Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Spying in a corporate environment

from [Big Joe Jenkins] Network Security [Permanent Link]
Subject: Re: Spying in a corporate environment
Date: Fri, 23 Nov 2007 11:47:07 -0500 (EST)
"However, while being logged into the local machine instead of the domain 
domain policies are not re-applied. An administrator can now manually
change/remove those policies"

This is still incorrect- though I must admit that you made me second guess myself. I actually just tested it with the Windows Firewall policy I mentioned below. :) An administrator does NOT have the ability to manually change/remove the applied policies; local administrator can modify the local machine policy, but it will not be enforced until policy is updated, at which point the domain policies override the local policy settings.


On Fri, 23 Nov 2007, Ansgar -59cobalt- Wiechers wrote:

On 2007-11-23 Big Joe Jenkins wrote:
On Thu, 22 Nov 2007, Ansgar -59cobalt- Wiechers wrote: 
Like I said before: they log into the local machine instead of
logging into the domain. Voil, no domain policies applied.


This is absolutely not true and displays a fundamental
misunderstanding of group policy application. As long as the
workstation in question is in a site/domain/OU with computer targetted
GPO settings linked to it, these GPOs will apply to the machine
regardless of how a user logs in.

For example, I've created a Windows Firewall GPO that propagates
restrictive Windows firewall settings to clients. This is a computer
targetted GPO that is applied to security groups composed of
workstation accounts. When a user (including local administrator) logs
in locally to one of the workstations specified in the GPO's
filtering, the policy is applied and local administrator is unable to
modify any Windows firewall settings (their only recourse would be to
remove the workstation from the domain).

Please try this- log in as local administrator to a workstation as
specified above, and run gpresult or rsop and view the results.


Poor wording on my part. Sorry about that.

Of course the policies that were applied to the machine once aren't
magically removed just because the user logs into the local machine
instead of the domain.

However, while being logged into the local machine instead of the domain
domain policies are not re-applied. An administrator can now manually
change/remove those policies. At least AFAICS. Someone correct me if I'm
wrong.

Regards
Ansgar Wiechers
--
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Spying in a corporate environment, Ansgar -59cobalt- Wiechers
Next by Date:  Re: Spying in a corporate environment, Col
Previous by Thread:  Re: Spying in a corporate environment, Ansgar -59cobalt- Wiechers
Next by Thread:  Re: Spying in a corporate environment, Col
Indexes:  [Date] [Thread] [Top] [All Lists]