Users "bypassing" Group Policy restrictions
From: Edward VanDewars (gt4200b_at_yahoo.com)
Date: 01/27/05
- Previous message: John Madden: "DSQuery on active directory"
- Next in thread: Bryan S. Sampsel: "Re: Users "bypassing" Group Policy restrictions"
- Reply: Bryan S. Sampsel: "Re: Users "bypassing" Group Policy restrictions"
- Maybe reply: Miroslaw Slawek Chorazy: "Re: Users "bypassing" Group Policy restrictions"
- Maybe reply: Seyberth, Allan CIV BDQT: "RE: Users "bypassing" Group Policy restrictions"
- Reply: Laura A. Robinson: "RE: Users "bypassing" Group Policy restrictions"
- Maybe reply: Edward VanDewars: "RE: Users "bypassing" Group Policy restrictions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Jan 2005 05:28:40 -0800 (PST) To: focus-ms@securityfocus.com
We utilize Group Policies and Software Restriction
Policies as the primary means of limiting unwanted
user actions on our desktop machines.
Recently, however, several of our more "creative"
users have discovered that if they remove the ethernet
cable from the computer immediately after logging in
(i.e. as soon as their credentials are accepted) GPs
are not downloaded/applied. These users then are able
to use "net use" commands to map their necessary
network drives so they can work with full access to
resources usually mapped by GPs but without any of the
restrictions/limitations we impose and without
Software Restriction Policies preventing unwanted
programs from running (i.e. my nightmare).
Short of gluing in the ethernet cables, how can I
prevent this bypassing of GPs? It appears that this
is only an issue if a cached local profile does not
exist on the computer. However, these computers use
drive "freezing" software to make changes to local
disks non-persistent. Thus, at each reboot a local
cache of their profile is gone. I tried shortening
the "Group Policy refresh interval for users" but
obviously if they don't download the policy in the
first place the computer will not see the shortened
refresh interval.
Any advice is greatly appreciated; thanks in advance.
__________________________________
Do you Yahoo!?
All your favorites on one personal page – Try My Yahoo!
http://my.yahoo.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: John Madden: "DSQuery on active directory"
- Next in thread: Bryan S. Sampsel: "Re: Users "bypassing" Group Policy restrictions"
- Reply: Bryan S. Sampsel: "Re: Users "bypassing" Group Policy restrictions"
- Maybe reply: Miroslaw Slawek Chorazy: "Re: Users "bypassing" Group Policy restrictions"
- Maybe reply: Seyberth, Allan CIV BDQT: "RE: Users "bypassing" Group Policy restrictions"
- Reply: Laura A. Robinson: "RE: Users "bypassing" Group Policy restrictions"
- Maybe reply: Edward VanDewars: "RE: Users "bypassing" Group Policy restrictions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
