Troubleshooting Windows Vista Security

advertisement
Troubleshooting Windows Vista
Security
Chapter 4
Troubleshooting IE7 PolicySetting Issues
• Features of IE7 now managed through
Group Policy
– Previously some features managed through
the IE admin kit
• Internet Explorer Maintenance (IEM)
extension controls certain settings
– Advantageous for settings that cannot wait
for a Group Policy refresh
– Preference mode allows a setting to be
changed
– Example: Setting for proxy server so it
cannot be temporarily overwritten
– Example: Proxy server set but can be
changed by someone who travels outside
the office
Troubleshooting IE7 Protected
Mode Issues
• Custom web applications may expect access to
areas of the machine that are now restricted
• Application shims deal with some of these
issues, redirecting calls to restricted areas to
default unrestricted areas
• Identify if protected mode is enabled
– Lower-right area of IE will list “Protected Mode:
On” or “Protected Mode: Off”
• Protected mode is not used if:
–
–
–
–
–
Protected Mode is disabled on the Security tab
The web page is local to the machine
IE7 was launched using “Run As Administrator”
UAC is disabled
The website is parts of the Trusted Sites zone
Troubleshooting IE7 Certificate
Issues
• When a certificate error is encountered, the display
will look like the following
Troubleshooting IE7 Certificate
Issues (continued)
• Valid reasons to encounter a certificate error include:
– The certificate has expired
– The certificate is not configured properly to the
website’s identity
– The certificate is not on a list of trusted CA’s
– Accessing the website by IP instead of by name
• Click the “Certificate Error” drop down in the address
bar for details
• If the error is from a truly trusted source, you can
bypass the error by clicking “continue to this
website”
• You can bypass the error depending upon the
source issue
– Add a CA to your trusted CA list
– Disable the check for revocation
• Any bypass of certificate errors has risk associated
Troubleshooting Windows
Firewall Issues
• If you are prevented from accessing
network resources, use the built-in
exceptions on the Exceptions tab
• Application problem are usually related
to specifics ports, which can be
unblocked
• Use the NETSH FIREWALL command
line utility to also configure the Firewall
– Use this when scripting your
configuration
– Example: When several hundred ports
need to be defined, using the GUI is
impractical
Troubleshooting Windows
Defender Issues
• Defender is designed to deal with
spyware in real time and with
periodic scans
• Can quarantine software
suspected as spyware
• When real software is quarantine
as spyware, use the Quarantine
Items option to restore the program
• Keep definitions updated using
Windows Update and enable
recommended updates
Troubleshooting EFS and
BitLocker Issues
• EFS Issues
– The volume must be formatted as NTFS
– If unable to access encrypted files, check for
certificate issues
– Import the certificate from backup if necessary
• BitLocker Issues
– Any tampering will cause BitLocker to go into
Recovery Mode
– Hardware failures may require the drive be
recovered in another computer with BitLocker
available
– Recovery Mode requires the recovery password
which, if not setup individually, may be stored in
AD and accessible by the domain admin
– BitLocker protection can be disabled temporarily
to make changes that might trip it’s tamper
detection
Troubleshooting Auditing
Issues
• If auditing using subcategories,
these apply over regular GPO
categories
– To allow use of GPO categories,
do not use the setting “Force Audit
Policy Subcategory Settings
(Windows Vista or later) to
Overrise Audit Policy Category
Settings
Troubleshooting Access
Denied Messages
• When attempting to access a
resource, Access Denied implies
the user is not part of the ACL of
that resource
– Check ACLs of the resource
– Check for EFS encryption
• You can Take Ownership of files
and folder to gain access
• You can use CIPHER.EXE to
decrypt EFS files
Troubleshoot Authentication
• Username and password issues
– Check for proper rights
– Reset password
– Create a password reset disk or USB key to use when
admin access is lost
• Certificates
– When a user roams between machines and need
certificates to work, setup credential roaming in the
domain
• Smart Cards
– Two-factor authentication requires a smart card and a
PIN to logon. Make sure the smart ard is being used
correctly.
• Public Keys
– Errors from public key infrastructure issues is stored in
the CAPI2 event log
Troubleshooting UAC
• UAC depends on the Application
Information service
– Make sure the service is running
• UAC Virtualization
– The policy setting “Virtualize File and
Registry Write Failures to Per-User
Locations” can cause errors for some
apps that write to protected areas if
turned off
• User experience issues with UAC
– Adjust settings if the UAC prompts are
too intrusive and your security policy
allows it
Troubleshooting Windows
Updates
• When encountering errors, you will
only receive an error code
– 80072efd – Problem Connecting to
website: check connection to Internet
– 80070003 Problem with temporary files:
delete Windows Update temp files
– 800f020b – Downloading a driver for a
device not connected: connect the
device
– 80246007 – Background Intelligent
Transfer Service issue: check that the
service is running
Download