Archive for November, 2010


I just developed some IT Security Policies for my small company. These will of course vary greatly depending upon your needs, applications, structure, and operations. I am posting a copy of the document up here in case someone wants to download it as a template, and go through sentence by sentence to fit it to their own company. Use these policies as you will, word for word if you want.

It Policies

It Policies

I take no credit for the Templates I used to create my policies, and I did in some instances copy word for word from the template. I will take credit for any changes that you see. the original templates can be found on SANS website at http://www.sans.org/security-resources/policies/

Very good site, very good templates. Thanks guys!

Here it is-

Generic IT Security Policy Whole

Logging in today, I noticed something in the Application Log of my SBS 2008. There were three event id’s of 2803 and one of 17137 listed every 5 minutes or so. The viewer could not give me details… figures. There are the three:

Application Log Errors

Application Log Errors

The description for Event ID 17137 from source MSSQL$MICROSOFT##SSEE cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Then the same message with this attached:

1

Bound Trees

So after some digging I found information stating that this is caused by SQL closing the database connection when it is not in use, and then reopening it when it is being used. This is not good, if it is happening every 5 minutes.

So, let’s resolve this error.

First, connect to SQL using Management Studio Express. Connect to the MSSQL instance using the name \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query and Windows Authentication.

Expand Databases.

Right click the database in question, in this case Sharepoint_Admin_Content####, and select properties.

Database Properties

Database Properties

Click on the Options menu on the left. You will see a value displayed in the right windows named AUTO_CLOSE with a value of true. Change this value to false, and save and close SQL Management Studio.

AUTO_CLOSE

AUTO_CLOSE

You should see two more events appear in the event log, focusing on changing AUTO_CLOSE to FALSE. They should be event id 5084.

Event Log 5084

Event Log 5084

Thats it! You have fixed the error. Monitor both the database and the event logs for a few days to see how your system reacts. If you notice side effects, then you can always change the value back yto TRUE using a reverse of the same method.

You you run the MSBSA and you gt an error stating that some user account have non expiring password. the security analyzer notes that this is a security violations: all accounts should have expiring passwords. Some account are excluded from this rule- use your best judgement here. i have a service account for SQL that is used in a connection string for a private database we use. This database is strictly internal, so I have it set to keep the same password, thus negating changing the connection string.

Password Expire

Password Expire

I have blanked out the actual user names as they are server service account names.

Account Error

Account Error

 

If you have a similar situation, we can exclude accounts from this scan by editing NoExpireOk.txt, and adding the accounts. I know for a fact that the warning is on the server account. I am going to exclude this from future scans, as this setting is set up by SBS 2008 itself and does not warrant changing.

Navigate to NoExpireOk.txt- I had a hard time finding the file. It is located in the MSBSA installation directory. Mine is D:\Program Files\Microsoft Baseline Security Analyzer 2\NoExpireOk.txt

Open it with Notepad.

Add the user account listed in the warning to the file.

Close and save it.

Now I will only recommend using the MSBSA as a tool to help you find security holes- do not use this to change every feature of your network. Some settings it scans and normal errors. I have all of my domain workstations secured with a local Administrator account. this is a strong password, and I set it to non-expiring. I can’t be bothered with changing these local passwords, as well as all of my personal and service accounts, as well as helping users change theirs. there are errors with folder permissions for SQL- leave those alone, they are set by the system. The list goes on- do not take it to the bank, but use it as a guideline for major issues.

This post has no real meaning, but I thought I would post a screen shot of this tab. For the first time in over a year and a half, this screen is all green. All computers are updates, AV and AM is working, no one shut their computer down over the weekend. Nice.

I removed the computer names to protect the identity of my users.

Green SBS

Green SBS

%d bloggers like this: