[ahmadi]

Dear fawwodward
please ,can you explain to me how can i prevent access to regestry tools?
OS is win xp sp2
Dear peterm
the 2 programs recover the key from the registry I used Olydbg to analys them
there are 20 computers in my wireless network
I need away to prevent any one until the admin from accessing the registry
I now some ways to prevent access to registry tool and I used them but when I run combofix it remove the preventing access to the registry
I need way no program can remove it
I am sure that I will find it here

[Advertisements]

First make sure you have created a group for the wireless customers and a user name or names as well, make sure the user name(s) are assigned to this wireless group.

Unless you're running a server OS, then just go into control panel, administrative tools, and Local Security Policy. Open the Local Policies folder on the left, and then click on User Rights Assignment. You can try denying access to that computer from the network if all they're needing is just the wireless connection. Double click Access this computer from the network and remove the group/user name(s) of the wireless customers. Then double click Deny Access to this computer from the network and add the group/user name(s). Be very careful what you change because you can lock everyone out of the computer including yourself.

Make a backup of your registry before making any of the above changes, and if you have restore enabled, create a restore point prior to making the changes.

Good luck.

[fawoodward]

First make sure you have created a group for the wireless customers and a user name or names as well, make sure the user name(s) are assigned to this wireless group.

Unless you're running a server OS, then just go into control panel, administrative tools, and Local Security Policy. Open the Local Policies folder on the left, and then click on User Rights Assignment. You can try denying access to that computer from the network if all they're needing is just the wireless connection. Double click Access this computer from the network and remove the group/user name(s) of the wireless customers. Then double click Deny Access to this computer from the network and add the group/user name(s). Be very careful what you change because you can lock everyone out of the computer including yourself.

Make a backup of your registry before making any of the above changes, and if you have restore enabled, create a restore point prior to making the changes.

Good luck.

[peterm]

Ok if you think they are going into the registry to get the information then try this on 1 computer only to start with.
1.Click Start, click Run, type gpedit.msc in the Open box, and then click OK.
2.Expand User Configuration, Administrative Templates, and System, and then right click Prevent access to registry editing tools.
Left click on propertities.
Click on Enabled
Click ok
Hope this is what you are after
Cheers
peterm

[fawoodward]

They're not editing the registry, they're accessing it and retrieving the information from it if I understand his posts correctly. And he stated he had Winxp SP2 so I'm assuming it's not a server - he probably won't have gpedit on his computer, and if he uses gpedit he will prevent ALL users from accessing the registry editing tools. That's why I thought limiting them from even having access to that computer would work since he can assign or remove permissions in Local Security Policy.

Edited by fawoodward, 17 May 2008 - 09:49 AM.

[ahmadi]

First make sure you have created a group for the wireless customers and a user name or names as well, make sure the user name(s) are assigned to this wireless group.

Unless you're running a server OS, then just go into control panel, administrative tools, and Local Security Policy. Open the Local Policies folder on the left, and then click on User Rights Assignment. You can try denying access to that computer from the network if all they're needing is just the wireless connection. Double click Access this computer from the network and remove the group/user name(s) of the wireless customers. Then double click Deny Access to this computer from the network and add the group/user name(s). Be very careful what you change because you can lock everyone out of the computer including yourself.

Make a backup of your registry before making any of the above changes, and if you have restore enabled, create a restore point prior to making the changes.

Good luck.

Dear I tried it but it is not work
I have router Linksys not aserver OS
the customers dont access the registry in my pc but in their pcs,the program wirelesskeyview get the wep key from the reg in their pcs

Edited by ahmadi, 18 May 2008 - 08:06 AM.

[ahmadi]

Ok if you think they are going into the registry to get the information then try this on 1 computer only to start with.
1.Click Start, click Run, type gpedit.msc in the Open box, and then click OK.
2.Expand User Configuration, Administrative Templates, and System, and then right click Prevent access to registry editing tools.
Left click on propertities.
Click on Enabled
Click ok
Hope this is what you are after
Cheers
peterm

thank you
that what i need ,but not my costumers get the key from the reg ,the program wirelesskeyview get the wep key from the reg
I tried this way but they use combofix program to remove this prevnting
all my customers have combofix program because I using it to scan their pcs evry 14 days from virus,troj, malware etc
and I told them that combofix it removes all preventig,task manager,disable reg tools,no run ,and no folder options
I need way to prevent accessing the registry tools that no programs can removes it
I tried this way but combofix removed it too :
[HKCU\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000001
regards

[fawoodward]

[Dear I tried it but it is not work
I have router Linksys not aserver OS
the customers dont access the registry in my pc but in their pcs,the program wirelesskeyview get the wep key from the reg in their pcs

OK after re-reading your original post, I see that none of this so far is the answer to your issue. It sounds to me like you need to have your customers have an actual user/password to access your wireless network. What you're asking is to disallow your customers from running certain applications on their own computers, which there's no way to do that. You can't make the key invisible to them and still allow htem to access your wireless network with it, unless you have a 2nd requirement to access it, such as a login.

By removing access to registry editing tools, you're locking yourself out. Your customers are not editing your registry at all, they're accessing information in their own computer's registry.

Edited by fawoodward, 18 May 2008 - 07:27 PM.

[hproesler]

I agree, looks like the employees are just giving out the key after entered on their computer. Not really using aircrack at all, but WZcook, a component packaged with aircrack, which just lists the previous weps that have been entered on that particular computer. Aircrack itself is just a program to recover a key from the IVs which you obtain from the program airodump. In order to get enough IVs in a reasonable amount of time you must use packet injection which works only in Linux and only with certain wireless cards. It is not as easy to get working properly as downloading a piece of software. Sounds like a hopeless situation, if the employees are willing to give out the wep keys, why not a logon and password for Windows networking? I would think an employee that would be willing to do this, might as well take cash from the company drawers. Maybe use a logon for the network and find out who the person is willing to compromise the network and deal with them accordingly. Just my thoughts from what I have read.