Securing Windows NT to Prevent ODBC Tracing
Microsoft Corporation
1997
Introduction
The Microsoft Windows NT operating system provides a rich set of security features. This article describes functionality in Windows NT 4.0 that provides a system administrator who requires enhanced security with the ability to keep non-administrative users from initiating an ODBC trace. The following steps should be followed while logged in as an administrator:
-
Log in to the machine you are protecting as the machine or domain administrator. Using regedt32.exe, take ownership of the following key:
HKEY_LOCAL_MACHINE\
SOFTWARE\
ODBC\
ODBC.INI
-
Set the value "Trace" to "0". The "Trace" value can be found under the following registry key:
HKEY_LOCAL_MACHINE\
SOFTWARE\
ODBC\
ODBC.INI\
ODBC
-
Set the value "TraceDll" to an empty string. The "TraceDll" value can be found under the following registry key:
HKEY_LOCAL_MACHINE\
SOFTWARE\
ODBC\
ODBC.INI\
ODBC
-
Set the permissions for "Everyone" to READ on the "ODBC" key.
-
Remove explicit permissions on the "ODBC" key for any non-administrative users.
For each user, there is a registry file. This file is named %SYSTEMROOT%\profiles\username\ntuser.dat
. These files can be loaded into regedt32.exe using the Registry | Load Hive menu command.
-
Make the HKEY_USERS window active, and click on HKEY_USERS. Using the "Load Hive" command on the "Registry" menu, find the appropriate hive. When prompted for the key name, use the username you are editing.
-
Take ownership of the key ODBC and its subkeys as was done in the preceding steps. The key will be found in the following location:
HKEY_USERS\
username\
SOFTWARE\
ODBC\
ODBC.INI\
ODBC
-
Set the value "Trace" to "0". The "Trace" value can be found under the following registry key:
HKEY_LOCAL_MACHINE\
username\
SOFTWARE\
ODBC\
ODBC.INI\
ODBC
-
Set the value "TraceDll" to an empty string. The "TraceDll" value can be found under the following registry key:
HKEY_LOCAL_MACHINE\
username\
SOFTWARE\
ODBC\
ODBC.INI\
ODBC
-
Set the permissions for "Everyone" to READ on the "ODBC" key.
-
Remove explicit permissions on the "ODBC" key for any non-administrative users.
-
Unload the hive you just loaded.
The preceding steps secured currently existing registry keys. When creating new users, the steps above need to be followed.