Another neat trick that you can do is to schedule a task. Even if you don't have access to run any programs, the system will run the program for you. If you don't have access to scheduled tasks, you can run forbidden programs if they are spawned from allowed programs! We used Microsoft's C++ at school, which was one of the few allowed programs. From there you could just open a binary (like minesweeper :), then go "run program" and it would run like a champ. This was in a Windows 98/NT environment, I don't know if it works on 2000/XP. -- Bob Sullivan Art Line Inc. rsullivan@art-line.com -----Original Message----- From: uraken [mailto:urakenat_private] Sent: Tuesday, July 30, 2002 4:56 AM To: vuln-devat_private Subject: Re: Does MSN Messenger Bypass Group Policy? In-Reply-To: <000301c23403$fbae5e10$05290a0a@vaio> I came across a similar scenario with AOL instant messenger a few years back. Windows 95 clients on a NetWare network. Login scripts enforced the "only allow these executables" policy. With aim.exe not on the "allowed list", it would still run if spawned from the registry (instead of the startup folder). I guess that way windows treated AIM as a service and not an application, therefore making it exempt from the policy!? Would be interesting to see if this works for other apps regrds Uraken -----Original Message----- From: Andy Wood [mailto:andyat_private] Sent: 25 July 2002 18:52 To: vuln-devat_private Subject: Does MSN Messenger Bypass Group Policy? Pls ignore this if it has been a discussion in the past. If msmesgs.exe is set in the "Don't run specified windows applications" within the Group Policy and you then try to execute the app the msg states that the action was cancelled due to restrictions....like it should. However, when Outlook XP is started MSN Messenger starts as well. Feature or flaw? Thanks, Andy
This archive was generated by hypermail 2b30 : Tue Jul 30 2002 - 10:15:04 PDT