|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: NT System Policy for Win95 Not downloaded when adding a space aft er domain name
Subject: Re: NT System Policy for Win95 Not downloaded when adding a space aft er domain name
From: Martin Kay (mkay
ORBISGROUP.COM.AU)
Date: Mon Nov 29 1999 - 17:18:34 CST
- Next message: John Liss: "Re: Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability"
- Previous message: Ussr Labs: "Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability"
- Maybe in reply to: Martin Kay: "NT System Policy for Win95 Not downloaded when adding a space aft er domain name"
- Maybe reply: Martin Kay: "Re: NT System Policy for Win95 Not downloaded when adding a space aft er domain name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thanks for that David. After you mentioned an MS Patch, I tried technet
again and found Q237923 Policy Not Applied Logging On Using a Space in the
Domain Name...
So I guess MS *DID* actually read the emails I sent them, after all!!!
Martin Kay MCSE
Orbis Information Systems
Adelaide, SA
-----Original Message-----
From: David Anders [mailto:dandersentrance.net]
Sent: Wednesday, 24 November 1999 10:37
To: 'Martin Kay '; 'NTBUGTRAQLISTSERV.NTBUGTRAQ.COM '
Subject: RE: NT System Policy for Win95 Not downloaded when adding a
space aft er domain name
MS wrote a specific patch for this. I had the joyous task of heading to
said private school and seeing if it worked. On the sample set I tried it
on, it was fine, and the fix 'was to be included in the next service pack'
said MS.
-
David Anders (DSE, MCP+I, MCSE)
Entrance.net
-----Original Message-----
From: Martin Kay
To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Sent: 18/11/99 17:10
Subject: NT System Policy for Win95 Not downloaded when adding a space aft
er domain name
IF: a) System Policies are in use, AND
b) Mandatory User Profiles are in use, AND
c) the Mandatory user profiles (*.MAN files) being used were
created
and made mandatory BEFORE the instigation of system policies...
THEN:
If a domain user logs into the domain, and adds a space (" ") after the
domain name, then the system policy is not downloaded/put into effect on
the
PC concerned. Any security restriction in the policy is not in place.
Cause:
1) MANdatory user profiles are read only. System Policies change
registry
settings "on the fly". Without mandatory profiles, the system policy
updates the user profile and thus security limitations are put into
effect
thereafter as the user profile is saved back to the profile directory
(either roaming or locally).
2) This does not explain WHY policies are not run when logging in with a
space after the domain name.
Discovery:
At a private school in Adelaide, SA in late 1998, reproduced on my
network
Jan 1999.
Fix:
Change user profiles back to writeable, login (without space) to get the
system policy changes, logout, rename user profiles to .MAN. Change had
then occured in the roaming user profile.
Martin Kay MCSE
Orbis Information Systems
Adelaide, SA
- Next message: John Liss: "Re: Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability"
- Previous message: Ussr Labs: "Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability"
- Maybe in reply to: Martin Kay: "NT System Policy for Win95 Not downloaded when adding a space aft er domain name"
- Maybe reply: Martin Kay: "Re: NT System Policy for Win95 Not downloaded when adding a space aft er domain name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Mon Dec 06 1999 - 21:00:45 CST