Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Spying in a corporate environment

from [Ansgar -59cobalt- Wiechers] Network Security [Permanent Link]
Subject: Re: Spying in a corporate environment
Date: Thu, 22 Nov 2007 20:54:19 +0100 
On 2007-11-22 Mario DeBono wrote:

On 22 November 2007 16:48 Ansgar -59cobalt- Wiechers wrote:

On 2007-11-22 Mario DeBono wrote:

If you have a 2003 domain enforce group policies and restrict access
to certain windows components. I presume even if a user has admin
rights on a pc, he should not be able to over right the group
policies, if he is not so keen to remove the policies from the pc
himself.


You're mistaken. A local admin can override policies (at the very
least for a short while until they are reapplied), and even if that
wasn't possible (s)he can always log on locally, in which case domain
policies don't apply at all. The only way to control users with local
admin privileges is to revoke their local admin privileges.
Everything else are futile efforts.


Yep, could be possible, but if you apply the policies on a pc level
not user level, than that is some thing different.


No, that doesn't make any difference at all. As long as a local admin is
a local admin he can acquire any right/privilege whatsoever on that
machine and can thus override any setting that may have been applied
through other means. That is what makes a local admin.


Another way is to apply frequent policy updates depending on the
lan/wan you administer. This can be done through login as well.


Like I said before: they log into the local machine instead of logging
into the domain. Voilà, no domain policies applied.


OR but I highly don't suggest to do is to 

Amend files at local security level removing access to local
administrators and grant only access to domain admins but you have to
be sure of what u are doing else you might end making a mess.


That too doesn't make any difference at all. To repeat myself: a local
administrator can acquire each and every privilege on the local machine.
In your example all he has to do is take ownership and grant himself
access permissions.

If you revoke that privilege from a local admin, you actually demoted
him from being a local admin. Which - like I said before - is the only
way to restrict local admins: demote them from being local admins.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Spying in a corporate environment, Mario DeBono
Next by Date:  Re: Security with server virtualisation, Franck Vervial
Previous by Thread:  RE: Spying in a corporate environment, Mario DeBono
Next by Thread:  Re: Spying in a corporate environment, Big Joe Jenkins
Indexes:  [Date] [Thread] [Top] [All Lists]