot are NTFS and Registry permissions. There are two ways to troubleshoot these issues: - Enable auditing of Failed Object Access, and watch for Failure events in the Event Viewer. - Use third party tools such as FileMon and RegMon from SysInternals – . Look for “Access Denied” alerts.