Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Move files from System32 folder?

Status
Not open for further replies.
captaincrunch00

captaincrunch00

IS-IT--Management
Joined
Mar 8, 2004
Messages
582
Location
US
Hi there,
The auditors have requested that I move many files from the System32 folder to some other folder, then hide it for security reasons.
I know, I know. This is ridiculous. If someone manages to get onto my server what do I care that he is using the calculator or pinging someone, he could be doing much worse.

And yet I've been told to make it happen. Just moving the files from the system32 folder to another folder and then hiding doesn't quite work, the OS recreates the files within the system32 folder.

The files I'm trying to move and not have recreated are: arp, at, cacls, calc, cmd, cscript, debug, edlin, finger, ftp, ipconfig.... and on and on and on.

Is there a way to stop the server (2003, 2000, as well as every workstation; XP, 2000) not recreate the files in the system32 folder and allow me to move them.

Is there a way through a batch script to hide a folder that the batch script creates?


Thanks a lot!
-Andrew
 
Sort by date Sort by votes
Hi, Andrew

Your auditor clearly has too much time on their hands.

Is he/she/it smart enough to notice if you just hide those files?

Otherwise, you are going to have to remove all instances, not just in system32 but also in \i386 (if it iexists) and in the system restore areas in order to prevent the os from replacing them (it must be copying them from somewhere).

If by batch script you mean a .cmd or .bat:

md c:\subdir
attrib c:\subdir +h

but of course attrib.exe may be one of the programs they want you to hide - so make a copy under another name (auditor.exe?).

Jock
 
Upvote 0 Downvote
Want to trade auditors?

I actually crossposted this, and thanks for all of the info.
I'm trying to nicely word an email to the auditors that says "What were you thinking? This is dumb and everyone I talk to thinks its a terrible idea that will not really do anything."

I love writing emails like this.

 
Upvote 0 Downvote
Can't you just set security permissions on those files to deny access for everyone except those that need it?

Enkrypted
A+
 
Upvote 0 Downvote
The file permissions are already set so local admin or domain admins can use them. No one else can even log onto those boxes locally, remotely, or get to the hidden shares.

I am so confused as to what the auditors want and why they want it.
 
Upvote 0 Downvote
Haven't tried this with anything other than W2K...

You'll find the files you've quoted above are also in the C:\WINDOWS\SYSTEM32\DLLCACHE sub dir. Do a Cut and paste from this sub-dir and place in a new folder of your choice and then instigate the Hidden attribute on these files. Now go into the SYSTEM32 sub-dir and delete the files of the same name.

ROGER - G0AOZ.
 
Upvote 0 Downvote
I also posted in your S2K3 thread, if you want to do this on an XP machine you will probably want to have a look at the prefetch directory as well.. only problem is that any sp\qfe you apply may well reapply them.

Get the auditor to justify their actions because this is just dumb.
 
Upvote 0 Downvote
Create a copy of the windows/winnt directory called wind0ws/w1nnt (all caps to hide the numbers) then remove all the files they say you shouldn't have in it. Then hide the real windows folder and when they ask to look, show them the copy. If they're stupid enough to want to remove files from an important directory they're stupid enough not to notice.
 
Upvote 0 Downvote
The other posters have said everything, these are just for information.



Disable Windows File Protection (Windows 2000/XP)

222193 - Description of the Windows File Protection Feature



How to apply predefined security templates in Windows 2000

Security Templates overview is a XP Help and Support program article.

How to apply the same Group Policy to many machines in a Workgroup environment.
faq779-5596


CIS Windows scoring tool.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question Question
Renaming Files
Replies
11
Views
1K
dik
dik
Shengfu
  • Locked
  • Question Question
PROBLEM WITH FILES IN FLASHDRIVE
Replies
3
Views
644
mikrom
mikrom
pjw001
  • Locked
  • Question Question
Windows 11 File Explorer Preview Pane for PDF files
Replies
2
Views
812
pjw001
pjw001
Flinx
  • Locked
  • Question Question
very slow transfers from windows 10 to NAS
Replies
9
Views
1K
Flinx
Flinx
Thespian
  • Locked
  • Question Question
Transfer files and applications from a hard drive to a new system
Replies
4
Views
658
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top