Re: RE: Disabling sharing and group policies
robert_at_snrdesigns.com
Date: 09/10/03
- Previous message: db: "Re: Security for Win XP Home"
- Maybe in reply to: gord.taylor_at_rbc.com: "RE: Disabling sharing and group policies"
- Next in thread: Ansgar Wiechers: "Re: Disabling sharing and group policies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Arik Fletcher" <arikf@joskos.com> Date: Wed, 10 Sep 2003 15:40:39 -0400
While certanly you would not be able to affect anything on the Domain but if you set the "HKCU\Software\Policies\Microsoft\Windows\System\GroupPolicyRefreshTime" value to be very high (10 years should be good), would that not allow you to change the local machine properties at will???? As long as you do not re-boot or drop the network connection they will stay in affect on the local machine.
>
> From: "Arik Fletcher" <arikf@joskos.com>
> Date: 2003/09/10 Wed AM 11:43:43 EDT
> To: <robert@snrdesigns.com>, "Enrico Pastrello" <epastrello@altevie.com>,
> <focus-ms@securityfocus.com>
> Subject: RE: Disabling sharing and group policies
>
> Group policies are applied in what is know as LSDO (or LSDOU) which stands for Local, Site, Domain, Organisational Unit. This is the order in which poilicies apply to a computer/user.
>
> One cannot 'bypass' group policies by editing the local registry because if there is a conflict between the local settings and the nearest parent container (i.e. an OU, Domain, or Site) these will override the local settings.
>
>
>
> -----Original Message-----
> From: Robert Blackwell [mailto:robert@snrdesigns.com]
> Sent: Wed 9/10/2003 5:11 AM
> To: Enrico Pastrello; focus-ms@securityfocus.com
> Cc:
> Subject: RE: Disabling sharing and group policies
>
>
>
> yes they can. In-fact, anyone who has physical access to the box can render
> the majority of group policy objects useless, but that's another story. I'm
> not too clear on what you are wanting to do. If you just want to get rid of
> the everyone share on a local machine, disallow all anonymous access and
> disable the guest account. the everyone share will still be there but it
> will be effectively disabled by these settings. group policies are not
> really needed to do this. Somebody please correct me if this is not the
> case.
>
> -----Original Message-----
> From: Enrico Pastrello [mailto:epastrello@altevie.com]
> Sent: Tuesday, September 09, 2003 8:40 AM
> To: focus-ms@securityfocus.com
> Subject: RE: Disabling sharing and group policies
>
>
> Maybe I'm saying something quite stupid but since group policies are saved
> in the registry,
> machine administrators can easilly bypass them.
>
> Greetings,
> Enrico Pastrello
>
> -----Original Message-----
> From: Matthew Wagenknecht [mailto:Matthew.Wagenknecht@quantum.com]
> Sent: lunedì 8 settembre 2003 18.49
> To: focus-ms@securityfocus.com
> Subject: Disabling sharing and group policies
>
>
> Is there a way with Group Policies to disable sharing without pulling users
> from the Administrator group or killing adminstrative shares? I'm looking
> for a way to reduce "everyone" shares without flogging end users. Strangely,
> that actually sounds fun.. ;c)
>
> Please keep flames off the list.
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Matt Wagenknecht, CISSP
> Security Administrator
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> Never be afraid to try something new.
> Remember, amateurs built the ark; professionals built the Titanic.
>
>
> This email may contain confidential and privileged information for the sole
> use of the intended recipient. Any review or distribution by others is
> strictly prohibited. If you are not the intended recipient, please contact
> the sender and delete all copies of this email message.
>
>
> ---------------------------------------------------------------------------
> KaVaDo provides the first and only integrated Web application scanner and
> firewall security suite that prevent Web applications attacks, the most
> common form of online exploitation. Download a FREE whitepaper on Security
> Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> ---------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------------
> KaVaDo provides the first and only integrated Web application scanner and
> firewall security suite that prevent Web applications attacks, the most
> common form of online exploitation. Download a FREE whitepaper on Security
> Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> ---------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------------
> KaVaDo provides the first and only integrated Web application scanner and
> firewall security suite that prevent Web applications attacks, the most
> common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> ---------------------------------------------------------------------------
>
>
>
>
---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------
- Previous message: db: "Re: Security for Win XP Home"
- Maybe in reply to: gord.taylor_at_rbc.com: "RE: Disabling sharing and group policies"
- Next in thread: Ansgar Wiechers: "Re: Disabling sharing and group policies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
