Re: First vulnerabilities in the SP2 - XP ?...
From: Robert Decker (rdecker_at_esbsystems.com)
Date: 08/19/04
- Previous message: Anthony Nemmer: "Re: SHA-0 Broken, MD5 Rumored Broken"
- In reply to: Jérôme: "First vulnerabilities in the SP2 - XP ?..."
- Next in thread: Thor Larholm: "RE: First vulnerabilities in the SP2 - XP ?..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Aug 2004 23:57:53 -0400
As a work around to the issue - although not to easy to configure for
the home user,
I would think if you have users who are ignorant, gullable, or just
plain stupid - a windows sysadmin might consider a GPO in AD with one or
more of the following policies:
User Configuration --> Administrative Templates --> System --> Prevent
Access to Command Prompt
User Configuration --> Administrative Templates --> System --> Run Only
Allowed Windows Applications
User Configuration --> Administrative Templates --> System --> Don't
Run Specified Windows Applications
Another huge advantage would be the proper implementation of the
following in an AD GPO:
Configure some Software Restriction Policies in User Configuration -->
Windows Settings --> Security Settings --> Software Restrictions
and if possible, couple it with certificates. (although, i'm not too
familiar with this one)
Computer Configuration --> Windows Settings --> Security Settings -->
Local Policies --> Security Options --> System settings: Use
Certificate Rules on Windows Executables for Software Restriction Policies
- Previous message: Anthony Nemmer: "Re: SHA-0 Broken, MD5 Rumored Broken"
- In reply to: Jérôme: "First vulnerabilities in the SP2 - XP ?..."
- Next in thread: Thor Larholm: "RE: First vulnerabilities in the SP2 - XP ?..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
