Windows 10: I cant Enable my Windows Security Service in Services

Discus and support I cant Enable my Windows Security Service in Services in AntiVirus, Firewalls and System Security to solve the problem; I want to Enable it but I Cant seem to press it... Discussion in 'AntiVirus, Firewalls and System Security' started by Grey_1010, Jun 12, 2021.

  1. Grey_1010 Win User

    I cant Enable my Windows Security Service in Services


    I want to Enable it but I Cant seem to press it

    :)
     
    Grey_1010, Jun 12, 2021
    #1

  2. Securing Windows 2000/XP/Server 2003 services HOW TO

    This is all i could save. I dont know if people can see what I can in the Wiki, but I got this article the others he deleted b4 he posted them in the wiki and i dont have the powers even in my sections to bring them back...perhaps a back up but Im not sure we have one ill go see. He did a damn good job at making sure nothing of his existed after he left...Im at school but when i get home ill email him and see if i can get him back im not done fighting yet.-Solaris17




    Securing Windows 2000/XP/Server 2003 services HOW TO
    I went at ALL of the services in Windows Server 2003 (some will not be in XP for instance, & Windows 2000 has no NETWORK SERVICE or LOCAL SERVICE as far as I know, but not sure, you can always make a limited privelege user too for this on 2000 if needed)...

    I did testing to see which services could be run/logged in as LOCAL SERVICE, or NETWORK SERVICE, rather than the default of LOCAL SYSTEM (which means Operating System entity level privileges - which CAN be "misused" by various spyware/malware/virus exploits).


    LOCAL SERVICE startable list (vs. LocalSystem Logon Default):


    --------------------------------------------------------------------------------

    Acronis Scheduler 2 Service
    Alerter (needs Workstation Service Running)
    COM+ System Application
    GHOST
    Indexing Service
    NVIDIA Display Driver Service
    Office Source Engine
    O&O Clever Cache
    Remote Registry
    Sandra Service
    Sandra Data Service
    SmartCard
    Tcp/IP NetBIOS Helper
    Telnet
    UserProfile Hive Cleanup Service
    Volume Shadowing Service
    Windows UserMode Drivers
    Windows Image Acquisition
    WinHTTP Proxy AutoDiscovery Service
    NETWORK SERVICE startable list (vs. LocalSystem Logon Default):


    --------------------------------------------------------------------------------

    ASP.NET State Service
    Application Layer Gateway
    Clipbook (needs Network DDE & Network DDE DSDM)
    Microsoft Shadow Copy Provider
    Executive Software Undelete
    DNS Client
    DHCP Client
    Error Reporting
    FileZilla Server
    Machine Debug Manager
    Merger
    NetMeeting Remote Desktop Sharing Service
    Network DDE
    Network DDE DSDM
    PDEngine (Raxco PerfectDisk)
    Performance Logs & Alerts
    RPC
    Remote Desktop Help Session Manager Service
    Remote Packet Capture Protocol v.0 (experimental MS service)
    Resultant Set of Policies Provider
    SAV Roam
    Symantec LiveUpdate
    Visual Studio 2005 Remote Debug
    PLEASE NOTE: Each service uses a BLANK password when reassigning their logon entity (when you change it from the default of LOCAL SYSTEM Account), because they use SID's as far as I know, not standard passwords.


    --------------------------------------------------------------------------------

    WHEN YOU TEST THIS, AFTER RESETTING THE LOGON USER ENTITY EACH SERVICE USES: Just run your system awhile, & if say, Norton Antivirus refuses to update, or run right? You KNOW you set it wrong... say, if one you test that I do NOT list won't run as LOCAL SERVICE? Try NETWORK SERVICE instead... if that fails? YOU ARE STUCK USING LOCAL SYSTEM!

    If you cannot operate properly while changing the security logon entity context of a service (should NOT happen w/ 3rd party services, & this article shows you which ones can be altered safely)?

    Boot to "Safe Mode", & reset that service's logon entity back to LOCAL SYSTEM again & accept it cannot do this security technique is all... it DOES happen!

    If that fails? There are commands in the "Recovery Console" (installed from your Windows installation CD as a bootup option while in Windows using this commandline -> D:\i386\winnt32.exe /cmdcons, where D is your CD-Rom driveletter (substitute in your dvd/cd driveletter for D of course)) of:

    ListSvc (shows services & drivers states of stopped or started)

    Enable (starts up a service &/or driver)

    Disable (stops a server &/or driver)

    Which can turn them back on if/when needed

    Last edited by APK on 03/04/2007
    I.E. -> I removed Telephony, Symantec AntiVirus, & Virtual Disk Service!

    (ON Virtual Disk Service being removed, specifically: This was done solely because, although it will run as LOCAL SERVICE, diskmgmt.msc will not be able to work! Even though the Logical Disk Manager service does not list VirtualDisk as a dependency, this occurs, so VirtualDisk service was pulled from BOTH the LOCAL SERVICE and NETWORK SERVICE lists here... apk)

    SECURING SERVICES @ THE ACL LEVEL VIA A SECURITY POLICY HOW-TO:

    STEP #1: CONFIGURE A CUSTOM Microsoft Management Console for this!

    Configuring yourself a "CUSTOM MMC.EXE (Microsoft Mgt. Console)" setup for security policy templates, here is how (these are NOT default Computer Mgt. tools, so you have to do this yourself, or run them by themselves, but this makes working w/ them convenient):

    ===============================================================
    The next part's per BelArcGuy of BELARC ADVISOR's advice (pun intended):
    ==============================================
    Anyone want to try a test CompletelyBonkers (new user here) turned me onto?

    ==============================================
    "Security Configuration and Analysis" is an MMC snap-in. To access the MMC, type in mmc to the Windows Run.. command to pop up the console. Then use it's File|Add/Remove Snap-in... command and click the Add button on the resulting dialog. Choose both "Security Configuration and Analysis" and "Security Templates", close that dialog, and OK. You'll end up with a management console that has both of those snap-ins enabled. The whole MMC mechanism is a bit weird, but does work"

    (It's easy, & it works, & is necessary for the actual steps to do this, below)


    --------------------------------------------------------------------------------

    (Next, is the actual "meat" of what we need to do, per Microsoft, to set ACLs)


    --------------------------------------------------------------------------------

    STEP #2: HOW TO: Define Security Templates By Using the Security Templates Snap-In in Windows Server 2003

    Define Security Templates By Using the Security Templates Snap-In - Windows Server

    Create and Define a New Security Template

    (To define a new security template, follow these steps)

    1. In the console tree, expand Security Templates. 2. Right-click %SystemRoot%\Security\Templates, and then click New Template. 3. In the Template name box, type a name for the new template.

    (If you want, you can type a description in the Description box, and then click OK)

    The new security template appears in the list of security templates. Note that the security settings for this template are not yet defined. When you expand the new security template in the console tree, expand each component of the template, and then double-click each security setting that is contained in that component, a status of Not Defined appears in the Computer Setting column.

    1. To define a System Services policy, follow these steps: a. Expand System Services. b. In the right pane, double-click the service that you want to configure. c. Specify the options that you want, and then click OK.

    ==============================================
    )
    APK (added 03/08/2007)
     
    Alec§taar, Jun 12, 2021
    #2
  3. Securing Windows 2000/XP/Server 2003 services HOW TO

    I will try changing their settings sometime, the one thing I've noticed about this guide is that it doesn't list the Windows services that NEED to be left as local system, so some people might not be too sure what they're doing and worry about any that aren't listed. Just a suggestion that you might want to include in any future revisions. *Smile I cant Enable my Windows Security Service in Services :)

    The non-default ones I have that you have not listed are:

    .Net Runtime Optimization Service v2.0.50727_X86
    Ati HotKey Poller
    ATI Smart
    AVG E-mail Scanner
    AVG7 Alert Manager Server
    AVG7 Update Service
    BlueSoleil Hid Service
    Bluetooth Support Service
    ewido anti-spyware 4.0 guard
    iPod Service
    Messenger Sharing USN Journal Reader Service
    Service Layer
    Windows Defender Service

    The problem is that the only ones of these I actually use are The AVG and Windows Defender services and occasionally the "Service Layer" service (related to Nokia PC Suite) and the "Messenger Sharing USN Journal Reader Service" (related to WindowsLive Messenger). Anyway, I'll see how much I can secure those and post back how I get on. I'll try to test it sometime this week just I'm a bit waring of changing the AVG settings because the only way to test if it was still working would be for a virus to be detected... and I' rather I didn't get viruses!
     
    Jimmy 2004, Jun 12, 2021
    #3
  4. I cant Enable my Windows Security Service in Services

    Securing Windows 2000/XP/Server 2003 services HOW TO

    APK "12 step program" 4 a secure Windows NT-based OS (2000/XP/Server 2003/VISTA))

    INTRODUCTION:

    Windows CAN be secured very well, but, you have to go thru some "GYRATIONS/EFFORT" to do it, but, it IS doable (but not to any 100% levels, because again - new holes/vulnerabilities appear in the OS & its libs + apps, but this gets you closer, if not as close as a body needs to be!).

    THIS IS GEARED TO "stand-alone" systems online on the internet (However - it can be adapted for LAN/WAN office or home networked environs, BUT, pay attention to step #2's 'warnings' about pulling Client For Microsoft Networks, &/or File & printer sharing - most networks require/need this)

    BACKGROUND & INFORMATION + TOOLS YOU CAN USE TO HELP YOU SECURE YOUR SYSTEM:

    Here I am running Windows Server 2003 SP #2, fully current patched by MS update pages, here (I check it every 2nd Tuesday of the month of course, on "Patch Tuesday's"):

    Search results - Microsoft Download Center

    It is a personally 'security-hardened' model I have been working on for many years, using principals I learned & used since the NT 3.5x days onward to this version of the OS: As is now?

    I score an 84.735 on the CIS Tool 1.x currently as of 06/01/2007! This is up from my past score here of 76.xxx on it, & here is how to do it!

    Currently, I can go NO higher than this score of 84.735 (of 100 total) on CIS Tool 1.x for Windows, pictured here (photo proof/pictures DO say, a 1,000 words (like this post, lol)):

    Securing Windows 2000/XP/Server 2003 services HOW TO

    BUT, that is a GOOD score (especially considering the default score of VISTA even, is FAR BELOW THAT! Nice part is? The techniques noted here can LARGELY APPLY TO VISTA AS WELL! Read on...)

    (For CIS Tool - There are Linux, Solaris, BSD variants, & other OS models ports (some only in .pdf security guide form though, not programmatically automated yet, like MacOS X) of this are available too by the way - not really "ports" strictly speaking, they require JAVA to run)

    DOWNLOAD URL FOR CIS TOOL (for multiple platforms), from "The Center for Internet Security" here:

    CIS Benchmarks™

    (IMPORTANT: This tool IS invaluable in guiding you to a more secure OS, on any OS platform really!)

    APK 12 STEPS TO FOLLOW TO SECURE YOUR WINDOWS NT-BASED SYSTEM (2000/XP/SERVER 2003/VISTA):

    1.) Windows Server 2003's SCW was run over it FIRST (this only exists on Windows Server 2003, not on 2000/XP (you have to install this, it does NOT install by default) first to help security it (SCW = security configuration wizard, & it's pretty damn good believe-it-or-not, (@ least, as as starting point))...

    Directions for its installation are as follows:

    Start the Add or Remove Programs Control Panel applet.

    Click Add/Remove Windows Components.

    On the Windows Components Wizard screen, select the "Security Configuration Wizard" check box, as the figure shows. Click Next.

    The Windows Components Wizard builds a list of files to be copied and finishes installing SCW. Click Finish.

    DONE! Now, run it... it is very simple to use, and will help even TRIM services you do not need running (which saves Memory, other resources, & I/O to cpu/ram/disk etc. AS WELL AS PROVIDING SECURITY should any services you disable turn up vulnerabilities (this has happened before)).

    ALSO, per TPU forums user (username "xvi") @ techpowerup.com forums (software section): Use Microsoft Baseline Security Advisor, a free download from Microsoft as well to check your system for security holes, patch updates, etc. (be wary of the fact it does require various services running though, iirc, Terminal Server Services Client - I do NOT keep that running here anymore, & this program failed on me because of that (would not initialize @ all))

    2.) Disable Microsoft "File & Print Sharing" as well as "Client for Microsoft Networks" in your LOCAL AREA CONNECTION (if you do not need them that is for say, running your home LAN)!

    E.G.-> Here? I pull ANY Networking clients &/or Protocols in the Local Area Connection, other than Tcp/IP typically (& disable NetBIOS as well, because I don't need it here), on a stand-alone machine that is not dependent on Microsoft's File Sharing etc. on a LAN/WAN. I also disable that too!

    3.) Use IP security policies (modded AnalogX one, very good for starters, you can edit & add/remove from it as needed) - Download url link is here for that:

    IPSec and you... /// AnalogX

    (Search "AnalogX Public Server IPSec Configuration v1.00 (29k zip file)" on that page & follow the directions on the page!)

    NOTE: This can be 'troublesome' though, for folks that run filesharing clients though. An alternative to this is using IP Ports Filtrations, in combination with a GOOD software firewall &/or NAT 'firewalling' (or true stateful inspection type) router. All of these work in combination w/ one another perfectly.

    (HOWEVER - Should you choose to use it, and do filesharing programs? No problem really, because you can turn them on/off @ will using secpol.msc & the IP stack in Windows 2000/XP/Server 2003/VISTA is of "plug-N-play" design largely, & will allow it & when done? TURN THEM ON, AGAIN! These work WITH software & hardware router firewalls, IP port filtering, and security IP policies, simultaneosly/concurrently, for "layered security", no hassles!).

    4.) USE General security policies (in gpedit.msc/secpol.msc), these are VALUABLE tools (and will be needed & suggestions for it will be told to you by the CIS Tool noted above - great stuff!) and regedit.exe!

    (Newly added - regedit.exe use is for registry ACL permissions, via its EDIT menu, PERMISSIONS submenu item (to add/remove users that have rights to regisry hives/values, & to establish their rights levels therein))

    ALSO NEWLY ADDED - Explorer.exe "right-click" on drive letters/folders/files (for file access ACL permissions hardening) using its popup menu selection of "PROPERTIES", & in the next screen, the SECURITY tab (to add/remove users that have rights to said items, & to establish their rights levels therein), also - this is another requirement of CIS Tool 1.x & its suggestions for better security.

    5.) HARDENING & SECURING SERVICES HOW-TO:

    Many services I do not need are either cut off OR secured in their logon entity to lower privilege entities (from default, near "ALL POWERFUL" SYSTEM, to lesser ones like NETWORK SERVICE or LOCAL SERVICE), see this URL where I did a lot of research for a prebuilt list for another forums, to see how/why this works:

    http://forums.techpowerup.com/showthread.php?t=16097

    I went at ALL of the services in Windows Server 2003 (some will not be in XP for instance, & Windows 2000 has no NETWORK SERVICE or LOCAL SERVICE as far as I know, but not sure, you can always make a limited privelege user too for this on 2000 if needed)...

    I did testing to see which services could be run/logged in as LOCAL SERVICE, or NETWORK SERVICE, rather than the default of LOCAL SYSTEM (which means Operating System entity level privileges - which CAN be "misused" by various spyware/malware/virus exploits).

    LOCAL SERVICE startable list (vs. LocalSystem Logon Default):

    Acronis Scheduler 2 Service
    Alerter (needs Workstation Service Running)
    COM+ System Application
    GHOST
    Indexing Service
    NVIDIA Display Driver Service
    Office Source Engine
    O&O Clever Cache
    Remote Registry
    Sandra Service
    Sandra Data Service
    SmartCard
    Tcp/IP NetBIOS Helper
    Telnet
    UserProfile Hive Cleanup Service
    Volume Shadowing Service
    Windows UserMode Drivers
    Windows Image Acquisition
    WinHTTP Proxy AutoDiscovery Service

    NETWORK SERVICE startable list (vs. LocalSystem Logon Default):

    ASP.NET State Service
    Application Layer Gateway
    Clipbook (needs Network DDE & Network DDE DSDM)
    Microsoft Shadow Copy Provider
    Executive Software Undelete
    DNS Client
    DHCP Client
    Error Reporting
    FileZilla Server
    Machine Debug Manager
    Merger
    NetMeeting Remote Desktop Sharing Service
    Network DDE
    Network DDE DSDM
    PDEngine (Raxco PerfectDisk)
    Performance Logs & Alerts
    RPC
    Remote Desktop Help Session Manager Service
    Remote Packet Capture Protocol v.0 (experimental MS service)
    Resultant Set of Policies Provider
    SAV Roam
    Symantec LiveUpdate
    Visual Studio 2005 Remote Debug

    PLEASE NOTE: Each service uses a BLANK password when reassigning their logon entity (when you change it from the default of LOCAL SYSTEM Account), because they use SID's as far as I know, not standard passwords.

    WHEN YOU TEST THIS, AFTER RESETTING THE LOGON USER ENTITY EACH SERVICE USES: Just run your system awhile, & if say, Norton Antivirus refuses to update, or run right? You KNOW you set it wrong... say, if one you test that I do NOT list won't run as LOCAL SERVICE? Try NETWORK SERVICE instead... if that fails? YOU ARE STUCK USING LOCAL SYSTEM!

    If you cannot operate properly while changing the security logon entity context of a service (should NOT happen w/ 3rd party services, & this article shows you which ones can be altered safely)?

    Boot to "Safe Mode", & reset that service's logon entity back to LOCAL SYSTEM again & accept it cannot do this security technique is all... it DOES happen!

    If that fails (shouldn't, but IF it does)? There are commands in the "Recovery Console" (installed from your Windows installation CD as a bootup option while in Windows using this commandline -> D:\i386\winnt32.exe /cmdcons, where D is your CD-Rom driveletter (substitute in your dvd/cd driveletter for D of course)) of:

    ListSvc (shows services & drivers states of stopped or started)

    Enable (starts up a service &/or driver)

    Disable (stops a server &/or driver)

    Which can turn them back on if/when needed

    (ON Virtual Disk Service being removed, specifically (because it used to be in this list)): This was done solely because, although it will run as LOCAL SERVICE, diskmgmt.msc will not be able to work! Even though the Logical Disk Manager service does not list VirtualDisk as a dependency, this occurs, so VirtualDisk service was pulled from BOTH the LOCAL SERVICE and NETWORK SERVICE lists here... apk)

    CUTTING OFF SERVICES YOU DO NOT NEED TO RUN IS POSSIBLY THE BEST METHOD OF SECURING THEM, AND GAINING SPEED SINCE YOU ARE NOT WASTING I/O, MEMORY, or OTHER RESOURCES ON THEM, PERIOD, in doing this - do consider it, when possible! Many guides online exist for this, & I authored one of the first "back in the day" for NTCompatible.com as "Article #1" back in 1997-1998 - the latest ones are even BETTER!

    SECURING SERVICES @ THE ACL LEVEL VIA A SECURITY POLICY HOW-TO:

    STEP #1: CONFIGURE A CUSTOM Microsoft Management Console for this!

    Configuring yourself a "CUSTOM MMC.EXE (Microsoft Mgt. Console)" setup for security policy templates, here is how (these are NOT default Computer Mgt. tools, so you have to do this yourself, or run them by themselves, but this makes working w/ them convenient):

    The next part's per BelArcGuy of BELARC ADVISOR's advice (pun intended):

    http://forums.techpowerup.com/showthread.php?t=16097

    "Security Configuration and Analysis" is an MMC snap-in. To access the MMC, type in mmc to the Windows Run.. command to pop up the console. Then use it's File|Add/Remove Snap-in... command and click the Add button on the resulting dialog. Choose both "Security Configuration and Analysis" and "Security Templates", close that dialog, and OK. You'll end up with a management console that has both of those snap-ins enabled. The whole MMC mechanism is a bit weird, but does work"

    (It's easy, & it works, & is necessary for the actual steps to do this, below)

    Next, is the actual "meat" of what we need to do, per Microsoft, to set ACLs!

    STEP #2: HOW TO: Define Security Templates By Using the Security Templates Snap-In in Windows Server 2003

    http://support.microsoft.com/kb/816297

    Create and Define a New Security Template

    (To define a new security template, follow these steps)

    1. In the console tree, expand Security Templates
    2. Right-click %SystemRoot%\Security\Templates, and then click New Template
    3. In the Template name box, type a name for the new template.

    (If you want, you can type a description in the Description box, and then click OK)

    The new security template appears in the list of security templates. Note that the security settings for this template are not yet defined. When you expand the new security template in the console tree, expand each component of the template, and then double-click each security setting that is contained in that component, a status of Not Defined appears in the Computer Setting column.

    1. To define a System Services policy, follow these steps:
    a. Expand System Services
    b. In the right pane, double-click the service that you want to configure
    c. Specify the options that you want, and then click OK.

    (And, of course, the user feedback on its effectiveness (Makes your Win32 NT-based OS very much like how MacOS X treats its daemon processes via privelege levels), which uses the same general principals)

    It works, & although many service packs for Windows OS' have changed their services (not all but many nowadays) to less than SYSTEM, my list covers those they may not have in recent service packs AND 3rd party services are listed too that you may be running possibly!

    DONE!

    6.) Another thing I do for securing a Windows NT-based OS: IP Port Filtrations (like ip security policies (per AnalogX above), it is often called the "poor man's firewall" & works perfectly with both IPSecurity policies, hardware AND software firewalls, all in combination/simultaneously running)!

    DIRECTIONS ON HOW TO IMPLEMENT THEM (very easy):

    Start Menu -> Connect To Item (on the right hand side) -> Local Area Connection (whatever you called it, this is the default, iirc) open it via double click OR, right-click popup menu PROPERTIES item -> Properties button on left-hand side bottom, press/click it -> NEXT SCREEN (Local Area Connection PROPERTIES) -> "This connection uses the followng items" (go down the list, to Tcp/IP & select it & /click the PROPERTIES button there) -> Press/Click the Advanced Button @ the bottom Right-Hand Side (shows Advanced Tcp/IP Settings screen) -> OPTIONS tab, use it & Tcp IP Filtering is in the list, highlite/select it -> Beneath the Optional Settings, press/click the PROPERTIES button on the lower right-hand side -> Check the "Enable Tcp/IP Filtering (on all adapters)" selection -> In the far right, IP PROTOCOLS section, add ports 6 (tcp) & 17 (udp) -> In the far left "tcp ports" list - check off the radio button above the list titled "PERMIT ONLY", & then add ports you want to have open (all others will be filtered out, & for example, I leave port 80,8080, & 443 here open, only - you may need more if you run mail servers, & what-have-you (this varies by application)) -> I leave the UDP section "PERMIT ALL" because of ephemeral/short-lived ports usage that Windows does (I have never successfully filtered this properly but it doesn't matter as much imo, because udp does not do 'callback' as tcp does, & that is why tcp can be DDOS'd/DOS'd imo - it only sends out info., but never demands verification of delivery (faster, but less reliable)) -> DONE!

    You may need a reboot & it will signal if it needs it or not (probably will, even in VISTA):

    I say this, because although IP Security Policies work with the "Plug-N-Play" design of modern Windows NT-based OS' (ipsec.sys) & do NOT require a reboot to activate/deactivate them in Windows 2000/XP/Server 2003/VISTA? This is working @ a diff. level & diff. driver iirc (tcpip.sys) & level of the telecommunications stacks in this OS family & WILL require a reboot to take effect (for a more detailed read of this, see here):

    http://www.microsoft.com/technet/community/columns/cableguy/cg0605.mspx

    (In THAT url above? Trust me - Enjoy the read, it is VERY informative: That article shows you how TcpIP.sys, ipnat.sys, ipsec.sys, & ipfiltdrv.sys interact, PLUS how you can use them to your advantage in security!)

    7.) Plus good email client practices like using .txt mail only, no RTF or HTML mail, not opening or allowing attachments unless I know the person (still gets email scanned though by your resident antivirus email scan component (use AntiVirus programs with these, OR, manually scan ANY attachments before opening them (if you get Microsoft Office .doc, .xls, .ppt etc. files uncompressed? HOLD DOWN THE SHIFT KEY AS YOU OPEN THEM - this stops macros from running & macros are the avenue utilized using VBA script to infect you))

    8.) I also use a LinkSys/CISCO BEFSX41 "NAT" true firewalling CISCO technology-based router (with cookie & scripting filtering built-in @ the hardware level), these are excellent investments for security.

    9.) USE Tons of security & speed oriented registry hacks (reconfiging the OS basically - stuff like you might do in etc / conf in UNIX/LINUX I suppose)

    Many can be found here, in an article I authored (and it tells what they do, & how they work, w/ descriptions from Microsoft themselves):

    http://www.avatar.demon.nl/APK.html

    OR, if that site is down? Download them from here @ SOFTPEDIA (where they are rated 4/5):

    http://www.softpedia.com/get/Tweak/System-Tweak/APK-Internet-and-NTkXP-Speedup-Guides.shtml

    OR, just email me here for them -> L: apk4776239@hotmail.com

    (I also have these PREBUILT, in .reg files, mind you, available by email, fully internally documented!)

    They are FULLY documented internally, with link url's to the Microsoft pages they came from, inside the .reg files, so YOU can look at what the hack does inside them, verify this @ MS, & know what the valid parameters are as well!

    (This? It took me FOREVER a year or so ago to do this, but worth it!)

    The urls, or downloadable .mht files, outline it all (as do my prebuilt .reg files, probably the BEST choice of the lot imo), as to what you can ".reg file hack" for better SPEED, and SECURITY online, in a modern Windows 2000/XP/Server 2003 OS & has references from Microsoft in it for each setting plus their definitions & parameters possible!

    10.) The use of a CUSTOM ADBANNER BLOCKING HOSTS FILE (my personal one houses, as of this date, 90,000 known adbanner servers, OR sites known to bear malicious code & exploits (per GOOGLE mostly, from stopbadware.org))

    Custom HOSTS files work in combination with Opera adbanner blocks & the usage of .PAC filering files + cascading style sheets for this purpose.

    (As well as speeding up access to sites I often access - doing this, acting as my own "DNS Server" more or less, is orders of magnitude faster than calling out to my ISP/BSP DNS servers, waiting out a roundtrip return URL-> IP Address resolution. It may take some maintenance for this @ times, especially if sites change HOSTING PROVIDERS, but this is a rarity & most sites TELL YOU when they do this as well, so you can make fast edits, as needed (and, on Windows NT-based OS since 2000/XP/Server 2003 & VISTA? A reboot is NOT required upon edits & commits of changes in the new largely near fully PnP IP stacks!))

    For a copy of mine, write me, here -> L: apk4776239@hotmail.com

    And, I will send it to you in .zip or .rar format (with sped up sites # UNIX comment symbol disabled, enable the ones you use AFTER you 'ping' them first from my list, & add ones YOU PERSONALLY USE to it as needed after determining their IP address via a PING of them)

    11.) KEEP UP ON PATCHES FROM MICROSOFT, for your OS & Microsoft Office Apps, & IE, etc., HERE (ordered by release date) and run AntiVirus/AntiSpyware/AntiRootkit tools (& yes, keep them updated/current)!

    http://www.microsoft.com/downloads/Results.aspx?DisplayLang=en&nr=50&sortCriteria=date

    Again, keep up on antivirus/antispyware/antirootkit AND Java runtimes updates!

    (Done either automatically via their services, or manually)

    Download them manually & install them yourself (OR just let "Windows Automatic Updates" run)

    Running the "std. stuff", like AntiVirus (NOD32 latest 2.7x - best one there is, & that is not only MY opinion after testing it vs. my former fav. NAV Corporate 10.2 (it is lighter in RAM & resource uses than NAV Corporate even, finds more virus' than others, & uses less "moving parts" (in the way of services componentry, than most do, & certainly less than NAV)) + SpyBot (Ad-Aware is another option) as my resident antispyware tool running in the background! AntiRootkit tools are another one to be conscious of nowadays, now that such machinations are available for Windows (they originated, afaik, in the UNIX world though).

    The "best ones" are:

    AVG AntiRootkit
    BitDefender AntiRootkit
    GMER
    Rootkit Revealer
    PrevX AntiRootkit
    Rootkit Hook Analyzer
    Sophos AntiRootkit
    F-Secure Blacklight
    Gromozon Rootkit Removal Tool
    KLister
    McAfee Rootkit Detective
    PatchFinder
    RogueRemover
    VICE
    System Virginity Verifier for Windows 2000/XP/2003

    That is a list for you all to choose from, they all do a decent enough job though, & are 100% FREE - SO, DO use them!

    12.) It is also possible, for webbrowsers &/or email clients, to create a "VISTA LIKE IE 7 Protected Mode"-like type scenario, isolating them into their own spaces in memory, here are 2 methods, how (not needed on VISTA though, afaik):

    IE6/7 & FF + OPERA AS WELL (as noted by A/C slashdot poster in reply to my methods, both his & my own work well, & are listed here @ /. (slashdot)) on modern NT-based OS "how-to":

    http://it.slashdot.org/comments.pl?sid=236547&cid=19310513

    MY METHOD:

    RUNNING IE in a "runas limited user class" sandbox effect:

    "It is actually possible to run IE securely: just create a throwaway restricted user account for IE use alone. The restricted account user can't install software and can't access files of other users, so even if IE autoexecutes any nastiness, it can't do any damage.

    Of course, it's a hassle to log in as a different user just to browse the web. So we'd want to use "runas" to run just IE as a different user.

    Unfortunately, MS has made running IE as a different user a little harder than necessary. Rightclicking and using "Run as" doesn't seem to work. What did work for me was the following.

    Say the limited account is called "IEuser". Then create a shortcut to "runas /user:IEuser cmd". on your desktop. Double-clicking this will open a command prompt that runs as IEuser. Now you can manually start IE with "start iexplore". Or create a batchfile c:windowsie.bat that just contains the line "start iexplore" and you can start IE by just typing "ie". Remove all shortcuts to IE from you normal desktop and only run it from the restricted account. This way you can use IE without worry about any IE exploits"

    OTHER, VERY QUITE POSSIBLY SUPERIOR METHOD: ...this is exacly the way I do (but with opera and other internet related apps as acroread, mail, ...). But simply "runas /user:xxx cmd" is not the best way to achieve process separation. If you have a look at the process tree you will see: system->smss.exe->winlogon.exe->services.exe->cmd. exe->iexplore.exe. A better way is to use the method described in Joannas blog

    http://theinvisiblethings.blogspot.c...every-day.html

    See section: Do-It-Yourself: Implementing Privilege Separation. Using the psexec tool as described results in a "clean" process tree where iexplore.exe will show up directly under the root avoiding beeing a child process.

    Note - The "invisible thing"? She's "Yuriko DeathStrike" as far as I am concerned... Joanna Rutkowska, my fellow "Polish Person" & she's a regular "wonder" in the security/hacking/cracking world!

    This is my runopera.bat which runs opera as user internet:
    psexec.exe -d -u internet -p p4ssw0rd "cmd" "/d /D /c start /b Opera.exe"

    PLUS, Windows Server 2003 has a hardened IE6/7 by default (which can be duplicated on other Win32 OS versions, because it mainly just does what I have been doing for a long time & noted by myself earlier, in stuff like turning off ActiveX & scripting + JAVA online on the public internet, of all types by default, & I do this in ALL of my browsers (IE, FF, & Opera) & only make exceptions for CERTAIN sites)

    (YOU ARE NOW @ THE END OF THIS DOCUMENT & ALL of that is done for ONLINE security... &, it works!)

    APK

    P.S.=> Yes, it's a PAIN to do it the first time - maybe 1 hr. work for an experienced user, more for less experienced ones, but WORTH EVERY SECOND!

    Why?

    Well, I have not had this system "go down" due to hacks/cracks/malware/virus/trojans/spyware, etc. et al (you name it) in years now! It just works...

    (... & everyone ought to know this stuff, so here 'tis!)

    Enjoy & IF you know of more to do? Please, have @ it, & let us all know what it is you do on your Win32 rigs of NT-based OS nature... apk

    Original version @ slashdot -> http://it.slashdot.org/comments.pl?sid=237507&cid=19410153

    Updated version #2 @ techpowerup.com -> http://forums.techpowerup.com/showthread.php?p=365996#post365996
     
    Remo_Williams, Jun 12, 2021
    #4
Thema:

I cant Enable my Windows Security Service in Services

Loading...
  1. I cant Enable my Windows Security Service in Services - Similar Threads - cant Enable Security

  2. When I try to enable the windows security center service it doesn't enable

    in Windows 10 Gaming
    When I try to enable the windows security center service it doesn't enable: I updated the PC to the latest update and after I restarted it. it said "Windows Security Center Service Is Off" and when I try to enable it. It doesn't work. I did some stuff to try and re enable it. But it didn't work. And when I tried to enable it from the Services it...
  3. When I try to enable the windows security center service it doesn't enable

    in Windows 10 Software and Apps
    When I try to enable the windows security center service it doesn't enable: I updated the PC to the latest update and after I restarted it. it said "Windows Security Center Service Is Off" and when I try to enable it. It doesn't work. I did some stuff to try and re enable it. But it didn't work. And when I tried to enable it from the Services it...
  4. When I try to enable the windows security center service it doesn't enable

    in Windows 10 Drivers and Hardware
    When I try to enable the windows security center service it doesn't enable: I updated the PC to the latest update and after I restarted it. it said "Windows Security Center Service Is Off" and when I try to enable it. It doesn't work. I did some stuff to try and re enable it. But it didn't work. And when I tried to enable it from the Services it...
  5. windows security services

    in Windows 10 Software and Apps
    windows security services: my computer windows security services got turned off i cant do anything help me out how can i install reg file of wscsvc and install it https://answers.microsoft.com/en-us/windows/forum/all/windows-security-services/7c54087d-17db-40be-9f96-5747872e6698
  6. Windows Security Service and Windows Health Service

    in Windows 10 Gaming
    Windows Security Service and Windows Health Service: Hi There,I just built my first computer a few weeks ago and i noticed that when i go to windows security the page is blank. Now i tried fixing this by reading some forums which suggested that i repair my windows installation. After trying it, it had worked but only for that...
  7. Windows Security Service and Windows Health Service

    in Windows 10 Software and Apps
    Windows Security Service and Windows Health Service: Hi There,I just built my first computer a few weeks ago and i noticed that when i go to windows security the page is blank. Now i tried fixing this by reading some forums which suggested that i repair my windows installation. After trying it, it had worked but only for that...
  8. Windows Security Service and Windows Health Service

    in AntiVirus, Firewalls and System Security
    Windows Security Service and Windows Health Service: Hi There,I just built my first computer a few weeks ago and i noticed that when i go to windows security the page is blank. Now i tried fixing this by reading some forums which suggested that i repair my windows installation. After trying it, it had worked but only for that...
  9. secure windows services

    in AntiVirus, Firewalls and System Security
    secure windows services: hi,can i secure windows services by a third party program that ask for username and password, to prevent end user from turning services on or off,p.s. : the users must be administrator i cant make it guest user. best regards...
  10. Cant enable Windows update service

    in Windows 10 Ask Insider
    Cant enable Windows update service: So guys, first I am an idiot for playing around with the registry. I know that. Please dont judge me :( I hope that I use the correct english Terms, no native Speaker (thats why there are so many caps, because of Auto correct I cant turn off on my Office PC). Last year when...