Circumventing Group Policy as a Limited User

re: Circumventing Group Policy as a Limited User

John Brightwell — Fri, 22 Jun 2007 16:51:51 GMT

Interesting Post ottoh

Is that right about blocking viruses though - I can see it might stop a rogue dll or exe running (assuming these don't appear in the whitelist) but will it stop a word macro virus (assuming the user is allowed to run word).

Does the group policy check the provenance of the executable that is being asked to run? If the infected executable calls itself notebook.exe does Group Policy check where it is being loaded from or (better) some hashed checksum.

Apologies if I'm misunderstanding the point, I'm not an expert on Group Policy and I'm interested to know if our implementation is secure as I've been told.

Note: I'm not proposing to do away with AV - I'm more interested to know if the user can circumvent the controls even if we have used the whitelist as suggested earlier.

re: Circumventing Group Policy as a Limited User

Stephen Jones — Mon, 04 Feb 2008 15:56:07 GMT

In Win 98 if you whitelisted Word.exe it would still run nastyvirus.exe as long as you renamed it Word.exe

re: Circumventing Group Policy as a Limited User

Dean Williams — Tue, 27 Oct 2009 23:05:26 GMT

Hey, this tool is amazing, I found it some 4 years ago and used it in college to run "Unreal Tournament 1999" on the college computers, I owe you so much for giving me that opportunity since it was great to chill out with everyone in my class and n lecturers!! playing UT99.exe :D

I just found this on an old hard-drive and came to checkout the site where the best days of my life began :p