Downloads from the Vista Security Book

As with Protect Your Windows Network I wrote some tools for the Windows Vista Security book that just came out. However, the Vista book does not come with a CD. Rather, Wiley has made the tools available for download. If you solemnly promise that you will buy the book, you may get the tools from there. Smile

The tools are:

  • A couple of Windows Management Instrumentation (WMI) Scripts that demonstrate how to interact with the Windows Firewall with Advanced Security. These scripts check if the firewall is on and which profile is active.
  • An electronic version of chapter 1. The link to this is currently broken. I will update the post as soon as I know what the link should be.
  • A very long (200 pages) Word document detailing the default security parameters for every built-in service in Windows Vista Ultimate. It has the ACL on the service as well as the process security parameters. I originally intended this as an appendix but it got too long.
  • WMI is essentially an object store that lets applications store all kinds of configuration information and lets other programs read that information using standard interfaces. While developing the group policy object (GPO) for the new Windows Firewall that is shown in the firewall chapter I needed a way to filter the GPO by operating system. WMI filters is a good way to do that, but to ensure that I had the right WMI data I wrote a little WMI script that dumps out all WMI data about the operating system. I figured you can use it to learn about what data WMI provides that you can leverage for other things, like GPO filtering.
  • The default Group Policy settings for User Account Control (UAC) leaves out one of the UAC settings: the one that controls whether a locally defined administrator gets a full or filtered token when connecting to the computer remotely. To enable that setting to be managed using Local Security Policy or Group Policy requires a new sceregvl.inf file. The UAC chapter discusses the setting and how to use this file to add it to the security policy tools.
  • A tool that enables you to launch a process elevated from a command line. You run "elevate <program> [program arguments]" and it will give you the standard elevation prompt. Since much of the code is reusable I also added the ability to run a process with low integrity with almost all the privileges stripped. Many programs won't work properly that way but I thought it was a nice way to test what will happen when you run them low.
  • One of my favorite utilities is the cmdhere.inf tool from the Windows 2000 Resource Kit. It puts a "command prompt here" command on the context menu for folders in Windows Explorer. However, with Vista cmdhere no longer works, and if you tweak it to work you get a non-elevated command prompt. Using the elevate tool, this little utility adds an "elevated command prompt here" item to the shortcut menu. Here is what it looks like:

Enjoy the tools, and the book!

Published Wed, Jul 11 2007 11:39 AM by jesper
Filed under: ,

Comments

# Capslock said on 11 July, 2007 06:36 PM

The "Open Command Window Here" has been included in Windows Vista anyway (at least it has on Business edition).

All you need to do is hold Left Shift when you right-click on a folder in the right pane of Explorer.  Granted this isn't as good as the tweak that allows it to appear without holding Left Shift and in both panes of Explorer.

# Aaron Margosis said on 11 July, 2007 08:35 PM

Vista actually includes "Command Prompt Here", but it's not as easy as one might like (not as easy as I would).  It doesn't work in the Folders list - only in the main pane.  And you have to hold down "Shift" while right-clicking.

I'm playing with this now and finding that Shift/right-click on files gives you additional context menu items that look interesting -- like "Copy as Path" and "Add to Quick Launch"!

# basiaw7 said on 12 July, 2007 10:09 AM

Jesper: under "electronic version of chapter 1." I think there is wrong link

# jesper said on 12 July, 2007 11:58 AM

Indeed it is. That link is broken on the Wiley site too. I've let them know and will update the post as soon as I know where it should point.

# ded said on 18 July, 2007 08:18 AM

the shield icon is missing in "elevated command prompt here"

# Blackstorm said on 25 July, 2007 06:24 PM

You're a saint... I miss so much the "command prompt here" feat... I've used it since the first release of TweakUI... I love you for this... :)

For the rest... well, there's a lot of funny stuff... I'm only a bit afraid by this massive, huge, doc with all those spec... Hey, 200 pages is GARGANTUAN!