Interesting, I have just tested this out on Win Terminal Server ( SP3? ) and I am able to get a command window up instead of the MS Desktop ( ie. explorer ), though policies and restrictions still apply. I did some prelimary testing on a Win NT workstation ( version 4, no serv ice packs. ) and also had the same effect, though seemingly policies were still in effect. This whole problem stems from Microsoft entering relative names into the registry - I was able to rectify the problem ( MS Definition - undocumented feature?? ) by editing the registry and changing the Shell key ie. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\SHELL = "C:\winnt\explorer.exe" Unfortunately Windows has a problem with the key value "%systemroot%\explorer.exe" Another filename that may work is Isass.exe Warren Boyd Unix Administrator Central Institute of Technology Upper Hutt, New Zealand. Phone +64 25 224 0904 =============================== On Tue, 6 Jul 1999, Ben Greenbaum wrote: > I just tested this on NT4 SP4 and this is real! Policies are, for the most > part, obsolete.... > > Compiled from postings to NTbugtraq June 28 - June 30 by Martin Wolf > <martinwat_private> and Michael Benadiba <michaelat_private>. > > When a user logs into an NT machine, there are a few processes that are > started automatically, including explorer.exe. These programs are normally > in %winroot% or %winroot%\system32. The problem is that NT will look for > these programs first in the user's home directory. If no user folder is > specified, it will look in the root of the system drive. Only if the > program it is looking for is not found in that location will it look in > the 'normal' location. This allows any user to rename any executable and > have it run at login, effectively bypassing many policy restrictions. The > list of currently known filenames that will work is: explorer.exe, > nddeagnt.exe, taskmgr.exe and userinit.exe . > > To test this: Log in as a normal user. Copy command.com to your home > directory and rename it explorer.exe. Log out and log back in. > > Ben Greenbaum > SecurityFocus > www.securityfocus.com >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:51:46 PDT