|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Users "bypassing" Group Policy restrictions
From: Bryan S. Sampsel (bsampsel
libertyactivist.org)
Date: Thu Jan 27 2005 - 16:12:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
First question. Are there company management policies in place to deal
with this? For instance, some employers will fire offending employees for
violating such policies.
Second question. Have you even talked to management about the activities
of some employees in this situation?
First, a company needs some documented (and preferably, signed
acknowledgements) policies. Second, when you find a violation, collect
the PC up as evidence...treating the situation like you would for any
investigation. I'd recommend using the CISSP type guidelines: unplug the
PC (powered up or not) and image the drive for evidence. Then present the
evidence to management to take appropriate action.
Caveat: do not make policies without consulting legal experts. The laws
and ruling vary greatly depending on where you live.
Second, if everything is set up, this is an issue for management. And if
you can get the backing, disconnect the PC entirely from the network until
management has resolved the issue and given you a green light to reconnect
the system.
Sincerely,
Bryan S. Sampsel
LibertyActivist.org
Edward VanDewars said:
> We utilize Group Policies and Software Restriction
> Policies as the primary means of limiting unwanted
> user actions on our desktop machines.
>
> Recently, however, several of our more "creative"
> users have discovered that if they remove the ethernet
> cable from the computer immediately after logging in
> (i.e. as soon as their credentials are accepted) GPs
> are not downloaded/applied. These users then are able
> to use "net use" commands to map their necessary
> network drives so they can work with full access to
> resources usually mapped by GPs but without any of the
> restrictions/limitations we impose and without
> Software Restriction Policies preventing unwanted
> programs from running (i.e. my nightmare).
>
> Short of gluing in the ethernet cables, how can I
> prevent this bypassing of GPs? It appears that this
> is only an issue if a cached local profile does not
> exist on the computer. However, these computers use
> drive "freezing" software to make changes to local
> disks non-persistent. Thus, at each reboot a local
> cache of their profile is gone. I tried shortening
> the "Group Policy refresh interval for users" but
> obviously if they don't download the policy in the
> first place the computer will not see the shortened
> refresh interval.
>
> Any advice is greatly appreciated; thanks in advance.
>
>
>
>
> __________________________________
> Do you Yahoo!?
> All your favorites on one personal page – Try My Yahoo!
> http://my.yahoo.com
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]