RE: Disabling sharing and group policies

• Previous message: Shackleford, Dave: "RE: Security for Win XP Home"
• In reply to: Arik Fletcher: "RE: Disabling sharing and group policies"
• Next in thread: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
• Maybe reply: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Arik Fletcher'" <arikf@joskos.com>, <robert@snrdesigns.com>, "'Enrico Pastrello'" <epastrello@altevie.com>, <focus-ms@securityfocus.com>
Date: Thu, 11 Sep 2003 11:49:50 -0400

Actually, somebody with local administrator rights on his/her machine can
prevent group policy application to his/her machine.

Laura

> -----Original Message-----
> From: Arik Fletcher [mailto:arikf@joskos.com]
> Sent: Wednesday, September 10, 2003 11:44 AM
> To: robert@snrdesigns.com; Enrico Pastrello;
> focus-ms@securityfocus.com
> Subject: RE: Disabling sharing and group policies
>
>
> Group policies are applied in what is know as LSDO (or LSDOU)
> which stands for Local, Site, Domain, Organisational Unit.
> This is the order in which poilicies apply to a computer/user.
>
> One cannot 'bypass' group policies by editing the local
> registry because if there is a conflict between the local
> settings and the nearest parent container (i.e. an OU,
> Domain, or Site) these will override the local settings.
>
>
>
> -----Original Message-----
> From: Robert Blackwell [mailto:robert@snrdesigns.com]
> Sent: Wed 9/10/2003 5:11 AM
> To: Enrico Pastrello; focus-ms@securityfocus.com
> Cc:
> Subject: RE: Disabling sharing and group policies
>
>
>
> yes they can. In-fact, anyone who has physical access
> to the box can render
> the majority of group policy objects useless, but
> that's another story. I'm
> not too clear on what you are wanting to do. If you
> just want to get rid of
> the everyone share on a local machine, disallow all
> anonymous access and
> disable the guest account. the everyone share will
> still be there but it
> will be effectively disabled by these settings. group
> policies are not
> really needed to do this. Somebody please correct me if
> this is not the
> case.
>
> -----Original Message-----
> From: Enrico Pastrello [mailto:epastrello@altevie.com]
> Sent: Tuesday, September 09, 2003 8:40 AM
> To: focus-ms@securityfocus.com
> Subject: RE: Disabling sharing and group policies
>
>
> Maybe I'm saying something quite stupid but since group
> policies are saved
> in the registry,
> machine administrators can easilly bypass them.
>
> Greetings,
> Enrico Pastrello
>
> -----Original Message-----
> From: Matthew Wagenknecht
> [mailto:Matthew.Wagenknecht@quantum.com]
> Sent: luned́ 8 settembre 2003 18.49
> To: focus-ms@securityfocus.com
> Subject: Disabling sharing and group policies
>
>
> Is there a way with Group Policies to disable sharing
> without pulling users
> from the Administrator group or killing adminstrative
> shares? I'm looking
> for a way to reduce "everyone" shares without flogging
> end users. Strangely,
> that actually sounds fun.. ;c)
>
> Please keep flames off the list.
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Matt Wagenknecht, CISSP
> Security Administrator
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> Never be afraid to try something new.
> Remember, amateurs built the ark; professionals built
> the Titanic.
>
>
> This email may contain confidential and privileged
> information for the sole
> use of the intended recipient. Any review or
> distribution by others is
> strictly prohibited. If you are not the intended
> recipient, please contact
> the sender and delete all copies of this email message.
>
>
>
> --------------------------------------------------------------
> -------------
> KaVaDo provides the first and only integrated Web
> application scanner and
> firewall security suite that prevent Web applications
> attacks, the most
> common form of online exploitation. Download a FREE
> whitepaper on Security
> Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
>
> --------------------------------------------------------------
> -------------
>
>
>
> --------------------------------------------------------------
> -------------
> KaVaDo provides the first and only integrated Web
> application scanner and
> firewall security suite that prevent Web applications
> attacks, the most
> common form of online exploitation. Download a FREE
> whitepaper on Security
> Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
>
> --------------------------------------------------------------
> -------------
>
>
>
> --------------------------------------------------------------
> -------------
> KaVaDo provides the first and only integrated Web
> application scanner and
> firewall security suite that prevent Web applications
> attacks, the most
> common form of online exploitation. Download a FREE
> whitepaper on Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
>
> --------------------------------------------------------------
> -------------
>
>
>
>

---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------

• Previous message: Shackleford, Dave: "RE: Security for Win XP Home"
• In reply to: Arik Fletcher: "RE: Disabling sharing and group policies"
• Next in thread: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
• Maybe reply: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]