RE: Betr.: Active Directory Question
From: Dimitri Bertolami (Dimitri_at_staf.pi.be)
Date: 01/12/04
- Previous message: Marc Fossi: "Article Announcement: Locking your door in 2004"
- In reply to: Philip Wagenaar: "Betr.: Active Directory Question"
- Next in thread: Erick Grau: "RE: Betr.: Active Directory Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Philip Wagenaar" <p.wagenaar@accon.nl>, <simont@pop.co.za>, <focus-ms@securityfocus.com> Date: Mon, 12 Jan 2004 16:47:59 +0100
I beg to differ slightly , true in active directory there's no policy that
could enable such an option.
BUT : you can prevent people from using applications that use installshield
to write to the registry etc.
(you can deny that too via secpol.msc) and that would be allmost the same as
what you want for your company.
so deny your power users and normal users to access the registry , deny
users access to commandprompt (use cacls)
so that they can't play with 'privilege escallation toys' from commandline.
Kind regards,
Dimitri Bertolami
2nd line operator
Uninet International
N.V./Planet Internet
a Scarlet company
tel : 03-2752727
-----Original Message-----
From: Philip Wagenaar [mailto:p.wagenaar@accon.nl]
Sent: maandag 12 januari 2004 15:49
To: simont@pop.co.za; focus-ms@securityfocus.com
Subject: Betr.: Active Directory Question
Simply no....
Met vriendelijke groet,
Philip Wagenaar
Junior Projectleider ICT
AccoN Accountants & Adviseurs
ICT Project Bureau
Postbus 5090
6802 EB Arnhem
The Netherlands
tel. +31 (0)26-3842384
fax. +31 (0)26-3630222
mobile: +31 (0)6-25388935
MSN/E-mail: p.wagenaar@accon.nl
http://www.accon.nl
>>> "Simon Taplin" <simont@pop.co.za> 10-01-04 18:16 >>>
Is is possible to setup a policy on Win2000 Active Directory whereby you can
use wildcards to deny users access to running certain programs, for example
blocking userss running setup*.*
Thanks
Simon
--- This email is hopefully virus free as it has been Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.558 / Virus Database: 350 - Release Date: 2004/01/02 ################################################################## Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde. De informatie hierin is vertrouwelijk, zodat het derden niet is toegestaan om daarvan kennis te nemen of dit te verstrekken aan andere derden. Indien u dit e-mail bericht ontvangt terwijl het niet voor u bestemd is, verzoeken wij u contact op te nemen met de afzender en de informatie te verwijderen van iedere computer. Bij voorbaat dank. ================================================================== The information transmitted in this e-mail is intended only for the person or entity to which it is addressed and contains confidential information. Any review, retransmission or other use by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Thank you. ################################################################## ############################################################################ ######### This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal ############################################################################ ######### --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Marc Fossi: "Article Announcement: Locking your door in 2004"
- In reply to: Philip Wagenaar: "Betr.: Active Directory Question"
- Next in thread: Erick Grau: "RE: Betr.: Active Directory Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
