Hack Proofing Windows 2000 Server

Applications are a major issue when securing a computer. One of the jobs of an administrator is to provide a stable platform for end users and the network. One of the ways you can provide that stability is by using the Application Security tool (AppSec), with which you can control what applications users are allowed to run. Another responsibility administrators may have is to run applications on the server. Using the Applications As Services utility, you can configure applications to run as services. This gives you an immediate increase in security because now a user account doesn t have to be logged on for the application to run. Both of these tools are provided in the Windows 2000 Server Resource Kit.
The Application Security tool allows administrators to restrict users to running a set list of applications. Properly executed, this tool will deny attempts to run programs that haven t been authorized. This tool works very well on Terminal Server, where everyone is logging into the same server. AppSec applies only to computers, not users.
The full path name is used to restrict the file. Only executable files are restricted, not DLLs. The executable file must have the correct name and be located in the correct location. If either of these isn t the case, the application will fail to run. This stops users from running the file from other locations (that is, copying the executable from a floppy to a different location on the...