Vulnerability Development mailing list archives
Re: Vulnerability in Windows 2000 policy
From: Andrew Reisse <areisse () WAM UMD EDU>
Date: Mon, 23 Oct 2000 19:17:06 -0400
The settings in the policy editor "disable registry editing tools" are almost useless. Their only function is to provide a flag that microsoft's supplied regedit checks, and exits if set. A user can install a different registry-editing tool, and use it instead. The proper way to secure the registry is to set ACL's (use regedt32 for this) on keys that are security-critical. On Tue, Oct 17, 2000 at 05:44:43PM +0200, Andrejus Stavickis wrote:
Hi, as You know, there are a group policies in Windows 2000. So i done an experiment with it. software: Windows 2000 Server SP1, Windows 2000 Professional SP1. Workaround: 1. create a domain, or OU group policy, which disables registry editing tools. Now user should not run regedit.exe and regedt32.exe, and it's true, but user still able to merge .REG file into the registry. So there are one step for user needed to disable policies: create a .reg file and merge it into the registry, Also there are a possibility to control file extensions, but it's don't help. Solution: You must disable regedit.exe and regedt32.exe together with registry editing tools. Sincerely, --Andrejus Stavickis (MCSE+I, MCSD, MCDBA, MCT) KTU SC UESM Studentu 48a-203 Kaunas, 3028 LITHUANIA phone: +370 7 300633 Cellular phone: +370 87 15664 fax: +370 7 352995 ICQ: 2402709
Current thread:
- Vulnerability in Windows 2000 policy Andrejus Stavickis (Oct 24)
- Re: Vulnerability in Windows 2000 policy Masial (Oct 24)
- Re: Vulnerability in Windows 2000 policy Andrew Reisse (Oct 24)