Announcement

Collapse
No announcement yet.

Security issue?!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security issue?!

    Ok, here it goes:

    I been tightening our terminal/Citrix servers for all sorts of reasons, and one is to ristrict or hide the local drives and the network neighborhood.

    We have implemented the "NoDrives" policy, which is working well.
    But...After the policy was implemented some applications where still able to browse the local drives allthough they where hidden.

    I started investigating on a test environment, and saw that everything was working well when the application use the explorer to browse the file system. If you have a application that uses its own engine to enumerate files and folders, it is able to.

    In my test environment a tested a tool called free commander, which realy made me scared. I was able to install this application, altough being logged in as a regular user! And after installation completed, i was able to browse the local drives, i was even able to browse the network, which is also disabled by policy.

    I do remember that there was a registry hack, to prohibit users from browsing the local drives through File>Open... . I have searched the Microsoft Technet, but can't seem to find it.

    Is there a full prove way to hide the local drives? Not allowing access to the drives, can't be done, as the application will need access to the local drives.
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

  • #2
    Re: Security issue?!

    Renaming or deleting the winfile.exe should help clear up the problem.
    But Winfile.exe does not exist in Windows Server 2003...
    Last edited by Killerbe; 26th September 2008, 11:49.
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

    Comment


    • #3
      Re: Security issue?!

      Disabling access to the drives does not prevent applications from accessing the drives so that would not cause a problem for the applications themselves.

      Comment


      • #4
        Re: Security issue?!

        Originally posted by joeqwerty View Post
        Disabling access to the drives does not prevent applications from accessing the drives so that would not cause a problem for the applications themselves.
        I am aware of the fact that the application needs access to the drives for its data and sorts, but want to restrict the user from being able to view the data.
        And alltough a policy is provided, it isn't as tight as it should be.
        [Powershell]
        Start-DayDream
        Set-Location Malibu Beach
        Get-Drink
        Lay-Back
        Start-Sleep
        ....
        Wake-Up!
        Resume-Service
        Write-Warning
        [/Powershell]

        BLOG: Therealshrimp.blogspot.com

        Comment


        • #5
          Re: Security issue?!

          I solved my similar problem by using the Software Restriction Policies in the GPO applied to the TS users. I denied them from running anything except the specially allowed programs. Never had to deal with odd tools or games on my TS servers since (almost three years ago).

          Sorin Solomon


          In order to succeed, your desire for success should be greater than your fear of failure.
          -

          Comment


          • #6
            Re: Security issue?!

            I also use Software Restriction Policies to create a "whitelist" of applications that are allowed to run, therefore any application not on the list is not allowed.

            Comment


            • #7
              Re: Security issue?!

              Software restriction policies will help in ristricting the applications they may run, but it will not prevent them from browsing the local disks.

              Thanks for the help anyways.
              [Powershell]
              Start-DayDream
              Set-Location Malibu Beach
              Get-Drink
              Lay-Back
              Start-Sleep
              ....
              Wake-Up!
              Resume-Service
              Write-Warning
              [/Powershell]

              BLOG: Therealshrimp.blogspot.com

              Comment


              • #8
                Re: Security issue?!

                [quote=Killerbe;124184]Software restriction policies will help in ristricting the applications they may run, but it will not prevent them from browsing the local disks. [\quote]
                You're absolutely right. But if you deny their rights of running any 3rd party application, like that Free Commander you mentioned, then they will have access only to what you allowed them through the GPO . This, together with the disappearance of the FILE menu from Internet Explorer, Windows Explorer and Office applications (that are all available through GPO) will solve you the problem.

                Sorin Solomon


                In order to succeed, your desire for success should be greater than your fear of failure.
                -

                Comment

                Working...
                X