[windows2000] Re: How to tighten up your network - suggestions

  • From: "Jim Kenzig http://thin.ms" <jkenzig@xxxxxxxxx>
  • To: windows2000@xxxxxxxxxxxxx
  • Date: Fri, 27 Mar 2009 08:05:35 -0400

Why can't you just use local security and restrict access to the
command.comfile?  You can also restrict access to your network drives
to authorized
users via security policy and block mapping drives via local security
policy. There is also a local policy to prevent scanning for printers.  on
the network.

As far as the local profile thing there is also local policy to not load
local profiles and disconnect when there is no network detected.
Jim Kenzig
Blog: http://www.techblink.com
Twitter: http://twitter.com/kenzig
Twitter: http://twitter.com/InternetPilot


On Thu, Mar 26, 2009 at 1:12 PM, Patrick <london31uk@xxxxxxxxx> wrote:

> ok guys, after some serious talking to, the kid has decided to let us in on
> some of his tricks.
>
>
>
> 1.      Download zip files allows him to get to the C: drive by being able
> to access the Temp Internet files.
>
> 2.      If he disconnects the computer from the network, it installs a
> local profile for him, giving him access to the C: drive and the “Run”
> command.
>
> 3.      He  runs a “compressed” cmd file from within PowerPoint.
>
> 4.      By running “Find Printer” he is able to find users accounts.
>
> 5.      He accesses “command.com” (the equivalent of cmd.exe).
>
> 6.      He runs cmd.exe to get to files on the servers.
>
>
> Should this kid not be studying, rather than keeping me busy?
>
>
> Anyway, just thought to share.
>
>
>
> Thanks
>
> Patrick
>
>  ------------------------------
> *From:* Jim Kenzig http://thin.ms <jkenzig@xxxxxxxxx>
> *To:* windows2000@xxxxxxxxxxxxx
> *Sent:* Wednesday, March 25, 2009 11:54:33 PM
>
> *Subject:* [windows2000] Re: How to tighten up your network - suggestions
>
> Yes I understand kids will be kids but it covers you.
> Jim Kenzig
> Blog: http://www.techblink.com
> Twitter: http://twitter.com/kenzig
> Twitter: http://twitter.com/InternetPilot
>
>
> On Wed, Mar 25, 2009 at 11:40 AM, Patrick <london31uk@xxxxxxxxx> wrote:
>
>>  Hi Jim,
>>
>> This is an idea I have suggested, and I think there is a good case to push
>> this forward. Whats I have found is that no matter how tight you try to make
>> things the kids will seek to break in. In most cases because they do not
>> understand what the consequences could be if enforced.
>>
>> Really annoying.
>>
>>
>>
>> Thanks
>>
>> Patrick
>>
>>  ------------------------------
>> *From:* Jim Kenzig http://thin.ms/ <jkenzig@xxxxxxxxx>
>> *To:* windows2000@xxxxxxxxxxxxx
>> *Sent:* Wednesday, March 25, 2009 1:59:44 PM
>>
>> *Subject:* [windows2000] Re: How to tighten up your network - suggestions
>>
>> Well I am not sure about Australia but here we do have computer hacking
>> laws and a simple "Your current computer activity appears to be illegal and
>> you may be prosecuted if you do not cease and desist" dm to the computer may
>> be enough.   You of course also make sure that you have a proper logon
>> privacy message in place prior to logon that requires an OK click.
>> Here is ours:
>> THIS SYSTEM IS FOR USE OF AUTHORIZED PERSONS AND ACTIVITIES ONLY!
>> Activities may be subject to monitoring, recording, and periodic audits
>> The system and all content are property of CCPL and are NOT considered
>> private.
>> The organization may access any users accounts or communications.
>> Anyone using this system expressly consents to the above and to all CCPL
>> Policies and Rules regarding
>> computer and Internet use and security.
>>   OK
>>
>> This should cover you legally at least.
>> Regards
>> Jim Kenzig
>> Blog: http://www.techblink.com
>> Twitter: http://twitter.com/kenzig
>> Twitter: http://twitter.com/InternetPilot
>>
>>
>> On Wed, Mar 25, 2009 at 9:42 AM, Berny Stapleton <berny@xxxxxxxxxxxxxxxxx
>> > wrote:
>>
>>> Yes, it was actually regedit and they were modifying the SAM.
>>>
>>> Quite clever really, but a little frustrating.
>>>
>>> 2009/3/25 Robert K Coffman Jr. -Info From Data Corp.
>>> <bcoffman@xxxxxxxxxxxxxxxx>:
>>>  > Scheduled task can run in System context & allow someone to launch a
>>> cmd
>>> > prompt or something with basically full control of the system.
>>> >
>>> > -----Original Message-----
>>> > From: windows2000-bounce@xxxxxxxxxxxxx
>>> > [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sorin Srbu
>>> > Sent: Wednesday, March 25, 2009 3:39 AM
>>> > To: windows2000@xxxxxxxxxxxxx
>>> > Subject: [windows2000] Re: How to tighten up your network - suggestions
>>> >
>>> > Could you please elaborate on the scheduler thing, what's that about?
>>> Thx.
>>> > --
>>> > /Sorin
>>> >
>>> >
>>> >>-----Original Message-----
>>> >>From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-
>>> >>bounce@xxxxxxxxxxxxx] On Behalf Of Berny Stapleton
>>> >>Sent: Tuesday, March 24, 2009 9:38 PM
>>> >>To: windows2000@xxxxxxxxxxxxx
>>> >>Subject: [windows2000] Re: How to tighten up your network - suggestions
>>> >>
>>> >>Oh, turn off the scheduler. Keep your patches up to date. (That's the
>>> >>one that caught me)
>>> >
>>> >
>>> > **********************
>>> > To Unsubscribe, set digest or vacation
>>> > mode or view archives use the below link.
>>> >
>>> > http://www.freelists.org/list/windows2000
>>> >
>>> **********************
>>> To Unsubscribe, set digest or vacation
>>> mode or view archives use the below link.
>>>
>>> http://www.freelists.org/list/windows2000
>>>
>>
>>
>>
>
>

Other related posts: