RE: Disabling sharing and group policies
From: Robert Blackwell (robert_at_snrdesigns.com)
Date: 09/14/03
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #154"
- Maybe in reply to: Matthew Wagenknecht: "Disabling sharing and group policies"
- Next in thread: Laura A. Robinson: "RE: Disabling sharing and group policies"
- Maybe reply: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
- Reply: Laura A. Robinson: "RE: Disabling sharing and group policies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Focus-Ms" <focus-ms@securityfocus.com> Date: Sun, 14 Sep 2003 13:18:02 -0700
This was off topic from what Matt was originally asking about but I will
clarify somewhat here. As far is I know at this point in time, a standard
user on an active directory domain cannot change group policy objects. Once
the local machine is off of the domain the picture changes dramatically. Get
local administrator access by using your favorite exploit ( Mount from
Linux, hash the repair dir...etc ), log on to local machine as administrator
and make whatever changes to the registry you want. This will not stay if
you log back onto the domain but it allows you to install programs and
things of that nature that will hang around after you log back on to the
domain.
If a domain user is anything higher than user(has registry write access),
they will be able to edit the registry with a third party reg app and
suppress group policy refresh and edit all other registry values for the
local machine that GPA has put in place. These will stay in effect until the
machine is rebooted or the network connection is lost.
I'm not an authority on the group policy admin at the domain level but I
believe there are settings that can be changed to make all of this at least
more difficult to accomplish. I was simply trying to point out that group
policies are not an iron clad security measure. I would tend to consider
them more of an obfuscation tool but a good tool nonetheless as long as it
is used correctly.
---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #154"
- Maybe in reply to: Matthew Wagenknecht: "Disabling sharing and group policies"
- Next in thread: Laura A. Robinson: "RE: Disabling sharing and group policies"
- Maybe reply: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
- Reply: Laura A. Robinson: "RE: Disabling sharing and group policies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
