lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00a001c39e35$0ded59e0$1214dd80@mpb2001>
From: exibar at thelair.com (Exibar)
Subject: W2k users, local admin rights and GPOs

It's actually very easy to prevent any policies from coming down to your
system if you have local admin rights.  What you do is first, delete the
policies from the registry, then deny everyone (except for a locally created
user) access to the policy key.  You'll see the failures in the event log
when a new policy attempts to get written.  Viola!  no more policies....

  Easy as pie....

  Exibar


----- Original Message ----- 
From: "James Exim" <security@...m.dyndns.org>
To: <full-disclosure@...ts.netsys.com>
Sent: Wednesday, October 29, 2003 3:50 AM
Subject: [Full-Disclosure] W2k users, local admin rights and GPOs


> It has been pointed out several times recently on the SF mailing lists
that
> a W2k user with local administrator rights can prevent group policy
> application on his/her machine and there is apparently nothing the domain
> administrator(s) can do about it (see
>
http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ms/2003-09/0106.html
> for an example)
>
> Does anyone know exactly (a) how, and (b) why this is possible?  Is there
> really no workaround other than removing the users from the local
> Administrators group?  I keep discovering W2k machines where end users
have
> been granted local admin rights (yuk!) and I'm trying to convince the
> relevant domain admins that, while this is an easy way to make legacy
> software work, it isn't such a great idea from a security point of view...
>
> Thanks,
>
> James
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ