Home page logo

basics logo Security Basics mailing list archives

RE: Windoze GPO Question
From: "Jason Hurst" <Jason.Hurst () PandaRG com>
Date: Mon, 10 Nov 2008 14:42:55 -0800

Hi Jon,

Yes, the GPO's are not configured correctly.

Each GPO is downloaded to the local machine and applied at that machine,
otherwise all a hacker would have to do to defeat the security is to
unplug the machine.

They need to create an OU and different set of objects for mobile users,
and insure that the settings are appropriate for the mobile environment.

Jason Hurst
Network Security Administrator
Panda Restaurant Group
jason.hurst () pandarg com
Work: (626) 799-9898 ext. 8662
Direct: (626) 372-8038
Fax: (626) 372-8397
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Jon Kibler
Sent: Monday, November 10, 2008 12:25 PM
To: security-basics () securityfocus com
Subject: Windoze GPO Question

* PGP Signed by an unknown key


This may be slightly off topic, but I have a question about GPO scope.

I have a client that has a bunch of sales people who have laptops. When
they come into their office, they login to the domain. When they are on
the road, they login to 'this computer.'

The problem that the client is seeing has left me scratching my head
about how GP works. What is happening is the client has recently set
some new group policies that do things like specify which name servers
and other network resources a given OU is to use. Now, when these
laptops are taken on the road and the user tries to get Internet access,
it fails. Why? Because the GPO settings are overriding the DHCP settings
on 'this computer'.

What I don't understand is why DOMAIN OU GPOs are being applied outside
the scope of the domain. If you are not logging into the domain, why are
the domain GPOs in effect? This doesn't make sense. Has my client
somehow misconfigured AD?


Jon Kibler
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253

* Unknown Key
* 0xCF394253(L)

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]