Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Users "bypassing" Group Policy restrictions

from [Edward VanDewars] Network Security [Permanent Link]
Subject: RE: Users "bypassing" Group Policy restrictions
Date: Sat, 29 Jan 2005 07:29:46 -0800 (PST) 
Tim - This should be EXACTLY what I need to solve the
problem, thank you very much for the suggestion.

In response to all the suggestions indicating it is a
managerial/administrative/HR problem - thank you all,
I completely agree with you.  However, I failed to
mention originally that our environment is actually a
school and these users are students.  Obviously this
brings with it a unique set of challenges (and
probably explains why they even thought to unplug the
ethernet cable in the first place).

In response to Matthew (who suggested it is indicative
of a larger issue): in this case I have had a few
users/students who made me aware of the situation as
sort of a "heads-up" and we were able to discuss and
remedy it (they wanted to run Firefox which is not
currently installed because of its lack of a strong
central administrative functionality, I enabled it for
those responsible users/students and publicly
committed to making it available in the future).  My
concern and motivation behind asking the original
question was how many "unknown" users/students were
also doing this with not-so-innocent programs.

Nobody has local admin rights and I used NTFS
permissions to restrict command prompt access, so that
mitigates things somewhat.  My concern is that without
the Software Restrictions Policies users were able to
run any program that didn't require an installer.

I had not tried copying the GP Software Restriction
Policies to a local policy, as I could not find
documentation on which would take precedence if/when I
needed to change something in the GPO policy.

Thanks again to everyone.

--- "Ghetti, Tim" <tghetti@air-worldwide.com> wrote:


Windows XP shortened the logon time by allowing
users to put in their
credentials before all network connections and group
policies are
processed. There is an option to revert back to the
2K days when you
have to wait until GP's are processed first.

Under computer configuration/logon --> Always wait
for the network at
computer startup and logon.

It will increase logon time a little bit, but if you
really want to
enforce policies, this is the way to go.
BTW, you can also force a policy refresh every X
minutes if you suspect
your users are savvy enough to change policies via
the registry

Computer configuration --> Administrative Templates
--> System --> Group
Policy

Good Luck! 



                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - 250MB free storage. Do more. Manage less. 
http://info.mail.yahoo.com/mail_250

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Preventing multiple logins in 2003, Ivan Carlos
Next by Date:  Re: Preventing multiple logins in 2003, Adam.J.Demonaco
Previous by Thread:  RE: Users "bypassing" Group Policy restrictions, Seyberth, Allan CIV BDQT
Next by Thread:  SecurityFocus Microsoft Newsletter #225, Marc Fossi
Indexes:  [Date] [Thread] [Top] [All Lists]