Critical Files in system folder

  • Thread starter Thread starter Barb
  • Start date Start date
B

Barb

I copied the following critical files from
\winnt\system32 and \winnt to a new folder for
administators only. But they keep coming back????

Arp.exe, At.exe, Cacls.exe, Cmd.exe,cscript.exe, Debug.exe
ftp.exe, Ipconfig.exe ,Nbtstat.exe, Net.exe, Netstat.exe,
Nslookup.exe, Ping.exe, Rdisk.exe,Regedit.exe, Regedt32.exe
telnet.exe,wscript.exe

Is this because of they are in
\winnt\\servicepackfiles\i386 and
\winnt\$ntservicepackuninstal$?

Is it ok to remove these folders or just remove the files
from them?
 
That is because they are being replaced by Windows File Protection which monitors
that certain system files are kept available. You can disable WFP, but that could
then lessen reliability of the operating system. You could change ntfs permissions on
those files to be more restrictive, but they may be replaced with newer versions with
service packs or less likely patches. For a domain computer, ntfs permissions to
those files could be enforced via Group Policy/computer configuration/security
settings/file system. See the links below including a link to an article on securing
those kind of binaries. --- Steve

http://support.microsoft.com/?kbid=222193
http://www.systemexperts.com/tutors/HardenW2K101.pdf
 
Back
Top