Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: bypassing Windows Domain Group Policy Objects
From: "Neil Hunt" <Neil.Hunt () bdigital com au>
Date: Fri, 28 Apr 2006 08:51:14 +0800

Michael Holstein said:

Other possible solution, cripple gpupdate.exe (XP) or 
secedit.exe (2K) 
through permissions (eg: remove 'localsystem:execute'). 
Deleting them will 
just trigger WFP to replace.

/mike.

Exibar said:


   Hmmmm.....  sounds like a good plan :-)   I'll test that 
out!   thanks!

  Ex 


This does indeed work, but, if the site is using WSUS or similar, then
the machine will stick out like a sore thumb.  The windows admin here,
however, doesn't monitor WSUS, so that fact that my machine hasn't
reported in 90 days hasn't registered.

Neil

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]