Re: First vulnerabilities in the SP2 - XP ?...

From: Robert Decker (rdecker_at_esbsystems.com)
Date: 08/19/04

  • Next message: Thor Larholm: "RE: First vulnerabilities in the SP2 - XP ?..."
    Date: Wed, 18 Aug 2004 23:57:53 -0400
    
    

    As a work around to the issue - although not to easy to configure for
    the home user,

    I would think if you have users who are ignorant, gullable, or just
    plain stupid - a windows sysadmin might consider a GPO in AD with one or
    more of the following policies:

    User Configuration --> Administrative Templates --> System --> Prevent
    Access to Command Prompt

    User Configuration --> Administrative Templates --> System --> Run Only
    Allowed Windows Applications

    User Configuration --> Administrative Templates --> System --> Don't
    Run Specified Windows Applications

    Another huge advantage would be the proper implementation of the
    following in an AD GPO:

    Configure some Software Restriction Policies in User Configuration -->
    Windows Settings --> Security Settings --> Software Restrictions

    and if possible, couple it with certificates. (although, i'm not too
    familiar with this one)

    Computer Configuration --> Windows Settings --> Security Settings -->
    Local Policies --> Security Options --> System settings: Use
    Certificate Rules on Windows Executables for Software Restriction Policies


  • Next message: Thor Larholm: "RE: First vulnerabilities in the SP2 - XP ?..."

    Relevant Pages

    • RE: Restrictions using GPOs
      ... > The Software Restriction Policies is a way that administrators can ... it only applies to Windows XP and later systems. ... > - Don''t run specified Windows applications ... > Microsoft CSS Online Newsgroup Support ...
      (microsoft.public.windows.server.sbs)
    • Re: Disallowing use of certain programs
      ... Windows Applications ... Enable policy then click show enter your exe in the add box. ... I can't find it in GPO. ...
      (microsoft.public.win2000.security)