Re: Security
From: Andrew Mitchell (amitchell_at_removecasey.vic.gov.au)
Date: 02/04/05
- Next message: Andrew Mitchell: "Re: Group Policy-Security"
- Previous message: George Hester: "Re: I thought I knew Group Policy but Obviously I don't"
- In reply to: George Hester: "Re: Security"
- Next in thread: Ken B: "Re: Security"
- Reply: Ken B: "Re: Security"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 04 Feb 2005 01:43:11 -0800
"George Hester" <hesterloli@hotmail.com> said
> Not exactly. It's easy enough to call me a whiner when security fails.
> What would you like for me to show that although I may be whinning the
> issue still occurs or is for you "whinning" the be all and end all of
> the issue?
>
> I had set Group Policy on the domain controller so that the client could
> not change their homepage. Obviously that worked for changing the
> homepage on the client was unavailable. Now you tell me what more I
> could have done? Changing the homepage on the client was UNAVAILABLE.
> GREYED OUT. NOT POSSIBLE TO CHANGE THE HOME PAGE ON THE CL:IENT.
> Please tell me what more I could have done?
I don't know. You haven't provided anywhere near enough information.
>
> The client while connected to the domain controller visited a page on
> the net that used IE vulernabilities to change the home page. The new
> homepage was UNAVAILABLE on the client to change. GREYED OUT. NOT
> POSSIBLE TO CHANGE THE HOME PAGE ON THE CLIENT.
>
> I had to remove the Group Policy
You don't need to remove the GPO. Just temporarily move the user to an OU
that's not affected by it.
> so that I could restore the client's
> homepage AND clean out the registry entries that were changed.
Which registry keys were changed?
> The
> client had no access to the registry but the IE security issues sure
> did.
IE runs in the context of the user. It cannot alter keys that the user has
no permissions to alter. Preventing regedit from running does not protect
the registry. It just stops regedit from running. There are a number of
other ways of altering the registry.
> Whinning OK. These security issues will never be fixed if that is
> all you consider is important here. I think it is IE security issues
> and you think it is "whinning." No wonder these issues persist.
>
So instead of just stating that it happened, why don't you tell us exactly
what happened (which reg keys were altered etc.) so that someone can come
up with a solution?
So far all you have done is made very vague posts stating that the users
homepage setting was altered despite settings you have set in a GPO. You
made no request for assistance and didn't ask for any opinions on how to
prevent this via other settings or patches.
-- Andy.
- Next message: Andrew Mitchell: "Re: Group Policy-Security"
- Previous message: George Hester: "Re: I thought I knew Group Policy but Obviously I don't"
- In reply to: George Hester: "Re: Security"
- Next in thread: Ken B: "Re: Security"
- Reply: Ken B: "Re: Security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
