RE: Active Directory Question
From: Topi Ylinen (topi.ylinen_at_NOODI.fi)
Date: 01/13/04
- Previous message: Mahaveer Saraswat: "Re: Active Directory Question"
- Maybe in reply to: Simon Taplin: "Active Directory Question"
- Next in thread: opticfiber: "Re: [work] RE: Active Directory Question"
- Reply: opticfiber: "Re: [work] RE: Active Directory Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'simont@pop.co.za'" <simont@pop.co.za> Date: Tue, 13 Jan 2004 09:02:05 +0200
> Is is possible to setup a policy on Win2000 Active Directory
> whereby you can
> use wildcards to deny users access to running certain
> programs, for example
> blocking userss running setup*.*
Even if this were possible, I'm not sure want you want to go this way.
Let's say I'm an Evil Guy trying to install a backdoor/privilege escalation
tool. Imaginary command prompt session follows (commmand prompt not really
needed since you could perform the same actions in Windows as well; I'm
using it here to illustrate a point).
(me tries to run an evil setup.exe)
C:\>setup
Access denied.
(oooh, now what?)
C:\>ren setup.exe utterlyharmlessprogram.exe
C:\>utterlyharmlessprogram
(here we go...)
You don't want to block files based on what they are *called* (file
extensions being the possible exception) but rather based on what they
*are* or what they *do*.
-- T. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Mahaveer Saraswat: "Re: Active Directory Question"
- Maybe in reply to: Simon Taplin: "Active Directory Question"
- Next in thread: opticfiber: "Re: [work] RE: Active Directory Question"
- Reply: opticfiber: "Re: [work] RE: Active Directory Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
