Securing Windows NT to Prevent ODBC Tracing

Microsoft Corporation

1997

Introduction

The Microsoft Windows NT operating system provides a rich set of security features. This article describes functionality in Windows NT 4.0 that provides a system administrator who requires enhanced security with the ability to keep non-administrative users from initiating an ODBC trace. The following steps should be followed while logged in as an administrator:

  1. Log in to the machine you are protecting as the machine or domain administrator. Using regedt32.exe, take ownership of the following key:
    HKEY_LOCAL_MACHINE\
     SOFTWARE\
     ODBC\
     ODBC.INI
    
  2. Set the value "Trace" to "0". The "Trace" value can be found under the following registry key:
    HKEY_LOCAL_MACHINE\
     SOFTWARE\
     ODBC\
     ODBC.INI\
     ODBC
    
  3. Set the value "TraceDll" to an empty string. The "TraceDll" value can be found under the following registry key:
    HKEY_LOCAL_MACHINE\
     SOFTWARE\
     ODBC\
     ODBC.INI\
     ODBC
    
  4. Set the permissions for "Everyone" to READ on the "ODBC" key.

  5. Remove explicit permissions on the "ODBC" key for any non-administrative users.

For each user, there is a registry file. This file is named %SYSTEMROOT%\profiles\username\ntuser.dat. These files can be loaded into regedt32.exe using the Registry | Load Hive menu command.

  1. Make the HKEY_USERS window active, and click on HKEY_USERS. Using the "Load Hive" command on the "Registry" menu, find the appropriate hive. When prompted for the key name, use the username you are editing.

  2. Take ownership of the key ODBC and its subkeys as was done in the preceding steps. The key will be found in the following location:
    HKEY_USERS\
     username\
     SOFTWARE\
     ODBC\
     ODBC.INI\
     ODBC
    
  3. Set the value "Trace" to "0". The "Trace" value can be found under the following registry key:
    HKEY_LOCAL_MACHINE\
     username\
     SOFTWARE\
     ODBC\
     ODBC.INI\
     ODBC
    
  4. Set the value "TraceDll" to an empty string. The "TraceDll" value can be found under the following registry key:
    HKEY_LOCAL_MACHINE\
     username\
     SOFTWARE\
     ODBC\
     ODBC.INI\
     ODBC
    
  5. Set the permissions for "Everyone" to READ on the "ODBC" key.

  6. Remove explicit permissions on the "ODBC" key for any non-administrative users.

  7. Unload the hive you just loaded.

The preceding steps secured currently existing registry keys. When creating new users, the steps above need to be followed.