Tag: security

Group Policy to disable Autorun

Posted by on January 21, 2009 | 5 comments
Active Directorygroup policysecurityTech

Well, its been a while, but I thought I’d share this little snippet.

Theres a big hoo-ha going round at the minute about a number of viruses that are exploiting autorun.inf to spread.

You can read all the gorey details over at CERT “Microsoft Windows Does Not Disable AutoRun Properly

Essentially, the recommended fix is to set a registry key. I did read somewhere that this makes windows handle the file as a Win95 ini file but sadly I can’t find the blog/article where I read that anymore.

Approaching this as a sysadmin and wanting to undertake minimal effort to resolve this issue I’ve create a Group Policy adm file to solve apply it to all the machines in an Active Directory domain. I’ve copied the contents below and attached the file to this post.

To use it:

  1. Create a new group policy object in your AD
  2. Edit it, right click on the Administrative Templates folder and remove all the default ones listed and add the one below.
  3. Right click on the Administrative Templates folder and change the view filtering to not hide settings that can’t be fully managed
  4. Group poicy editor will now display the setting to disable autorun which will set the appropriate registry key

ADM files are just text. You can either download the one below or copy and paste this (watch for the line wrap on the last line!):
» Read the full post

If you find this article useful, buy me a beer!

Tags: , , ,

OpenDNS – free filtered DNS for the masses

Posted by on February 11, 2008 | No comments
Tech

I’ve just started using a new (free) service called OpenDNS – http://www.opendns.com – at home and I’ve also set it up at work.

You need to know very little about How The Web Works™ to know that this can be a good thing.

DNS is where your computer takes a name like www.livejournal.com and turns it into a number that is used to route your computer to the right webserver.

OpenDNS doesn’t just give you the correct address for a website. It maintains a list of Phishing websites and redirects these to a safe page warning you about the site you were about to visit.

Of additional interest to me for its use at my work (and to parents who’s kids have access to the Internet) is that they don’t just categorise phishing websites, but they also have categories of adult and mature sites you can bar if you want (once you’ve signed up)

Took me a few minutes to setup (a little extra poking required at work, naturally). Very unintrusive – no software to install, just a couple of settings to change and they have lots of help pages on how to do that.

If you find this article useful, buy me a beer!

Tags: , ,

Powered by Wordpress and Stripes Theme Entries (RSS) | Comments (RSS)