Re: Hackers - Prevent GPOs
- From: harrykrishna.nospam@xxxxxxxxx
- Date: Sun, 03 Jul 2005 16:12:24 GMT
If the person had local admin rights, they can block certain registry
keys from getting updated simply by changing the permissions on the
registry key. For example, if your domain had a gpo that set a legal
notice that popped up before logon, the user who has local admin
access can simply set the applicable registry keys so the policy
cannot update them. Of course the event log will bleed lots of errors
about policy errors, not being applied, etc. but the legal notice in
this example would not get applied to that machine.
If the person in question has signed their agreement not to mess with
company equipment, circumvent policies, etc, then fire them.
HTH
"Drew" <Drew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>Hello,
>
>In an effort to be proactive, I'm curious if there is any known registry
>hacks which can prevent domain policies from being applied to clients. Most
>users are administrators on their own machines, and the are a few machines
>that have had problems applying GPOs. Often times I'm worried that the users
>themselves are making changes that would prevent group policies from being
>applied, however I'm unaware of any hacks which can accomplish this. If there
>are any known ways to hack a machine to prevent GPOs from running, I would
>like to know, so I can take appropriate actions to try to prevent access to
>those particular keys.
>
>Does anyone know of any methods or web sites that have any of these hacks
>available?
Ha®®y
HarryKrishna.nospam@xxxxxxxxx
.
- Prev by Date: Re: advice on setup
- Next by Date: GP error
- Previous by thread: 2003 group policy problem
- Next by thread: Re: Hackers - Prevent GPOs
- Index(es):
Relevant Pages
|
