Windows Vista Tips
Home Register Members Search Windows Vista Tips File Database Links
Member Login:

Windows Vista Tips > Newsgroups > Windows Server > Server Security > Re: MS KB 962007 to Protect Against Conficker Virus

Reply
Thread Tools Display Modes

Re: MS KB 962007 to Protect Against Conficker Virus

 
 
Meinolf Weber [MVP-DS]
Guest
Posts: n/a

 
      04-03-2009
Hello w,

In basic you should better apply the latest patches, use an actual AnitVirus
software. If the Virus is on some of your machines, disconnect them from
the network clean them, update them to the latest SP and patches, scan again
with AntiVirus software and reconnect them to the network.

The GPO/registry chagnes is a workaround in my opinion. Even if the above
way is restrictive for the user, we did it that way(unfortunal we have had
the Virus on some machines in different buildings/locations), you can be
sure the Virus will not be spread out.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Microsoft's knowledgebase 962007 describes a group policy that can be
> used to help protect systems against infection by viruses (in general)
> and Conficker virus (specfically). Two of the three steps involved
> seem like very serious restrictions of capability and I want to better
> understand the implications.
>
> First, there is an instruction to remove the ability for
> Administrators and the operating system to write or modify to the
> svchost registry key. Won't this affect the ability to do a normal
> Windows Update, which might need to either add services here or modify
> settings for existing services?
>
> Second, there is an instruction to remove the ability for
> Administrators or the operating system to create Scheduled Tasks.
> That also seems pretty serious since we would not be able to easily
> maintain Scheduled Tasks.
>
> In general, what activities are going to start to fail with these very
> restrictive security settings?
>
> I would like to have a group policy ready to go that undoes the damage
> caused by the above settings. Is it appropriate to create a policy
> that will give Administrators and SYSTEM Full Control on the SVCHOST
> and subfolders and subkeys, or should we attempt to snapshot the
> existing security tree structure and precisely restore that?
>
 
Reply With Quote
 
 
 
Reply

« Troj/ServU - How to Prevent? | Windows Server 2008: File disappears from user's view after saving »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Conficker on DC Confused Windows Server 2 06-10-2009 01:36 PM
Do I have this Conficker virus? Bob Windows Update 4 04-15-2009 11:16 PM
Re: Regarding Conficker tomorrow DDW Windows Vista General Discussion 1 03-31-2009 07:13 PM
Re: Regarding Conficker tomorrow ray Windows Vista General Discussion 0 03-31-2009 06:00 PM
Virus Protect Pro Chris N Windows Vista Administration 2 08-12-2007 01:18 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Windows Vista Tips - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59