Installing Resource Kit on a Production Server - a security hole?

  • Thread starter Thread starter johndoe
  • Start date Start date
J

johndoe

I think most people will appreciate the extra functionality the RK brings to
Win2K server administration, especially when it comes to running certain
tools remotely -- however, would you view the RK install as a security
liability, offering a potential hacker a whole array of extra tools that
would be present locally?

Any opinions?
 
I install the utilities on a non-production platform. I then create a directory called
"NTreskit" on the production server and copy the utilities to the Server and then add the
path to the 'path' System Environmental variable.

Dave




| I think most people will appreciate the extra functionality the RK brings to
| Win2K server administration, especially when it comes to running certain
| tools remotely -- however, would you view the RK install as a security
| liability, offering a potential hacker a whole array of extra tools that
| would be present locally?
|
| Any opinions?
|
|
 
By default these tools are not in the path and would not be executed unless full
path was listed or executed from the folder. If still a concern, try running
them from a cdrom or installing in a non default folder location and name.
Another possibility is encrypting the folder where they exist and export/delete
the user and Recovery Agent EFS private keys when they are not needed or
encrypting them with an administrator account other than the built in
administrator account [main target of attacks] and exporting/deleting the
Recovery Agent EFS private key if it exists on the local computer, which may not
be the case on a domain computer. Efsinfo will tell for sure. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top