NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-MS> 2005-q1

RE: Users "bypassing" Group Policy restrictions

From: Laura A. Robinson (larobinsbellatlantic.net)
Date: Thu Jan 27 2005 - 19:17:29 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well, my first instinct would be to say that you have a managerial problem
rather than a technical problem. Have you considered using wireless NICs so
they can't disconnect 'em before the policy comes down? ;-)

Laura

> -----Original Message-----
> From: Edward VanDewars [mailto:gt4200byahoo.com]
> Sent: Thursday, January 27, 2005 8:29 AM
> To: focus-mssecurityfocus.com
> Subject: Users "bypassing" Group Policy restrictions
>
> We utilize Group Policies and Software Restriction Policies
> as the primary means of limiting unwanted user actions on our
> desktop machines.
>
> Recently, however, several of our more "creative"
> users have discovered that if they remove the ethernet cable
> from the computer immediately after logging in (i.e. as soon
> as their credentials are accepted) GPs are not
> downloaded/applied. These users then are able to use "net
> use" commands to map their necessary network drives so they
> can work with full access to resources usually mapped by GPs
> but without any of the restrictions/limitations we impose and
> without Software Restriction Policies preventing unwanted
> programs from running (i.e. my nightmare).
>
> Short of gluing in the ethernet cables, how can I prevent
> this bypassing of GPs? It appears that this is only an issue
> if a cached local profile does not exist on the computer.
> However, these computers use drive "freezing" software to
> make changes to local disks non-persistent. Thus, at each
> reboot a local cache of their profile is gone. I tried
> shortening the "Group Policy refresh interval for users" but
> obviously if they don't download the policy in the first
> place the computer will not see the shortened refresh interval.
>
> Any advice is greatly appreciated; thanks in advance.
>
>
>
>
> __________________________________
> Do you Yahoo!?
> All your favorites on one personal page Try My Yahoo!
> http://my.yahoo.com
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>
>

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]