Home page logo
/

basics logo Security Basics mailing list archives

Re: Centralised Software Removal
From: "Salvador III Manaois" <badzmanaois () gmail com>
Date: Mon, 3 Nov 2008 01:24:35 +0800

Hi James,

Your situation may not be solved by technology alone. Define a policy
for granting local admin rights. Standardize on your software
deployment platform. Outline a configuration baseline (desired
configuration) and implement a change management DB to keep track of
configuration drifts (Microsoft SMS/SCCM has this capability, and
more).

Clean-up of the applications will entail a lot of prep-work and
planning (and may involve some coding if no third-party alternatives
are available). You may want to extract all the uninstall information
(HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall) and store
these on a DB. From this list, you can generate a whitelist; anything
out of this list, uninstall. You can create an application or a script
that can do this. Guy Thomas has a good example of a script that lists
the Uninstall registry key here (this should get you started in the
right direction):

http://www.computerperformance.co.uk/ezine/ezine63.htm

Removing the "rogue" administrators may be the easier task. Please
check the following post (shameless plug =)) which should provide you
some insight on how to go about tackling the task of removing users
from the local administrators group:

http://badzmanaois.blogspot.com/2008/11/removing-users-from-local.html

Regards,

Salvador Manaois III
MCSE MCSA CEH MCITP | Enterprise/Server Admin
Bytes & Badz : http://badzmanaois.blogspot.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]