Message: 4 From: "Exibar" <[EMAIL PROTECTED]> To: "James Exim" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: Re: [Full-Disclosure] W2k users, local admin rights and GPOs Date: Wed, 29 Oct 2003 10:54:49 -0500
It's actually very easy to prevent any policies from coming down to your system if you have local admin rights. What you do is first, delete the policies from the registry, then deny everyone (except for a locally created user) access to the policy key. You'll see the failures in the event log when a new policy attempts to get written. Viola! no more policies.... Easy as pie.... Exibar Do not give local users admin rights. Do not use software that requires this(Vendors will tell you that their packages do because they are too lazy or too cheap to find out What administrative rights are needed. They also write a lot of crap that needlessly Requires ADMIN rights. Guess those offshore programers aren't too worried about this issue. So the answer is don't do this, it's an open invitation for pernicious browser based trojans to install themselves anyway. We have had more than one user call and ask what it means to have an install program that they weren't supposed to be running fail with insufficient rights. Makes my day every time it happens. Dan Sichel Ponderosa Telephone _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
