[windows2000] Re: How to tighten up your network - suggestions

  • From: Greg Reese <gareese@xxxxxxxxx>
  • To: windows2000@xxxxxxxxxxxxx
  • Date: Thu, 26 Mar 2009 12:17:36 -0500

i think a gpo restricting 16 bit apps will choke out command.com,  a gpo to
log off a user on roaming profile failure.  i think you can kill the run
command with a gpo too.  Or perhaps a local policy instead.  Just restrict
the mmc snapins list and registry tools while your at it.



On Thu, Mar 26, 2009 at 12:12 PM, Patrick <london31uk@xxxxxxxxx> wrote:

> ok guys, after some serious talking to, the kid has decided to let us in on
> some of his tricks.
>
>
>
> 1.      Download zip files allows him to get to the C: drive by being able
> to access the Temp Internet files.
>
> 2.      If he disconnects the computer from the network, it installs a
> local profile for him, giving him access to the C: drive and the “Run”
> command.
>
> 3.      He  runs a “compressed” cmd file from within PowerPoint.
>
> 4.      By running “Find Printer” he is able to find users accounts.
>
> 5.      He accesses “command.com” (the equivalent of cmd.exe).
>
> 6.      He runs cmd.exe to get to files on the servers.
>
>
> Should this kid not be studying, rather than keeping me busy?
>
>
> Anyway, just thought to share.
>
>
>
> Thanks
>
> Patrick
>
>  ------------------------------
> *From:* Jim Kenzig http://thin.ms <jkenzig@xxxxxxxxx>
> *To:* windows2000@xxxxxxxxxxxxx
> *Sent:* Wednesday, March 25, 2009 11:54:33 PM
> *Subject:* [windows2000] Re: How to tighten up your network - suggestions
>
> Yes I understand kids will be kids but it covers you.
> Jim Kenzig
> Blog: http://www.techblink.com
> Twitter: http://twitter.com/kenzig
> Twitter: http://twitter.com/InternetPilot
>
>
> On Wed, Mar 25, 2009 at 11:40 AM, Patrick <london31uk@xxxxxxxxx> wrote:
>
>>  Hi Jim,
>>
>> This is an idea I have suggested, and I think there is a good case to push
>> this forward. Whats I have found is that no matter how tight you try to make
>> things the kids will seek to break in. In most cases because they do not
>> understand what the consequences could be if enforced.
>>
>> Really annoying.
>>
>>
>>
>> Thanks
>>
>> Patrick
>>
>>  ------------------------------
>> *From:* Jim Kenzig http://thin.ms/ <jkenzig@xxxxxxxxx>
>> *To:* windows2000@xxxxxxxxxxxxx
>> *Sent:* Wednesday, March 25, 2009 1:59:44 PM
>>
>> *Subject:* [windows2000] Re: How to tighten up your network - suggestions
>>
>> Well I am not sure about Australia but here we do have computer hacking
>> laws and a simple "Your current computer activity appears to be illegal and
>> you may be prosecuted if you do not cease and desist" dm to the computer may
>> be enough.   You of course also make sure that you have a proper logon
>> privacy message in place prior to logon that requires an OK click.
>> Here is ours:
>> THIS SYSTEM IS FOR USE OF AUTHORIZED PERSONS AND ACTIVITIES ONLY!
>> Activities may be subject to monitoring, recording, and periodic audits
>> The system and all content are property of CCPL and are NOT considered
>> private.
>> The organization may access any users accounts or communications.
>> Anyone using this system expressly consents to the above and to all CCPL
>> Policies and Rules regarding
>> computer and Internet use and security.
>>   OK
>>
>> This should cover you legally at least.
>> Regards
>> Jim Kenzig
>> Blog: http://www.techblink.com
>> Twitter: http://twitter.com/kenzig
>> Twitter: http://twitter.com/InternetPilot
>>
>>
>> On Wed, Mar 25, 2009 at 9:42 AM, Berny Stapleton <berny@xxxxxxxxxxxxxxxxx
>> > wrote:
>>
>>> Yes, it was actually regedit and they were modifying the SAM.
>>>
>>> Quite clever really, but a little frustrating.
>>>
>>> 2009/3/25 Robert K Coffman Jr. -Info From Data Corp.
>>> <bcoffman@xxxxxxxxxxxxxxxx>:
>>>  > Scheduled task can run in System context & allow someone to launch a
>>> cmd
>>> > prompt or something with basically full control of the system.
>>> >
>>> > -----Original Message-----
>>> > From: windows2000-bounce@xxxxxxxxxxxxx
>>> > [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sorin Srbu
>>> > Sent: Wednesday, March 25, 2009 3:39 AM
>>> > To: windows2000@xxxxxxxxxxxxx
>>> > Subject: [windows2000] Re: How to tighten up your network - suggestions
>>> >
>>> > Could you please elaborate on the scheduler thing, what's that about?
>>> Thx.
>>> > --
>>> > /Sorin
>>> >
>>> >
>>> >>-----Original Message-----
>>> >>From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-
>>> >>bounce@xxxxxxxxxxxxx] On Behalf Of Berny Stapleton
>>> >>Sent: Tuesday, March 24, 2009 9:38 PM
>>> >>To: windows2000@xxxxxxxxxxxxx
>>> >>Subject: [windows2000] Re: How to tighten up your network - suggestions
>>> >>
>>> >>Oh, turn off the scheduler. Keep your patches up to date. (That's the
>>> >>one that caught me)
>>> >
>>> >
>>> > **********************
>>> > To Unsubscribe, set digest or vacation
>>> > mode or view archives use the below link.
>>> >
>>> > http://www.freelists.org/list/windows2000
>>> >
>>> **********************
>>> To Unsubscribe, set digest or vacation
>>> mode or view archives use the below link.
>>>
>>> http://www.freelists.org/list/windows2000
>>>
>>
>>
>>
>
>

Other related posts: