Welcome to WinForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Local Policy problem

  
   Windows XP (Home) -> XP Security Admin RSS
Next:  Opening folders  
Author Message
toal5

External


Since: May 24, 2006
Posts: 13



(Msg. 1) Posted: Tue May 08, 2007 8:36 am
Post subject: Local Policy problem
Archived from groups: microsoft>public>windowsxp>security_admin (more info?)
I have got some local policies applied and I want to document my policies
using gpresult or RSOP. My dilema is on one of my restrictive policies it is
set to hide the C drive, you are not able to run the run command etc........
(very restrictive)

How can I get a gpresult or RSOP for that restricted user logged onto that
machine if I cant get to run them tools?

Any ideas?

 >> Stay informed about: Local Policy problem 
Back to top
Login to vote
Harry Johnston

External


Since: Feb 11, 2005
Posts: 130



(Msg. 2) Posted: Tue May 08, 2007 3:21 pm
Post subject: Re: Local Policy problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
toal5 wrote:

> I have got some local policies applied and I want to document my policies
> using gpresult or RSOP. My dilema is on one of my restrictive policies it is
> set to hide the C drive, you are not able to run the run command etc........
> (very restrictive)

Perhaps you could add cmd.exe to the Startup folder in the Start Menu temporarily?

Harry.

 >> Stay informed about: Local Policy problem 
Back to top
Login to vote
toal5

External


Since: May 24, 2006
Posts: 13



(Msg. 3) Posted: Wed May 09, 2007 7:41 am
Post subject: Re: Local Policy problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Harry

I can add this to the start menu but when started it tells me this feature
has been disabled (which it was in the policy)

Any other ideas???


"Harry Johnston" wrote:

> toal5 wrote:
>
> > I have got some local policies applied and I want to document my policies
> > using gpresult or RSOP. My dilema is on one of my restrictive policies it is
> > set to hide the C drive, you are not able to run the run command etc........
> > (very restrictive)
>
> Perhaps you could add cmd.exe to the Startup folder in the Start Menu temporarily?
>
> Harry.
>
 >> Stay informed about: Local Policy problem 
Back to top
Login to vote
Harry Johnston

External


Since: Feb 11, 2005
Posts: 130



(Msg. 4) Posted: Wed May 09, 2007 5:19 pm
Post subject: Re: Local Policy problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
toal5 wrote:

> I can add this to the start menu but when started it tells me this feature
> has been disabled (which it was in the policy)

You should be able to get a command window by editing the registry to change
your default shell.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Look at the Shell value; change it from explorer.exe to cmd.exe.

Warning:- I haven't tested this. It should work but it could make it impossible
to log in. Make sure you can change the registry value back from a remote
computer before trying this!

Harry.
 >> Stay informed about: Local Policy problem 
Back to top
Login to vote
toal5

External


Since: May 24, 2006
Posts: 13



(Msg. 5) Posted: Thu May 10, 2007 2:17 am
Post subject: Re: Local Policy problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi Harry

Can't do it, registry editing is also disabled.
Think of my policy as...... trying to stop (learners - kids) trying to
hack into the system so, all these things and more are disabled
Regestry editing
Run command
Remote registry
access to C:....... etc....




"Harry Johnston" wrote:

> toal5 wrote:
>
> > I can add this to the start menu but when started it tells me this feature
> > has been disabled (which it was in the policy)
>
> You should be able to get a command window by editing the registry to change
> your default shell.
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
>
> Look at the Shell value; change it from explorer.exe to cmd.exe.
>
> Warning:- I haven't tested this. It should work but it could make it impossible
> to log in. Make sure you can change the registry value back from a remote
> computer before trying this!
>
> Harry.
>
 >> Stay informed about: Local Policy problem 
Back to top
Login to vote
Harry Johnston

External


Since: Feb 11, 2005
Posts: 130



(Msg. 6) Posted: Thu May 10, 2007 6:19 pm
Post subject: Re: Local Policy problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
toal5 wrote:

> Can't do it, registry editing is also disabled.

Remote registry access is disabled? May I ask why? You have to be an
administrator to access the registry remotely, so there's no risk in leaving it
enabled.

What happens if you put a command script (test.cmd) into the Start Menu and try
to run it? Try one with just a few simple commands:

echo hi
pause

Harry.
 >> Stay informed about: Local Policy problem 
Back to top
Login to vote
Mark Dormer

External


Since: Mar 22, 2004
Posts: 31



(Msg. 7) Posted: Thu May 10, 2007 10:16 pm
Post subject: Re: Local Policy problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Your policy stops you from doing this, exactly as you intended.

Change the policy to allow cmd to run and then do the audit.
You will know the one difference to the result and your actual policy.

Regards
Mark Dormer



"toal5" <toal5 RemoveThis @discussions.microsoft.com> wrote in message
news:B48D361F-C20F-47E7-9C73-45B86B57164B@microsoft.com...
>I have got some local policies applied and I want to document my policies
> using gpresult or RSOP. My dilema is on one of my restrictive policies it
> is
> set to hide the C drive, you are not able to run the run command
> etc........
> (very restrictive)
>
> How can I get a gpresult or RSOP for that restricted user logged onto that
> machine if I cant get to run them tools?
>
> Any ideas?
>
 >> Stay informed about: Local Policy problem 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Change local policy - Hello, I have numerous XP SP2 machines that are in a workgroup and I need to change the local policies. These policies are somtimes updated and I need a way to deploy the new policies to each system. Can someone please point me in the right direction...

Local Security Policy - We have an XP Pro PC that does not keep the Local Security Policy changes if the PC restarts. Any time the PC restarts the "Access this computer from the network" and "Allow logon through Terminal Services" do not have any users or ...

Local Security Policy vs Deep freeze - Hello, i'm keen to know if there's a policy or a group of policies to simulate DeepFreeze2000XP Pro from HyperTechnologies! if such policy does not exist or can't be done manually, can i restict any software from being run or installed on a computer....

Change Date & Time on Local Policy - Hi, I am not able to change the date & time on Local policy setting when login administrator id, the option is grey. Now I can't add user to this group to change the date and time

Problem running a program on Logon using Group Policy - Outlook does not start up automatically after enabling "Run these programs at user logon" under Computer Configuration > Administrative Templates > System > Logon in GP on my local computer. I added c:\program files\microsoft ..
   Windows XP (Home) -> XP Security Admin All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum

Categories:
  Windows XP
 Windows Vista!
 Win 2000/NT/98/ME

[ Contact us | Terms of Service/Privacy Policy ]