lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: yossarian at planet.nl (yossarian)
Subject: W2k users, local admin rights and GPOs

It makes me wonder, what legacy software needs local admin to function. In
my experience it is more common that the admins don't know or don't care how
to make ' strange ' software work under W2k, and generally it is software
considered not-supported and non-standardized. The last part usually gives a
useful vector to get rid of these security liabilities.
----- Original Message -----
From: "Exibar" <exibar@...lair.com>
To: "James Exim" <security@...m.dyndns.org>;
<full-disclosure@...ts.netsys.com>
Sent: Wednesday, October 29, 2003 4:54 PM
Subject: Re: [Full-Disclosure] W2k users, local admin rights and GPOs


> It's actually very easy to prevent any policies from coming down to your
> system if you have local admin rights.  What you do is first, delete the
> policies from the registry, then deny everyone (except for a locally
created
> user) access to the policy key.  You'll see the failures in the event log
> when a new policy attempts to get written.  Viola!  no more policies....
>
>   Easy as pie....
>
>   Exibar
>
>
> ----- Original Message -----
> From: "James Exim" <security@...m.dyndns.org>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Wednesday, October 29, 2003 3:50 AM
> Subject: [Full-Disclosure] W2k users, local admin rights and GPOs
>
>
> > It has been pointed out several times recently on the SF mailing lists
> that
> > a W2k user with local administrator rights can prevent group policy
> > application on his/her machine and there is apparently nothing the
domain
> > administrator(s) can do about it (see
> >
>
http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ms/2003-09/0106.h
tml
> > for an example)
> >
> > Does anyone know exactly (a) how, and (b) why this is possible?  Is
there
> > really no workaround other than removing the users from the local
> > Administrators group?  I keep discovering W2k machines where end users
> have
> > been granted local admin rights (yuk!) and I'm trying to convince the
> > relevant domain admins that, while this is an easy way to make legacy
> > software work, it isn't such a great idea from a security point of
view...
> >
> > Thanks,
> >
> > James
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists