|
Focus on Microsoft
RE: services running in windows domain (winXP clients) Dec 15 2004 09:16AM Burak Bayoglu (bayoglu uekae tubitak gov tr) (2 replies) RE: services running in windows domain (winXP clients) Dec 15 2004 05:43PM Mark Burnett (mb xato net) (1 replies) RE: services running in windows domain (winXP clients) Dec 15 2004 06:16PM Triantafyllidis Christos (ctria physics auth gr) (2 replies) Re: services running in windows domain (winXP clients) Dec 16 2004 09:32PM Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) RE: services running in windows domain (winXP clients) Dec 16 2004 02:14AM dave kleiman (dave isecureu com) |
|
|
Privacy Statement |
subfolders. i don't think it is a good to set everyone - deny on
c:\windows. :)
restricting execution means that i should know the trojans... (i don't
know them all)
F-secure antivirus full updated didn't find the trojan.
Thanks for the help
Christos Triantafyllidis
On Wed, 15 Dec 2004, Burak Bayoglu wrote:
> As far as I know, DCs only list the services on itself and allows to
> configure the services policy for these ones. Another alternative is
> that if you know the exact path where the executable of the trojan is
> placed, you can use "File System" to give "everyone - deny" rights to
> the file. You may need to create a dummy file on DC to configure thsi
> setting. Or you can restrict the execution of this program using GP
> again. As a result the service will not be run by the client next time.
> As a better solution, you must use an effective anti-virus software to
> protect against well known trojan and virus programs.
>
>
> Burak BAYOGLU
> TUBITAK UEKAE
> Network Security
> Senior Researcher
> CISA, CISSP
>
>
> -----Original Message-----
> From: Christos Triantafyllidis [mailto:ctria (at) physics.auth (dot) gr [email concealed]]
> Sent: Thursday, December 09, 2004 11:41 PM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: services running in windows domain (winXP clients)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Is there any way to allow only specific services to run at win
> XP clients through domain group policy?
>
> The services rule in group policy allows configure only on the
> specified services.
>
> What if there is a Trojan (or any other unknown program for the
> server group policy) that adds a service in windows xp? can we
> possible disable all services except the ones we want to run?
>
> Thanks,
>
> Christos Triantafyllidis
>
> - --
> PGP key : http://tassadar.physics.auth.gr/~ctria/pgp_public_key.asc
> MD5sum : *b426d395137af5d2a42c88840e131a5e
> pgp_public_key.asc* -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBuMYsJmvANO7gN+YRAnZZAJ9G8ucOM6jNAXXHrKyP2tx04iky3gCeLe90
> /5QboRtTBNj5WOSr2xPyJHI=
> =0QDX
> -----END PGP SIGNATURE-----
>
>
> ----------------------------------------------------------------
> -----------
> ----------------------------------------------------------------
> -----------
>
>
>
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]