Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Users "bypassing" Group Policy restrictions

from [Laura A. Robinson] Network Security [Permanent Link]
Subject: RE: Users "bypassing" Group Policy restrictions
Date: Thu, 27 Jan 2005 20:17:29 -0500 
Well, my first instinct would be to say that you have a managerial problem
rather than a technical problem. Have you considered using wireless NICs so
they can't disconnect 'em before the policy comes down? ;-)

Laura 


-----Original Message-----
From: Edward VanDewars [mailto:gt4200b@yahoo.com] 
Sent: Thursday, January 27, 2005 8:29 AM
To: focus-ms@securityfocus.com
Subject: Users "bypassing" Group Policy restrictions

We utilize Group Policies and Software Restriction Policies 
as the primary means of limiting unwanted user actions on our 
desktop machines.  

Recently, however, several of our more "creative"
users have discovered that if they remove the ethernet cable 
from the computer immediately after logging in (i.e. as soon 
as their credentials are accepted) GPs are not 
downloaded/applied.  These users then are able to use "net 
use" commands to map their necessary network drives so they 
can work with full access to resources usually mapped by GPs 
but without any of the restrictions/limitations we impose and 
without Software Restriction Policies preventing unwanted 
programs from running (i.e. my nightmare).

Short of gluing in the ethernet cables, how can I prevent 
this bypassing of GPs?  It appears that this is only an issue 
if a cached local profile does not exist on the computer.  
However, these computers use drive "freezing" software to 
make changes to local disks non-persistent.  Thus, at each 
reboot a local cache of their profile is gone.  I tried 
shortening the "Group Policy refresh interval for users" but 
obviously if they don't download the policy in the first 
place the computer will not see the shortened refresh interval.

Any advice is greatly appreciated; thanks in advance.



              
__________________________________
Do you Yahoo!? 
All your favorites on one personal page  Try My Yahoo!
http://my.yahoo.com 

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------





---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: RESPONSE: Users "bypassing" Group Policy restrictions, Laura A. Robinson
Next by Date:  RE: Preventing multiple logins in 2003, Laura A. Robinson
Previous by Thread:  Re: Users "bypassing" Group Policy restrictions, matthew patton
Next by Thread:  Re: Users "bypassing" Group Policy restrictions, Miroslaw Slawek Chorazy
Indexes:  [Date] [Thread] [Top] [All Lists]