Another question...

[OuchThatHurts]

What's up with the "registry"??? Has it occurred to anyone yet that perhaps this is not the way to go? I can't tell you how much I loved it when I unzipped Firefox and Thunderbird and the entire application runs out of a folder, aside from the registry. You want to get rid of the app? You just delete the folder. Done. I don't know if you guys used Windows 3.11 but I did and it was the same way. Easy as pie. Now there's all these hidden folders and files and hooks in the registry and a hundred undeeded services running, all of which usually open some port... It's rediculous. Some folders you can't even delete! I recently did a test restore of a backup into an alternate folder just to see if the backup and restore was working and guess what? I couldn't even delete the folder after I restored to it. There were hidden files in there that must have contained system info (system volume information). I still haven't been able to get rid of it. Maybe I can use the console and go into command mode and delete it that way... Crazy. Plus you have apps now that install their own little rootkits???

Okay, I'm done ranting.

 

[Kaiser]

I am hopping in the shower right now, and will answer the earlier after, but as far as the later, System Volume Information if restored from backup, will inherit NTFS permissions which by default will not allow you to access. First log in as local administrator for ease of teaching. You need to reset permissions by right clicking the folder, going to properties and selecting the security tab. Once there you will see SYSTEM is the only SID (security identifier) in the ACL (access control list). You then need to click Advanced button at the bottom, then click the Owner tab on the next form. In the "Change owner to" section highlight Administrator, check the "Replace owner on subcontainers and objects" and click Apply. It will then traverse the tree and make administrator owner of the files/folders. Once this is done exit all the way out and right click the folder again and go to Properties/Security again. Now add administrator to the permissions of that folder as full control. Do not click Apply yet. Click Advanced again and you will see "Replace permission entries on all child objects..." Check that and then click apply. It will repermission the tree and you will be able to delete the folder. As you can repermission the true System Volume Information folder on SystemDrive, you will not be able to delete it as it houses things like System Restore etc.

 

[Kaiser]

Oh, shit BTW, if you are doing this on Windows XP and it is not part of a domain, you will by default need to turn off Simple file Sharing to see the property pages correctly. Tools/Folder Options/View. Scroll all the way down and uncheck Use Simple File Sharing.

 

[Kaiser]

Registry

OK now for the registry. The registry is just a database, a central repository of sort for settings. Microsoft realized a long time ago that ini files scattered across a file system, slows things down, and makes it difficult for application integration, so they created the Windows Registry. But wait, get this, it was created and running in Windows 3.1 let alone Windows 3.11. You just weren't aware probably. Linux/Unix have been kicking this around for years and are now in deep development to create something similar. There are some instances already set in place for beta testing but as a whole they have not accomplished a full registry (or whatever they are going to call it) yet. The Registry consists of mainly 6 different databases as of now. The path to the datbases are as follows under the folder path: %systemroot%\system32\config

Default = System's user account settings
System = System settings
SAM = Security accounts (user accounts)
Security = Security policies
Software = Software settings

Then one more %userprofile%\ntuser.dat = The current user logged in registry

The registry is complex, but due to it's existence, allows an operating system to have application integration, ease of operating system use, deployment, speed, control and security. Get used to it because it is not going away and it will get more and more complex as years go on.

Lets put it this way. Install an application on a Unix system. It writes to an ini flat file or settings flat file. Now where is that file placed? You need to be aware of this as a user if you want to install another application that will integrate with it and inherit it's current settings. Now consider this. You have both applications open at once. yopu execute something at the same time and they need to capture these settings and save them on both instances. Which application gets the write capabilities? Which one has to wait until the other application unlocks the current flat file for writing so that it may write it's settings? A database like the registry on the other hand allows for this. Now here's another persepctive. Say you want a user to be able to read certain settings, but not others, and you want the user to be able to write to certain settings but not others. What are you stuck with then? Multiple flat files that only file permissions determine the user's actual access ability. Both of those scenarios have the ability also to lead to an excessive amount of file I/O also whereas the database does not. To take this further, where do you think industry/technology would be now if it computers were stuck writing data to single write I/O flat files (text files) and no one had thought up the engineering of a database structure? Same principle holds here. Sooner or later, Linux and Unix will need a central respository of settings in a securable database if it wants to exist and move forward.


As a side note, Firefox does utilize the registry and does use files in other folders, you are just not aware because the files are built in system dlls (dynamic link libraries).

As far as rootkits are concerned, this attack derived from the unix/linux world as they have been dealing with this problem for years. Windows as of recent started to receive it's share of rootkits, but they will be extinct in Vista as raw writes are declined (as of the most recent build). XP may even harden their kernel to stop this behavior in future service packs as they did with buffer overrun detection (I can explain what buffer overruns are in detail if you want, as MSBlaster was just one that exploited this). I will continue in the next post about services.


Services and need for servbices explained in the next post.

BTW, just so you know as far as the registry is concerned. If you lost your local admin password to a box that is not a Domain Controller (for a domain controller I can tell you how to also, but it is a different method), you can use Recovery Console to delete or rename the following file:

%systemroot%\system32\config\SAM

Upon reboot "Administrator" password will be blank and Windows will create a new SAM registry database.

 

[Kaiser]

Services

Now we get to services. Services derived from other operating systems such as Unix, and one of the most stable corporate operating systems of all time, VAX. Only thing is they called them Daemons, but they are the same thing. All operating systems today have a large amount of services/daemons running. All of them. They are necessary for each layer of the opertating system's modular design. Look at it this way, if you just boot up a system with no services/daemons, what can you do with it? Nothing with any purpose. You'll be stuck in a kernel level command prompt shell. Not fun.
Services/Daemons only open network ports if they are in need of network compatibility. Only a poorly written application would open a port for no use, but you cant control everything and every one elses code, but what you can control is actually monitoring those ports with an active firewall. This is the only way to determine whether an application should have network access or not, by actually asking the user when an application tries to open a port. If you're playing PacMan written by a third party software vender and the operating system asks if you want to open a port, you should realize that PacMan does not need it. For an operating system to have heuristics to determine what a 3rd party application does or does not need, it virtually impossible.

 

[OuchThatHurts]

I really appreciate all the info! I see why it would be necessary. I'm familiar with daemons since I'm familiar with Linux. Maybe it's just me. I just think all this interoperability is not always necessary. Windows has always tried to basically be the "jack of all trades and master of none". The one thing I believe that they have mastered is the GUI. That's about it. I notice you compare Windows to Unix many times. It looks like Windows went off on a tangent and now they are COMING BACK to unix and not building further ahead. In fact, many of the technologies Windows is starting to employ are more unix-like all the time.

The concept of databases wasn't invented by M$. Look at the amount of development M$ has been putting into Terminal Services. At one time, we all had thin clients and a central server or servers, then it went that every PC was sorta it's own server (file and print sharing), now it's going BACK to terminal services again. I think the reason for this is profiles. What a MESS! Feel free to correct me here. Another thing that is rediculous is that when sharing a desktop (whether Citrix or Terminal Services) is that you get the SERVER desktop! Sure you can "lock down" the desktop but why not just give a virtual desktop?

I just see technology sort of going backwards now. When you have multiple staff members using the same dozen computers, and each one has a different profile, it's a mess. If someone forgets to log off, then everything is exposed to the next person (email, everything). At least with windows 98 (which I understand had enough problems) had a single desktop that everyone who used that computer got. Printers, icons, etc. The only thing that needed different profiles was email.

Kais, I love reading your stuff. You should write a book man!

 

[Kaiser]

I compare to Unix/Linux because they are basically the only competing oeprating system left. Not because Windows is becoming more Unix like. It is just plain old improving. As far as jack of all trades master of none, well, I wouldn't say that. With the fastest most secure and granular file system (NTFS) on the planet, the fastest means of native network file transfer, the most stable web servers to the point that it holds a total majority 54% share over Apache's 23% share in Fortune 1000 companies, let alone unheard of integration, and an Active Directory that no one has anything even close, I would say they are more of a master of most trades now. That, and once the recognition of SQL 2005 comes to realization, Oracle finally has a serious competitor for SQL databases. Then we get into email and messaging services like Exchange with RPC over HTTPS tunneling. Who's going to compete with that? Lotus Notes?

For more on the web servers:

**broken link removed**

I think you misunderstood what I was saying when I was talking about databases. Of course M$ did not invent them, they just deployed them in areas like a centralized registry for an opertating system to overcome the shortcomings of a flat text file.
As far as profiles, they are alot easier managed than you think via group policy. Most corporate domains have GP's (group policy) in place that specify timeouts for screensavers and mandator locks. If you wanted to have a user mandatorily log off after inactivity, you could do that also. The one thing that will make things easier is multi users from a domain allowed to log in at once which is coming in Windows. Sort of like Fast User Switching, but on a domain level. Anyway, all of this is configurable via GP for the users first log in, even email setup like Outlook, so their profile is ready right off the bat no matter where they go. You just need someone who is more acclimated with GP and Active Directory. Also, for the small number of users you are working with, try out roaming profiles. Not good for a large environment, but works well ins small business.

As far as native support for a Terminal Service session projecting a Windows XP desktop instead of server desktop, I agree and have had numerous discussions with reps from M$ about it. It is coming, and is will be much like how you publish just an app to a workstation via MetaFrame instead of the whole desktop. There are third party applications that do this over top of TS as of now, but you know how that goes, once it gets good, M$ will offer to buy em.

BTW, did you really just mention Win98?