Mark Russinovich’s technical blog covering topics such as Windows troubleshooting, technologies and security.
Interesting Post ottoh
Is that right about blocking viruses though - I can see it might stop a rogue dll or exe running (assuming these don't appear in the whitelist) but will it stop a word macro virus (assuming the user is allowed to run word).
Does the group policy check the provenance of the executable that is being asked to run? If the infected executable calls itself notebook.exe does Group Policy check where it is being loaded from or (better) some hashed checksum.
Apologies if I'm misunderstanding the point, I'm not an expert on Group Policy and I'm interested to know if our implementation is secure as I've been told.
Note: I'm not proposing to do away with AV - I'm more interested to know if the user can circumvent the controls even if we have used the whitelist as suggested earlier.
In Win 98 if you whitelisted Word.exe it would still run nastyvirus.exe as long as you renamed it Word.exe
Hey, this tool is amazing, I found it some 4 years ago and used it in college to run "Unreal Tournament 1999" on the college computers, I owe you so much for giving me that opportunity since it was great to chill out with everyone in my class and n lecturers!! playing UT99.exe :D
I just found this on an old hard-drive and came to checkout the site where the best days of my life began :p
I tried using this tool but the Group Policy Restrictions still don't allow me to run gpdisable itself... What do I do?
For anyone using windows 7 - the easiest way to do this, is disjoin win7 from the domain, and run XP mode or any other Virtual pc, and join THAT to the domain. this way, you get access to critical hardware controls (like perhaps at home you don't want the laptop to use ipv4 or want to use maximum peformance power plan, etc etc).