Restrict access to the OS/2 and POSIX subsystem
1 January 2000 by Snakefoot | Comment » | Trackback OffWindows NT has support for several subsystems, the most common ones are DOS and 16 Bit Windows.
It also has support for OS/2 1.0(No GUI), and it is regarded as a security issue to have the
OS/2 and POSIX support enabled. Before disabling OS/2 support make sure that you are not using
OS/2 dependent legacy applications or cross-platform executables with OS/2 support (Like HIEW).
Note that with Windows XP the OS2 and POSIX subsystem is not installed, though the registry entries are still created. More Info MS KB Q308259
Credits NSA Win2k Security Guide
Credits NSA WinXP Security Guide
Disable OS/2 and POSIX subsystem
- Start the registry editor and remove the following entries:
- [HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \OS/2 Subsystem for NT]
- [HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Session Manager \Environment]
Os2LibPath= - [HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Session Manager \SubSystems]
Optional=
OS2=
Posix=
- Enter the %Windir%\System32\Dllcache directory and remove these files (Because of Windows File Protection)
- os2.exe
- os2ss.exe
- os2srv.exe
- Enter the %Windir%\System32 directory and rename/remove these files:
- os2.exe
- os2ss.exe
- os2srv.exe
- psxss.exe
- posix.exe
- psxdll.dll
- Enter the %Windir%\System32\OS2 directory and rename/remove these files:
- All files except the DLL folder and its contents
Note that with Windows XP the OS2 and POSIX subsystem is not installed, though the registry entries are still created. More Info MS KB Q308259
Credits NSA Win2k Security Guide
Credits NSA WinXP Security Guide
Tags:
Category:
Updated: 21 January 2010
Comment by AB - 25 June 2003 @ 7:56 Reply
Is it possible to add back OS/2 support to XP (maybe copying the appropriate system files from an NT or 2000 system & updating the registry)?