Elias's NT Administration
Tools & Scripts
Welcome to my NT Administration page. This page contains some NT administration
scripts that I've made, as well as some very useful tool that I've found
out there that can ease an NT administrator's life. Mail
me back if you have any comments, suggestions, etc.
Here's a preliminary list:
Legal Mumbo Jumbo: The information contained in this page is not
official whatsoever. Use these scripts at your own risk. They should not
been applied to a production server, since they are not optimized for a
specific computer configuration and may destroy some special security structures
in your machine. The author is not responsible whatsoever for any damage
done to your information systems by these scripts. Thy master spoketh.
Security file & directory permissions script, which will (hopefully)
lock down your NT machine from malicious users (or hackers). Please DONT
run this script before editing it to see what it does, and how. Requires
the following NT security tools and the popular 4NT
shell (both shareware)
Security tools by Keith Woodard
- Very nice set of command line tools for manipulating file, directory
and registry settings (local or remote). Get them! (shareware)
A policy template
addon that adds some extra functionality regarding some Internet Explorer
paths (away from C:\WINNT, at last!!), the ability to terminate apps automatically,
some network entries to prevent from DoS attacks, DNS service manipulation,
and Samba SP3 "plaintext" passwords fix.
NT Tools homepage A very nice set of GUI utilities for the administration
(local&remote) of WinNT machines, covers most basic and some advanced
settings an administrator must make. Authors: Falk
Some suggested registry changes for Internet Mail and News, Windows Address
Book and Microsoft Office 95 & 97 in order for them to work in a "tight"
environment (ie. where %SystemRoot% is locked for read-only access), in
the form of a Kixtart script (a very famous logon script processor, you
can find it inside the NT Resource Kit), but WARNING: Kix32 must be run
from a shortcut in "StartUp", because only then is the user profile fully
A registry permissions script that will hopefully lock down your Registry
to a level that will prevent ordinary users to add new Classes (i.e. Install
new programs and/or change default file associations)
Some suggested additions to your registry that will disable default "Open"
actions for certain file types, especially .cmd/.bat/.reg/.lnk files by
assigning them to the non harmful MIME type "text/plain". In that way,
when a user clicks on a link to e.g. a .reg file, and he/she has selected
to no be asked whether to Open the file or Save it, he/she will just view
the file instead of executing it.
P.S.: I hate adding legal stuff on the bottom of my documents,
but that's neccesary for short-minded people called market managers and
their lawyers (corporate lawyers, that is).