RE: Disabling sharing and group policies
From: Tim Fritch (tfritch_at_swbanktx.com)
Date: 09/16/03
- Previous message: Pidgorny, Slav: "RE: Why Programs get written to need admin priveleges."
- Maybe in reply to: Matthew Wagenknecht: "Disabling sharing and group policies"
- Next in thread: Sergey V. Gordeychik: "RE: Disabling sharing and group policies"
- Maybe reply: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Sep 2003 09:33:27 -0500 To: <larobins@bellatlantic.net>, <focus-ms@securityfocus.com>
I would love to know that setting. We've had some issues with folder redirection and the like form a previous GPO enforcement. We haven't been able to completely wipe the changes on some of the IT pc's. Can you forward me the variables?
Tim
Tim Fritch
Information Protection
Compliance Manager
Southwest Bank of Texas
x26326
tfritch@swbanktx.com
-----Original Message-----
From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
Sent: Monday, September 15, 2003 8:37 AM
To: 'Arik Fletcher'; 'Dana Smith'; robert@snrdesigns.com; 'Enrico
Pastrello'; focus-ms@securityfocus.com
Subject: RE: Disabling sharing and group policies
There is a registry modification that can be made that configures the local
machine to not pull down group policies, effectively making it behave like a
workgroup machine in terms of policy application, but like a domain member
in terms of logon. Given the number of environments out there with people
who have admin rights on their machines, I am loath to give the exact
registry entry here.
Laura
> -----Original Message-----
> From: Arik Fletcher [mailto:arikf@joskos.com]
> Sent: Sunday, September 14, 2003 7:34 AM
> To: Dana Smith; larobins@bellatlantic.net;
> robert@snrdesigns.com; Enrico Pastrello; focus-ms@securityfocus.com
> Subject: RE: Disabling sharing and group policies
>
>
> lol, exacly what i was thinking... the whole point of GP is
> to take control AWAY from the local machine and centralise
> (or centralize for all you american-spellers) it.
>
> -----Original Message-----
> From: Dana Smith [mailto:dana_smith@comcast.net]
> Sent: Sat 13/09/2003 22:13
> To: larobins@bellatlantic.net; Arik Fletcher;
> robert@snrdesigns.com; 'Enrico Pastrello'; focus-ms@securityfocus.com
> Cc:
> Subject: RE: Disabling sharing and group policies
>
>
>
> Care to explain how?
>
> -----Original Message-----
> From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
> Sent: Thursday, September 11, 2003 11:50 AM
> To: 'Arik Fletcher'; robert@snrdesigns.com; 'Enrico Pastrello';
> focus-ms@securityfocus.com
> Subject: RE: Disabling sharing and group policies
>
>
> Actually, somebody with local administrator rights on
> his/her machine can
> prevent group policy application to his/her machine.
>
> Laura
>
> > -----Original Message-----
> > From: Arik Fletcher [mailto:arikf@joskos.com]
> > Sent: Wednesday, September 10, 2003 11:44 AM
> > To: robert@snrdesigns.com; Enrico Pastrello;
> > focus-ms@securityfocus.com
> > Subject: RE: Disabling sharing and group policies
> >
> >
> > Group policies are applied in what is know as LSDO (or LSDOU)
> > which stands for Local, Site, Domain, Organisational Unit.
> > This is the order in which poilicies apply to a computer/user.
> >
> > One cannot 'bypass' group policies by editing the local
> > registry because if there is a conflict between the local
> > settings and the nearest parent container (i.e. an OU,
> > Domain, or Site) these will override the local settings.
> >
> >
> >
> > -----Original Message-----
> > From: Robert Blackwell [mailto:robert@snrdesigns.com]
> > Sent: Wed 9/10/2003 5:11 AM
> > To: Enrico Pastrello; focus-ms@securityfocus.com
> > Cc:
> > Subject: RE: Disabling sharing and group policies
> >
> >
> >
> > yes they can. In-fact, anyone who has physical access
> > to the box can render
> > the majority of group policy objects useless, but
> > that's another story. I'm
> > not too clear on what you are wanting to do. If you
> > just want to get rid of
> > the everyone share on a local machine, disallow all
> > anonymous access and
> > disable the guest account. the everyone share will
> > still be there but it
> > will be effectively disabled by these settings. group
> > policies are not
> > really needed to do this. Somebody please correct me if
> > this is not the
> > case.
> >
> > -----Original Message-----
> > From: Enrico Pastrello [mailto:epastrello@altevie.com]
> > Sent: Tuesday, September 09, 2003 8:40 AM
> > To: focus-ms@securityfocus.com
> > Subject: RE: Disabling sharing and group policies
> >
> >
> > Maybe I'm saying something quite stupid but since group
> > policies are saved
> > in the registry,
> > machine administrators can easilly bypass them.
> >
> > Greetings,
> > Enrico Pastrello
> >
> > -----Original Message-----
> > From: Matthew Wagenknecht
> > [mailto:Matthew.Wagenknecht@quantum.com]
> > Sent: luned́ 8 settembre 2003 18.49
> > To: focus-ms@securityfocus.com
> > Subject: Disabling sharing and group policies
> >
> >
> > Is there a way with Group Policies to disable sharing
> > without pulling users
> > from the Administrator group or killing adminstrative
> > shares? I'm looking
> > for a way to reduce "everyone" shares without flogging
> > end users. Strangely,
> > that actually sounds fun.. ;c)
> >
> > Please keep flames off the list.
> >
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Matt Wagenknecht, CISSP
> > Security Administrator
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> >
> > Never be afraid to try something new.
> > Remember, amateurs built the ark; professionals built
> > the Titanic.
> >
> >
> > This email may contain confidential and privileged
> > information for the sole
> > use of the intended recipient. Any review or
> > distribution by others is
> > strictly prohibited. If you are not the intended
> > recipient, please contact
> > the sender and delete all copies of this email message.
> >
> >
> >
> > --------------------------------------------------------------
> > -------------
> > KaVaDo provides the first and only integrated Web
> > application scanner and
> > firewall security suite that prevent Web applications
> > attacks, the most
> > common form of online exploitation. Download a FREE
> > whitepaper on Security
> > Policy Automation for Web Applications.
> >
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> >
> > --------------------------------------------------------------
> > -------------
> >
> >
> >
> > --------------------------------------------------------------
> > -------------
> > KaVaDo provides the first and only integrated Web
> > application scanner and
> > firewall security suite that prevent Web applications
> > attacks, the most
> > common form of online exploitation. Download a FREE
> > whitepaper on Security
> > Policy Automation for Web Applications.
> >
> http://www.securityfocus.com/sponsor/KaVaDo_fo> cus-ms_030818
>
> >
> >
> --------------------------------------------------------------
> > -------------
> >
> >
> >
> > --------------------------------------------------------------
> > -------------
> > KaVaDo provides the first and only integrated Web
> > application scanner and
> > firewall security suite that prevent Web applications
> > attacks, the most
> > common form of online exploitation. Download a FREE
> > whitepaper on Security Policy Automation for Web Applications.
> >
> http://www.securityfocus.com/sponsor/KaVaDo_fo> cus-ms_030818
>
> >
> >
> --------------------------------------------------------------
> > -------------
> >
> >
> >
> >
>
>
>
> --------------------------------------------------------------
> -------------
> KaVaDo provides the first and only integrated Web
> application scanner and
> firewall security suite that prevent Web applications
> attacks, the most
> common form of online exploitation. Download a FREE
> whitepaper on
> Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
>
> --------------------------------------------------------------
> -------------
>
>
>
>
---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------
---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------
- Previous message: Pidgorny, Slav: "RE: Why Programs get written to need admin priveleges."
- Maybe in reply to: Matthew Wagenknecht: "Disabling sharing and group policies"
- Next in thread: Sergey V. Gordeychik: "RE: Disabling sharing and group policies"
- Maybe reply: robert_at_snrdesigns.com: "Re: RE: Disabling sharing and group policies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
