windows startup - registry key -controll

[Sai]

Hi
Is there any policy settings or any other way ,I can
prevent the new installed programmes configuring them self
to start at startup of windows 2000??Some times I have the
option while installing but some times not.

This is becasue few days back some new installtion of the
programme made an entry(C:\winnt\iexplore.exe - spyware)
to the following registry key (windows startup).

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio
n\Run

This is poping up the advertisement windows,and when there
is a popup window i could able to see this iexplorer.exe
processes in the task manager,looks like it is pretending
like IEXPLORE.EXE(Program Files\Internet
Explorer\iexplore.exe) which is actual one from microsoft
browser,non of the Anti spyware programmes detected
it ,but some how I deleted it.So I want to prvent this
happening next time.

So I want to have a full controll over this registry
key,or any installtion to windows startup.

Any help would be greately appriciated.


Thanks
Sai

 

[Holger Pollmann]

So I want to have a full controll over this registry
key,

Well... if your normal user account is not one with administrative
rights (it shouldn't), then you can simply run regedt32.exe with an
administrator user account, go to that key and set the security
settings so that only a user with administrative rights can change it.

That way, if you install some program with your regular,
non-administrator user account, that program cannot write to that key.

Of course that means that no program that is SUPPOSED to do that can
write to that key, either.

or any installtion to windows startup.

Do you mean the startup folder in the start menu? Simply change the
security settings for that folder so that only users with
administrative rights can write to it.

 

[Sai]

Hi Holger
Thanks for your reply and valuable
suggestions,usually I will be working with administrator
user on my machine,is it not possible to restrict
modifications to that key when I logged on as
administrator logon??I mean as a administrator when ever I
want I will reset the key for new installtions.

Thanks
Sai

-----Original Message-----


Well... if your normal user account is not one with administrative
rights (it shouldn't), then you can simply run regedt32.exe with an
administrator user account, go to that key and set the security
settings so that only a user with administrative rights can change it.

That way, if you install some program with your regular,
non-administrator user account, that program cannot write to that key.

Of course that means that no program that is SUPPOSED to do that can
write to that key, either.


Do you mean the startup folder in the start menu? Simply change the
security settings for that folder so that only users with
administrative rights can write to it.

(e-mail address removed) )

 

[Holger Pollmann]

Thanks for your reply and valuable
suggestions,usually I will be working with administrator
user on my machine,is it not possible to restrict
modifications to that key when I logged on as
administrator logon??

Well... I'm not sure. The point is that as an administrator you can
change pretty much everything, so it's hard to lock out another
administrator, but you could try... set up a different administrator
user and give him exclusive rights to the key and bar your regular user
from accessing. I don't know if that's gonna work, though, but it's
worth a try.

Apart from that, you should think about stopping to use an
administrator as yoru regular account, it's a security problem: every
virus can do all you can do, so if YOU have the rigth to mess up
everything, the virus can,too. Think about it.

 

[Sai]

You are right,using the administrator for regular use is
security risk,thanks for your suggestion,I am going to try
the other thing as per your directions.

Thanks
Sai

-----Original Message-----


Well... I'm not sure. The point is that as an administrator you can
change pretty much everything, so it's hard to lock out another
administrator, but you could try... set up a different administrator
user and give him exclusive rights to the key and bar your regular user
from accessing. I don't know if that's gonna work, though, but it's
worth a try.

Apart from that, you should think about stopping to use an
administrator as yoru regular account, it's a security problem: every
virus can do all you can do, so if YOU have the rigth to mess up
everything, the virus can,too. Think about it.

(e-mail address removed) )