Security issues

G

Guest

Hi,

There are various issues regarding security in our embedded image I am
facing :

1. How to implement and use the Microsoft Storage tachnology by which we can
store the username/password for the server required on the network.

2. How to implement IPSec in an embedded system. I think I need to create a
custom securoty template with IPSec security policies using MMC. but I have
no idea how to implement that in an image and what components are required
for that.

3. I am using AutoLogin for my image, It works just fine... but when i clone
my image, it simply fails. Seems like cloning fails to transport the stored
password to the images.

4. I have included a custom securoty template so that the user account
password never expires. But during FBA when the secedit.exe is called, it
shows a messaagebox "failed to find secedit.chm" . thats because whenever we
run secedit.exe on full XP pro, it shows the secedit.chm (help file) which it
fails to find on XPE. How to remove this message box ?

5. My application is a shell. I want that whenever user presses the power
button of a machine, it should close the application and shut down the
machine. What should I do to implement that ?
Observation : When the application is runni9ng, Pressing power button does
not work, but when I close the application and then press power button, It
shuts down the machine.

6. I want to supress the splash screens (welcome and "windows is shutting
down") . I have applied these settings :

a. Configuration settings > Other settings > Do not display GUI boot screens
: SELECT.
b. Component Windows Logon settings > Show Friendly Winlogon : UNSELECT.
c. Component Windows Logon settings > Show "Welcome to Windows Screen"
before Winlogon : UNSELECT.

But screens still appear. Any idea ?

Any help is highly appreaciated.
 
K

KM

BONTZ,
There are various issues regarding security in our embedded image I am
facing :

1. How to implement and use the Microsoft Storage tachnology by which we can
store the username/password for the server required on the network.
Click to expand...

Are you talking about Protected Storage Service here?
2. How to implement IPSec in an embedded system. I think I need to create a
custom securoty template with IPSec security policies using MMC. but I have
no idea how to implement that in an image and what components are required
for that.
Click to expand...

Start with:
"IP Security Services"
"IP Security Tools and User Interface"

At runtime you can use:
- IP Security Policies MMSC Snap-in
- Use ipseccmd command line util (http://www.xdefenders.com/data/ipseccmd.exe,
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ipsecmd.mspx)

or many other tools that will allow you to change IPSec policies.
3. I am using AutoLogin for my image, It works just fine... but when i clone
my image, it simply fails. Seems like cloning fails to transport the stored
password to the images.
Click to expand...

If you are on SP1, upgrade System Cloning tool (http://support.microsoft.com/default.aspx?kbid=810144).
Use: fbreseal -keepall, to keep the autologon settings durng cloning.
4. I have included a custom securoty template so that the user account
password never expires. But during FBA when the secedit.exe is called, it
shows a messaagebox "failed to find secedit.chm" . thats because whenever we
run secedit.exe on full XP pro, it shows the secedit.chm (help file) which it
fails to find on XPE. How to remove this message box ?
Click to expand...

The secedit.chm is a part of "Security Configuration Engine Command Line Utility" component.
When you include the component in your configuration make sure you not set "Do not copy help files for this component" checkbox on
the component's settings page.
Uncheck "Do not copy help files for this configuration" option of the Configuraiton settings (Other Settings section)
5. My application is a shell. I want that whenever user presses the power
button of a machine, it should close the application and shut down the
machine. What should I do to implement that ?
Observation : When the application is runni9ng, Pressing power button does
not work, but when I close the application and then press power button, It
shuts down the machine.
Click to expand...

Assuming you have got ACPI compliant HAL and you use WinLogon, you can handle WM_POWERBROADCAST/PBT_APMQUERYSUSPEND message.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/power/base/wm_powerbroadcast.asp

If you use Minlogon.. it may appear to be more complicated as some issues have been reported about the new
Minlogon/WM_POWERBROADCAST.
6. I want to supress the splash screens (welcome and "windows is shutting
down") . I have applied these settings :

a. Configuration settings > Other settings > Do not display GUI boot screens
: SELECT.
b. Component Windows Logon settings > Show Friendly Winlogon : UNSELECT.
c. Component Windows Logon settings > Show "Welcome to Windows Screen"
before Winlogon : UNSELECT.

But screens still appear. Any idea ?
Click to expand...

For suppressing the XP/XPe Logo:
Add /noguiboot switch to your current ARC path in boot.ini on target device.

For suppressing the welcome and "windows is shutting down" screens:
Add the following registry value to your image:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System],"DisableStatusMessages"=dword:1

KM
 
G

Guest

Thanks KM,

Its been really useful to me.

3. Autologon works.
6. Splash screens absolutely suppressed.
5. i am working on it.

1. Yes, I mean Microsoft Protected Storage services here. I want to save my
network USERNAME /PASSWORD in the embedded image which can be used to access
a secure folder on server.
It works on full XP.

Thanks in advance.


KM said:
BONTZ,
There are various issues regarding security in our embedded image I am
facing :

1. How to implement and use the Microsoft Storage tachnology by which we can
store the username/password for the server required on the network.
Click to expand...

Are you talking about Protected Storage Service here?
2. How to implement IPSec in an embedded system. I think I need to create a
custom securoty template with IPSec security policies using MMC. but I have
no idea how to implement that in an image and what components are required
for that.
Click to expand...

Start with:
"IP Security Services"
"IP Security Tools and User Interface"

At runtime you can use:
- IP Security Policies MMSC Snap-in
- Use ipseccmd command line util (http://www.xdefenders.com/data/ipseccmd.exe,
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ipsecmd.mspx)

or many other tools that will allow you to change IPSec policies.
3. I am using AutoLogin for my image, It works just fine... but when i clone
my image, it simply fails. Seems like cloning fails to transport the stored
password to the images.
Click to expand...

If you are on SP1, upgrade System Cloning tool (http://support.microsoft.com/default.aspx?kbid=810144).
Use: fbreseal -keepall, to keep the autologon settings durng cloning.
4. I have included a custom securoty template so that the user account
password never expires. But during FBA when the secedit.exe is called, it
shows a messaagebox "failed to find secedit.chm" . thats because whenever we
run secedit.exe on full XP pro, it shows the secedit.chm (help file) which it
fails to find on XPE. How to remove this message box ?
Click to expand...

The secedit.chm is a part of "Security Configuration Engine Command Line Utility" component.
When you include the component in your configuration make sure you not set "Do not copy help files for this component" checkbox on
the component's settings page.
Uncheck "Do not copy help files for this configuration" option of the Configuraiton settings (Other Settings section)
5. My application is a shell. I want that whenever user presses the power
button of a machine, it should close the application and shut down the
machine. What should I do to implement that ?
Observation : When the application is runni9ng, Pressing power button does
not work, but when I close the application and then press power button, It
shuts down the machine.
Click to expand...

Assuming you have got ACPI compliant HAL and you use WinLogon, you can handle WM_POWERBROADCAST/PBT_APMQUERYSUSPEND message.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/power/base/wm_powerbroadcast.asp

If you use Minlogon.. it may appear to be more complicated as some issues have been reported about the new
Minlogon/WM_POWERBROADCAST.
6. I want to supress the splash screens (welcome and "windows is shutting
down") . I have applied these settings :

a. Configuration settings > Other settings > Do not display GUI boot screens
: SELECT.
b. Component Windows Logon settings > Show Friendly Winlogon : UNSELECT.
c. Component Windows Logon settings > Show "Welcome to Windows Screen"
before Winlogon : UNSELECT.

But screens still appear. Any idea ?
Click to expand...

For suppressing the XP/XPe Logo:
Add /noguiboot switch to your current ARC path in boot.ini on target device.

For suppressing the welcome and "windows is shutting down" screens:
Add the following registry value to your image:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System],"DisableStatusMessages"=dword:1

KM
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SECURITY TEMPLATES XP EMBEDDED 1
boot screen 1
Windows Forms problems 1
Howto enable "Password never expires" 6
CF boot issue 0
Branding issues 3
Hide/Modify WinLogon UI? 4
Service.exe process in Windows XP embedded. 1

Top