OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NTBugtraq And NTSecurity Archives: NT System Policy for Win95 N

NT System Policy for Win95 Not downloaded when adding a space aft er domain name

Martin Kay (mkayORBISGROUP.COM.AU)
Thu, 18 Nov 1999 17:10:27 +1030

IF: a) System Policies are in use, AND
     b) Mandatory User Profiles are in use, AND
     c) the Mandatory user profiles (*.MAN files) being used were created
and made mandatory BEFORE the instigation of system policies...
THEN:
If a domain user logs into the domain, and adds a space (" ") after the
domain name, then the system policy is not downloaded/put into effect on the
PC concerned. Any security restriction in the policy is not in place.

Cause:
1) MANdatory user profiles are read only. System Policies change registry
settings "on the fly". Without mandatory profiles, the system policy
updates the user profile and thus security limitations are put into effect
thereafter as the user profile is saved back to the profile directory
(either roaming or locally).

2) This does not explain WHY policies are not run when logging in with a
space after the domain name.

Discovery:
At a private school in Adelaide, SA in late 1998, reproduced on my network
Jan 1999.

Fix:
Change user profiles back to writeable, login (without space) to get the
system policy changes, logout, rename user profiles to .MAN. Change had
then occured in the roaming user profile.

Martin Kay MCSE
Orbis Information Systems
Adelaide, SA

This archive was generated by hypermail 2.0b3 on Tue Nov 23 1999 - 08:37:20 CST