RE: [ActiveDir] 2003 SP1 RTM

[Lou Vega]

All in all, not an earth shattering bug, but still something that in my opinion really needs to be fixed.   Since I told Microsoft Security I wouldn’t release details on this bug until they had a chance to fix it, I won’t go into the details here. However, since it has been since May 2004 and they apparently have not addressed it in the current SP, I’ll say this….Basically it was a bug where you could effectively disable the Restricted Groups feature of Group Policy allowing anyone to remain in the group even if it was listed as Restricted. As an added bonus, the OS doesn’t even generate any event log entries…all Security Policy refreshes are listed with no problems in the event log. It’s not remotely exploitable or anything like that; just something that I really felt should be addressed.   Regards, Lou         From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM   Lou, what security fix are you asking about? I am in Security, and I’ve been doing SP1 for a while now, so I may be able to respond in less that 11 words ;) Or, I may be able to chase it up for you.   Deji   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 9:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM   FWIW - I just installed it on a test server (domain controller for a "play network") and it appears fine at the moment. If there are any Microsoft Security Team folks on board listening, I'm personally curious to see if a particular fix has been added to this SP since I was told it would be when I reported a problem last May. Upon the initial install of the SP, it would appear as if it were not fixed.   r/ Lou     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 11:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM   I am certainly going to be waiting to install this one for a while........ to many changes to jump right into it.   David A. Marquis Computer Systems Administrator       List info   : http://www.activedir.org/List.aspx List FAQ    : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/