The Little Things About Security
Network security isn't always about grand initiatives. Microsoft offers several free utilities that get the job done with less investment.
With all the buzz about security initiatives and new products, it's easy to overlook some of the little things that can make all the difference when it comes to keeping your network secure without having to work overtime. Among them are many of the utilities in the
Windows Resource Kit Tools, a collection of free Windows utilities from Microsoft designed to help IT admins perform regular tasks more easily, including taking care of common security issues.
You may have already used some of these tools, which can help with many tasks from printer administration to Active Directory replication troubleshooting. Let's take a look at some of the security-related utilities.
Files and Permissions
My all-time favorite Resource Kit Tools utility is Robocopy, short for Robust Copy. It's one of the most versatile file-copying utilities available anywhere. You can use it not just to mirror entire directory trees -- it recovers when a network share is temporarily unavailable -- but also preserve NTFS permissions that are lost during a normal file copy. In Windows Vista, Robocopy is even included in the operating system itself. The Vista version can also maintain the encryption of EFS-protected files.
Viewing permissions for multiple files or folders can be tedious. Resource Kit Tools utilities let you view and manipulate file permissions more easily. Showacls displays all permissions entries for a directory, letting you include subdirectories and filter the output by user or group. Examining the Showacls output sure beats manually examining multiple files to determine what a user's permission is. Perms lets you view a user's effective permissions to a file, whether granted explicitly or through a group membership.
Subinacl lets you control permissions for files, registry keys, services and other resources. You can use it to simply display permissions or to set, replace and even copy permissions for multiple objects. You'll probably never use it to its full potential, but it can make your life easier even if you only change permissions infrequently.
Moveuser helps with moving an account between domains. Manually replacing all permissions involved is almost impossible, but Moveuser changes the security settings of the user profile so they can be used by the new account.
Viewing permissions on file shares on a remote server can be a pain. Srvchk displays all permissions assigned to remote file shares. Ntrights and Showpriv complete the list of permission-related utilities. Ntrights lets you grant or revoke user rights; for example, temporarily letting a user change the page file without assigning administrator rights. Showpriv lists all users that have been assigned a specific right.
Dealing with Users
When administering user accounts, you often need to determine when a password expires or the last time a user logged on. Acctinfo.dll adds a new property page to Active Directory Users and Computers that displays this and other helpful user account information, such as the last time a password was set. To only view whether an account is locked out, use Lockoutstatus to display this information from all domain controllers.
The Resource Kit also contains several utilities that can help you with certificate and log-on problems, including Pkiview to check the certificate infrastructure health. Not able to back up open files because users didn't log off before leaving the office? Use Winexit, a screen saver that logs off inactive users.
Monitoring security-related events can be as important as configuring security. Eventcombmt displays event-log entries from multiple computers in a single list. For example, it lets you view log-on failures on all DCs. Vfi, or Visual File Information, compares files and pinpoints even minute differences that aren't obvious. Other utilities included in the Resource Kit Tools let you perform additional security tasks. You can refer to the included help file for details.
Joern Wettern, Ph.D., MCSE, MCT, Security+, is the owner of Wettern Network Solutions, a consulting and training firm. He has written books and developed training courses on a number of networking and security topics. In addition to helping
companies implement network security solutions, he regularly teaches seminars and speaks at conferences worldwide.