home *** CD-ROM | disk | FTP | other *** search
/ Hackers Handbook - Millenium Edition / Hackers Handbook.iso / files / nt / scesp4i.exe / mssce.cab / hisecdc4.inf < prev    next >
Encoding:
Windows Setup INFormation  |  1998-09-30  |  20.0 KB  |  367 lines
  1. ; (c) Microsoft Corporation 1997-2000
  2. ;
  3. ; Security Configuration Template for Security Configuration Editor
  4. ;
  5. ; Template Name:        HiSecDC4.INF
  6. ; Template Version:     04.00.HD.0000
  7. ;
  8. ; Revision History
  9. ; 0000  -       Original
  10.  
  11.  
  12. [Profile Description]
  13. High Secure configuration for Windows NT 4.0 Domain Controllers.
  14.  
  15. [version]
  16. signature="$CHICAGO$"
  17.  
  18. [System Access]
  19. ;----------------------------------------------------------------
  20. ;Account Policies - Password Policy
  21. ;----------------------------------------------------------------
  22. MinimumPasswordAge = 2
  23. MaximumPasswordAge = 42
  24. MinimumPasswordLength = 8
  25. PasswordComplexity = 1
  26. PasswordHistorySize = 6
  27. RequireLogonToChangePassword = 0
  28. ClearTextPassword = 0
  29.  
  30. ;----------------------------------------------------------------
  31. ;Account Policies - Lockout Policy
  32. ;----------------------------------------------------------------
  33. LockoutBadCount = 5
  34. ResetLockoutCount = 720
  35. LockoutDuration = -1
  36.  
  37.  
  38. ;----------------------------------------------------------------
  39. ;Local Policies - Security Options
  40. ;----------------------------------------------------------------
  41. ;DC Only
  42. ForceLogoffWhenHourExpire = 1
  43.  
  44. ;NewAdministatorName =
  45. ;NewGuestName =
  46. ;SecureSystemPartition
  47.  
  48. ;----------------------------------------------------------------
  49. ;Event Log - Log Settings
  50. ;----------------------------------------------------------------
  51. ;Audit Log Retention Period:
  52. ;0 = Overwrite Events As Needed
  53. ;1 = Overwrite Events As Specified by Retention Days Entry
  54. ;2 = Never Overwrite Events (Clear Log Manually)
  55.  
  56. [System Log]
  57. MaximumLogSize = 6144
  58. AuditLogRetentionPeriod = 0
  59. ;RetentionDays = 7
  60. RestrictGuestAccess = 1
  61.  
  62. [Security Log]
  63. MaximumLogSize = 6144
  64. AuditLogRetentionPeriod = 0
  65. ;RetentionDays = 7
  66. RestrictGuestAccess = 1
  67.  
  68. [Application Log]
  69. MaximumLogSize = 6144
  70. AuditLogRetentionPeriod = 0
  71. ;RetentionDays = 7
  72. RestrictGuestAccess = 1
  73.  
  74. ;----------------------------------------------------------------------
  75. ;    Local Policies\Audit Policy
  76. ;----------------------------------------------------------------------
  77. [Event Audit]
  78. AuditSystemEvents = 3
  79. AuditObjectAccess = 2
  80. AuditPrivilegeUse = 2
  81. AuditPolicyChange = 3
  82. AuditAccountManage = 3
  83. AuditProcessTracking = 0
  84. AuditDSAccess=2
  85. AuditAccountLogon=2
  86. AuditLogonEvents = 2
  87.  
  88. [Registry Values]
  89. ; Registry value name in full path = Type, Value
  90. ; REG_SZ                      ( 1 )
  91. ; REG_EXPAND_SZ               ( 2 )  // with environment variables to expand
  92. ; REG_BINARY                  ( 3 )
  93. ; REG_DWORD                   ( 4 )
  94. ; REG_MULTI_SZ                ( 7 )
  95.  
  96. MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,1
  97. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms=1,1
  98. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies=1,1
  99. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,10
  100. MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,1
  101. MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0
  102. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName=1,1
  103. ;Bug pending if FPA value is present regardless of data
  104. ;MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,30
  105. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption=1,""
  106. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText=1,""
  107. ;Bug Pending when LMCompat=2 and packet signing enabled
  108. MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,1
  109. MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1
  110. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1
  111. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownWithoutLogon=1,0
  112. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
  113. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
  114. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,0
  115. MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnableSecuritySignature=4,1
  116. MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\RequireSecuritySignature=4,0
  117. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1
  118. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0
  119. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
  120. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15
  121. MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnablePlainTextPassword=4,0
  122. MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,1
  123. MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\AddPrintDrivers=4,1
  124.  
  125.  
  126. ;----------------------------------------------------------------------
  127. ;    Local Policies\User Rights Assignment
  128. ;----------------------------------------------------------------------
  129. ;SeNetworkLogonRight            = Access this computer from the network
  130. ;SeTcbPrivilege                 = Act as part of the operating System           - (Advanced)
  131. ;SeMachineAccountPrivilege      = Add workstations to the domain                - (Advanced)
  132. ;SeBackupPrivilege              = Back up files and directories
  133. ;SeChangeNotifyPrivilege        = Bypass traverse checking                      - (Advanced)
  134. ;SeSystemtimePrivilege          = Change the system time
  135. ;SeCreatePagefilePrivilege      = Create a pagefile                             - (Advanced)
  136. ;SeCreateTokenPrivilege         = Create a token object                         - (Advanced)
  137. ;SeCreatePermanentPrivilege     = Create permanent shared objects               - (Advanced)
  138. ;SeDebugPrivilege               = Debug programs                                - (Advanced)
  139. ;SeRemoteShutdownPrivilege      = Force shutdown from a remote system
  140. ;SeAuditPrivilege               = Generate security audits                      - (Advanced)
  141. ;SeIncreaseQuotaPrivilege       = Increase quotas                               - (Advanced)
  142. ;SeIncreaseBasePriorityPrivilege= Increase scheduling priority                  - (Advanced)
  143. ;SeLoadDriverPrivilege          = Load and unload device drivers
  144. ;SeLockMemoryPrivilege          = Lock pages in memory                          - (Advanced)
  145. ;SeBatchLogonRight              = Log on as a batch job                         - (Advanced)
  146. ;SeServiceLogonRight            = Log on as a service                           - (Advanced)
  147. ;SeInteractiveLogonRight        = Log on locally                                - (Advanced)
  148. ;SeSecurityPrivilege            = Manage auditing and security log              - (Advanced)
  149. ;SeSystemEnvironmentPrivilege   = Modify firmware environment variables         - (Advanced)
  150. ;SeProfileSingleProcessPrivilege= Profile single process                        - (Advanced)
  151. ;SeSystemProfilePrivilege       = Profile system performance                    - (Advanced)
  152. ;SeAssignPrimaryTokenPrivilege  = Replace a process-level token                 - (Advanced)
  153. ;SeRestorePrivilege             = Restore files and directories
  154. ;SeShutdownPrivilege            = Shut down the system
  155. ;SeTakeOwnershipPrivilege       = Take ownership of files or other objects
  156. ;SeUnsolicitedInputPrivilege                                                    - (Advanced)
  157. ;
  158. [Privilege Rights]
  159. SeAssignPrimaryTokenPrivilege =
  160. SeAuditPrivilege =
  161. SeBackupPrivilege = %SceInfAdmins%, %SceInfBackupOp%, %SceInfServerOp%
  162. ;SeBatchLogonRight = 
  163. ;SeChangeNotifyPrivilege = %SceInfEveryone%
  164. SeCreatePagefilePrivilege = %SceInfAdmins%
  165. SeCreatePermanentPrivilege =
  166. SeCreateTokenPrivilege =
  167. SeDebugPrivilege = %SceInfAdmins%
  168. SeIncreaseBasePriorityPrivilege = %SceInfAdmins%
  169. SeIncreaseQuotaPrivilege = %SceInfAdmins%
  170. ;SeInteractiveLogonRight = %SceInfAcountOp%, %SceInfAdmins%, %SceInfBackupOp%, %SceInfServerOp%, %SceInfPrintOp%
  171. SeLoadDriverPrivilege = %SceInfAdmins%
  172. SeLockMemoryPrivilege =
  173. ;SeMachineAccountPrivilege =
  174. SeNetworkLogonRight = %SceInfAcountOp%, %SceInfAdmins%, %SceInfBackupOp%, %SceInfServerOp%, %SceInfPrintOp%, %SceInfUsers%
  175. SeProfileSingleProcessPrivilege = %SceInfAdmins%
  176. SeRemoteShutdownPrivilege = %SceInfAdmins%, %SceInfServerOp%
  177. SeRestorePrivilege = %SceInfAdmins%, %SceInfBackupOp%, %SceInfServerOp%
  178. SeSecurityPrivilege = %SceInfAdmins%
  179. ;SeServiceLogonRight =
  180. SeShutdownPrivilege = %SceInfAdmins%, %SceInfServerOp%
  181. SeSystemEnvironmentPrivilege = %SceInfAdmins%
  182. SeSystemProfilePrivilege = %SceInfAdmins%
  183. SeSystemTimePrivilege = %SceInfAdmins%, %SceInfServerOp%
  184. SeTakeOwnershipPrivilege = %SceInfAdmins%
  185. ;SeTcbPrivilege =
  186.  
  187. ;----------------------------------------------------------------------
  188. ;    Restricted Groups
  189. ;----------------------------------------------------------------------
  190. [Group Membership]
  191. ;;%SceInfBackupOp%__Memberof =
  192. ;;%SceInfBackupOp%__Members =
  193. ;;%SceInfReplicator%__Memberof =
  194. ;;%SceInfReplicator%__Members =
  195. ;;%SceInfUsers%__Memberof =
  196. ;;%SceInfUsers%__Members =
  197. ;;%SceInfPowerUsers%__Memberof =
  198. ;;%SceInfPowerUsers%__Members =
  199. ;;%SceInfAdmins%__Memberof =
  200. ;;%SceInfAdmins%__Members =
  201. ;;%SceInfGuests%__Memberof =
  202. ;;%SceInfGuests%__Members =
  203.  
  204. ;---------------------------------------------------------------------------------------
  205. ;    Registry
  206. ;---------------------------------------------------------------------------------------
  207. [Registry Keys]
  208. "CLASSES_ROOT",2,"D:(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;CO)(A;CI;GA;;;SY)(A;CI;GRGWSD;;;SO)"
  209. "CLASSES_ROOT\helpfile",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  210. "CLASSES_ROOT\.hlp",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  211.  
  212. "MACHINE\Software",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;SO)S:P(SA;CIOISAFA;0x000d0006;;;WD)"
  213.  
  214. "MACHINE\SOFTWARE\Classes",1,""
  215.  
  216. "MACHINE\SOFTWARE\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  217. "MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider",1,""
  218. "MACHINE\SOFTWARE\Microsoft\Secure",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;CO)(A;CI;GA;;;SO)(A;CI;GA;;;SY)"
  219.  
  220. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  221.  
  222. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  223. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  224. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  225. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  226. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  227. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Embedding",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  228. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)"
  229. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)"
  230. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  231. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  232. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  233. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  234. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  235. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI Extensions",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  236. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  237. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Midimap",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  238. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib",2,"D:P(A;CI;GR;;;IU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  239. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009",1,""
  240. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  241. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  242. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  243. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\Type 1 Fonts",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  244. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  245. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGW;;;SO)"
  246.  
  247. "MACHINE\SOFTWARE\Secure",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GA;;;SO)"
  248.  
  249. "MACHINE\System",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  250. "MACHINE\SYSTEM\Clone",1,""
  251.  
  252. "MACHINE\SYSTEM\ControlSet001",1,""
  253. "MACHINE\SYSTEM\ControlSet002",1,""
  254. "MACHINE\SYSTEM\ControlSet003",1,""
  255. "MACHINE\SYSTEM\ControlSet004",1,""
  256. "MACHINE\SYSTEM\ControlSet005",1,""
  257. "MACHINE\SYSTEM\ControlSet006",1,""
  258. "MACHINE\SYSTEM\ControlSet007",1,""
  259. "MACHINE\SYSTEM\ControlSet008",1,""
  260. "MACHINE\SYSTEM\ControlSet009",1,""
  261. "MACHINE\SYSTEM\ControlSet010",1,""
  262.  
  263. "MACHINE\SYSTEM\CurrentControlSet\Control",2,"D:(A;CI;GA;;;CO)(A;CI;GRGWSD;;;SO)"
  264. "MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  265. "MACHINE\SYSTEM\CurrentControlSet\Control\Lsa",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  266. "MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  267. "MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",1,""
  268. "MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg",2,"D:P(A;CI;GA;;;DA)(A;CI;GRGW;;;BO)"
  269.  
  270. "MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive",2,"D:P(A;CI;GA;;;CO)(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GRGW;;;SO)"
  271. "MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  272.  
  273. "MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation",2,"D:P(A;CI;GA;;;CO)(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GRGW;;;SO)"
  274.  
  275. "MACHINE\SYSTEM\CurrentControlSet\Control\Windows",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)(A;CI;GRGW;;;SO)"
  276.  
  277. "MACHINE\SYSTEM\CurrentControlSet\Enum",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;SY)"
  278.  
  279. "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current",1,""
  280.  
  281. "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control",2,"D:(A;CI;GA;;;CO)(A;CI;GRGWSD;;;SO)"
  282. "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum",2,"D:(A;CI;GA;;;CO)(A;CI;GRGWSD;;;SO)"
  283. "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Services",2,"D:(A;CI;GA;;;CO)(A;CI;GRGWSD;;;SO)"
  284.  
  285. "MACHINE\SYSTEM\CurrentControlSet\Services",2,"D:(A;CI;GA;;;CO)(A;CI;GRGWSD;;;SO)"
  286. "MACHINE\SYSTEM\CurrentControlSet\Services\EventLog",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  287. "MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  288.  
  289. "USERS\.DEFAULT",2,"D:P(A;CI;GR;;;AU)(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  290. "USERS\.DEFAULT\Software\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;DA)(A;CI;GA;;;SY)"
  291. "USERS\.DEFAULT\SOFTWARE\Microsoft\Protected Storage System Provider",1,""
  292. "USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies",2,"D:(A;CI;GA;;;CO)(A;CI;GRGWSD;;;SO)"
  293.  
  294. ;---------------------------------------------------------------------------------------
  295. ;    File System
  296. ;---------------------------------------------------------------------------------------
  297. [File Security]
  298.  
  299. ;---------------------------------------------------------------------------------------
  300. ;x86 Boot Files
  301. ;---------------------------------------------------------------------------------------
  302. "c:\boot.ini",2,"D:P(A;;GA;;;DA)(A;;GA;;;SY)(A;;GRGWGXSD;;;SO)S:P(SA;CIOISA;0x00000110;;;WD)(SA;CIOISAFA;0x000d0046;;;WD)"
  303. "c:\ntdetect.com",2,"D:P(A;;GA;;;DA)(A;;GA;;;SY)(A;;GRGWGXSD;;;SO)S:P(SA;CIOISA;0x00000110;;;WD)(SA;CIOISAFA;0x000d0046;;;WD)"
  304. "c:\ntldr",2,"D:P(A;;GA;;;DA)(A;;GA;;;SY)(A;;GRGWGXSD;;;SO)S:P(SA;CIOISA;0x00000110;;;WD)(SA;CIOISAFA;0x000d0046;;;WD)"
  305. "c:\ntbootdd.sys",2,"D:P(A;;GA;;;DA)(A;;GA;;;SY)(A;;GRGWGXSD;;;SO)S:P(SA;CIOISA;0x00000110;;;WD)(SA;CIOISAFA;0x000d0046;;;WD)"
  306. "c:\autoexec.bat",2,"D:P(A;;GA;;;DA)(A;;GA;;;SY)(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)S:P(SA;CIOISA;0x00000110;;;WD)(SA;CIOISAFA;0x000d0046;;;WD)"
  307. "c:\config.sys",2,"D:P(A;;GA;;;DA)(A;;GA;;;SY)(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)S:P(SA;CIOISA;0x00000110;;;WD)(SA;CIOISAFA;0x000d0046;;;WD)"
  308.  
  309. ;---------------------------------------------------------------------------------------------
  310. ;System Drive (\)
  311. ;---------------------------------------------------------------------------------------------
  312. "%SystemDrive%",0,"D:(A;CIOI;GRGX;;;AU)(A;CIOI;GA;;;DA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;;GW;;;SO)"
  313. "%SystemDrive%\InetPub",1,""
  314. "%SystemDrive%\Program Files",2,"D:P(A;CIOI;GA;;;DA)(A;CIOI;GRGX;;;AU)(A;CIOI;GA;;;SY)(A;CIOI;GRGWGXSD;;;SO)"
  315. "%SystemDrive%\Recycler",1,""
  316. "%SystemDrive%\~Secure.nt",1,""
  317. "%SystemDrive%\Temp",2,"D:P(A;CIOI;GA;;;CO)(A;;GRGWGX;;;AU)(A;CIOI;GA;;;DA)(A;CIOI;GA;;;SY)"
  318. "%SystemDrive%\Users",1,""
  319.  
  320. "%SystemDrive%\PageFile.Sys",1,""
  321. ;---------------------------------------------------------------------------------------------
  322. ;System Root (Typically \WINNT)
  323. ;---------------------------------------------------------------------------------------------
  324. "%SystemRoot%",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GA;;;DA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;SO)S:P(SA;CIOISA;0x00000110;;;WD)(SA;CIOISAFA;0x000d0046;;;WD)"
  325. "%SystemRoot%\profiles",1,""
  326. "%SystemRoot%\repair",2,"D:P(A;CIOI;GA;;;DA)(A;CIOI;GA;;;SY)"
  327.  
  328. ;---------------------------------------------------------------------------------------------
  329. ;System Directory (Typically \Winnt\System32)
  330. ;---------------------------------------------------------------------------------------------
  331. "%SystemDirectory%\config",2,"D:P(A;CI;GRGX;;;AU)(A;CIOI;GA;;;DA)(A;CIOI;GA;;;SY)"
  332. "%SystemDirectory%\repl\import",2,"D:(A;CIOI;GRGWGXSD;;;RP)S:P"
  333. "%SystemDirectory%\repl\export",2,"D:(A;CIOI;GRGWGXSD;;;RP)S:P"
  334. "%SystemDirectory%\spool",2,"D:(A;CIOI;GA;;;PO)S:P"
  335. "%SystemDirectory%\spool\printers",2,"D:P(A;CIOI;GA;;;CO)(A;CI;GRGX;;;AU)(A;CIOI;GA;;;DA)(A;CIOI;GA;;;PO)(A;CIOI;GA;;;SO)(A;CIOI;GA;;;SY)"
  336.  
  337. "%SystemDirectory%\hpmon.dll",2,"D:(A;;GRGWGXSD;;;PO)"
  338. "%SystemDirectory%\hpmon.hlp",2,"D:(A;;GRGWGXSD;;;PO)"
  339. "%SystemDirectory%\localmon.dll",2,"D:(A;;GRGWGXSD;;;PO)"
  340.  
  341. ;---------------------------------------------------------------------------------------
  342. ;    EOF
  343. ;---------------------------------------------------------------------------------------
  344.  
  345.  
  346. [Strings]
  347.  
  348. SceInfAdministrator = Administrator
  349. SceInfAdmins = Administrators
  350. SceInfAcountOp = Account Operators
  351. SceInfAuthUsers = Authenticated Users
  352. SceInfBackupOp = Backup Operators
  353. SceInfDomainAdmins = Domain Admins
  354. SceInfDomainGuests = Domain Guests
  355. SceInfDomainUsers = Domain Users
  356. SceInfEveryone = Everyone
  357. SceInfGuests = Guests
  358. SceInfGuest = Guest
  359. SceInfPowerUsers = Power Users
  360. SceInfPrintOp = Print Operators
  361. SceInfReplicator = Replicator
  362. SceInfServerOp = Server Operators
  363. SceInfUsers = Users
  364. SceInfMTSAdmins = MTS Administrators
  365. SceInfMTSImpersonators = MTS Impersonators
  366. SceInfMTSAdmin = MTS_Admin
  367.