Group Policy Insecurity

Discussion in 'NZ Computing' started by Lawrence D'Oliveiro, Aug 1, 2009.

  1. Previously people have been saying how wonderful Microsoft's Group Policy
    system is in letting them lock down and securely administer workstations
    across an organization.

    Turns out Group Policy is not intended as a security mechanism. From
    <http://en.wikipedia.org/wiki/Group_Policy>:

    A problem with the per-user policies is that they're only enforced
    voluntarily by the targeted applications. A malevolent user can
    interfere with the application so that it cannot successfully read its
    group policy settings (thus enforcing potentially lower security
    defaults) or even return arbitrary values. The user can also create a
    copy of the application at a writable location, and modify it such that
    it ignores the settings.
     
    Lawrence D'Oliveiro, Aug 1, 2009
    #1
    1. Advertising

  2. Lawrence D'Oliveiro

    Gordon Guest

    On 2009-08-01, Lawrence D'Oliveiro <_zealand> wrote:
    > Previously people have been saying how wonderful Microsoft's Group Policy
    > system is in letting them lock down and securely administer workstations
    > across an organization.
    >
    > Turns out Group Policy is not intended as a security mechanism. From
    ><http://en.wikipedia.org/wiki/Group_Policy>:
    >
    > A problem with the per-user policies is that they're only enforced
    > voluntarily by the targeted applications. A malevolent user can
    > interfere with the application so that it cannot successfully read its
    > group policy settings (thus enforcing potentially lower security
    > defaults) or even return arbitrary values. The user can also create a
    > copy of the application at a writable location, and modify it such that
    > it ignores the settings.
    >

    Yep, just like real life. Got a secret. Tell no one. Otherwise it is not.
     
    Gordon, Aug 2, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?UGhvZW5peCBDeWNsaXN0?=

    Group policy with no group

    =?Utf-8?B?UGhvZW5peCBDeWNsaXN0?=, Mar 15, 2007, in forum: Wireless Networking
    Replies:
    1
    Views:
    518
    Jack \(MVP-Networking\).
    Mar 15, 2007
  2. Peter

    Outlook Insecurity

    Peter, Oct 6, 2003, in forum: NZ Computing
    Replies:
    2
    Views:
    361
    Nathan Mercer
    Oct 6, 2003
  3. Lawrence D¹Oliveiro

    Microsoft IIS insecurity

    Lawrence D¹Oliveiro, May 3, 2005, in forum: NZ Computing
    Replies:
    26
    Views:
    809
    Lawrence D¹Oliveiro
    May 11, 2005
  4. Lawrence D'Oliveiro

    Microsoft insecurity: it's all the ISVs' fault

    Lawrence D'Oliveiro, Nov 4, 2008, in forum: NZ Computing
    Replies:
    0
    Views:
    291
    Lawrence D'Oliveiro
    Nov 4, 2008
  5. RichA

    Department of Homeland Insecurity

    RichA, Oct 25, 2011, in forum: Digital Photography
    Replies:
    3
    Views:
    202
    (PeteCresswell)
    Oct 28, 2011
Loading...

Share This Page