NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-MS> 2004-q2

RE: Doubleclick programs entry on start menu

From: Jordan Wiseman (Jordan_WisemanValleymed.org)
Date: Mon Jun 14 2004 - 10:56:49 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well,

There are a few tricks we used to use to keep "eager" users from doing
similar things on public workstations. Basically, you can change the
default behavior for what Explorer will try to do when a user double
clicks (and the contents of the context menu when a user right-clicks)
on a folder. Just like adding custom file associations.

However, the question should be asked first (because of how these could
affect the user interface) are you publishing desktops to your users, or
just seamless applications? In other words...do they need to browse
folders outside the normal common dialogs?

Jordan

-----Original Message-----
From: James D. Stallard [mailto:jamesleafgrove.com]
Sent: Friday, June 11, 2004 2:02 PM
To: focus-mssecurityfocus.com
Subject: Doubleclick programs entry on start menu

Folks

A client has asked this of me and I am looking for a little best
practice
guidance:

We have a W2K/Terminal Server/Citrix policy implemented to restict users
from accessing the systemdrive. (M:)

The systemdrive is also hidden and not accessible because of this
policy.

Eveything works fine BUT we discovered that when a user opens his START
menu and he/she doubleclicks on "Programs" the windows explorer opens
M:\Documents and Settings\%username%\Start Menu\Programs. From that
point the user can navigate up to the systemroot.

OS is Windows 2000

I don't believe that a policy exists in Windows 2000 that will affect
this behaviour.

Any thoughts around policies or NTFS rights that I can use to stop or
mitigate this?

Thanks in advance
Cheers

James D. Stallard

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]