X hits on this document

PDF document

FDCC_USGCB-Overcoming_Technical_Challenges_in_the_Windows_Baselines.pdf - page 16 / 29

73 views

0 shares

0 downloads

0 comments

16 / 29

  • Stored in profiles, in NTUSR.DAT

  • Dynamically loaded into HKey_Current_User

  • Problems

    • HKCU doesn’t exist if nobody is logged on

    • Scanner can’t access if someone is logged on

    • User can’t log on if NTUSR.DAT is loaded in scanner

  • Solutions

    • Use impersonation to scan logged on user

    • Scan all profiles by creating copies of NTUSR.DAT

    • If any profile is non-compliant consider the system non-compliant

Document info
Document views73
Page views73
Page last viewedTue Dec 06 15:21:02 UTC 2016
Pages29
Paragraphs379
Words1127

Comments