Re: Inherent weaknesses in NT system policies

[listuser () SEIFRIED ORG (Kurt Seifried)]

> There are certain key vulnerabilities in NT's System Policies that allow
> most restrictions to be by-passed. For instance, although Registry Editing
> tools can be disabled this restriction can be avoided with ease, but more
on
> that later.
>
> Consider a restrictive user System Policy where the user's shell is
> Explorer.exe and it only allows the Microsoft Word application
(winword.exe)
> to be run. It is launched from an icon on the desktop. This is the only
icon
> present. So the user can perform their work, write documents and save them,
> they are give write NTFS permissions only to their profile directory. The
> Registry editing tools have been disabled.
>
> This policy can be broken in a matter of minutes:

As any good little MCSE learns:

Give the full pathname to the programs you want to allow them to run. This
makes it a lot safer. There are ways around even this of course. NT is not
secure against a determined user, just boot from a floppy and replace the
registry if you really want to. I haven't looked in depth yet but MSIE 5.0
comes with it's own policy restrictions/etc (quite a few actually), I'm not
100% sure how they interact with NT's user policies/etc, but once I get a
chance to play with it some more I'll post that up.

-seifried, MCSE
https://www.seifried.org/