You can "sort of" disable bridging with domain based GPOs:
MACHINE
Administrative Templates\Network\Network Connections
Prohibit installation and configuration of Network Bridge on your DNS domain
network
Note: the setting is DNS domain based, so test it first for you environment.
Cheers
James D. Stallard
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of barebone (at) gmail (dot) com [email concealed]
Sent: 26 March 2007 16:44
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Multiple Profile ~ XP
We have been using multiple profiles on our laptops since NT times. i.e. 1)
Wireless 2) Wired 3) Modem
Basic purpose was to enhance security and ease of use for the end user.
I wanted to ask experts, what impact it makes if we create single profile
and when user logs in XP will decide what type of connection is available.
My main security concern apart from operability is: if we create a single
profile, is it possible for a regular user to create bridge connection that
makes the computer a routing device (intentionally or unintentionally). If
possible can we restrict them through group policy.
Problem we are facing in multiple profile is during the patch deployment,
end user has to physically re-login on the machine, otherwise it stuck on
profile selection screen. Although we could have created an automated timer
for default profile, however different users have different default.
I would appreciate any input.
Thanks
P.S: please let me know if I have posted this question in the wrong forum.
MACHINE
Administrative Templates\Network\Network Connections
Prohibit installation and configuration of Network Bridge on your DNS domain
network
Note: the setting is DNS domain based, so test it first for you environment.
Cheers
James D. Stallard
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of barebone (at) gmail (dot) com [email concealed]
Sent: 26 March 2007 16:44
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Multiple Profile ~ XP
We have been using multiple profiles on our laptops since NT times. i.e. 1)
Wireless 2) Wired 3) Modem
Basic purpose was to enhance security and ease of use for the end user.
I wanted to ask experts, what impact it makes if we create single profile
and when user logs in XP will decide what type of connection is available.
My main security concern apart from operability is: if we create a single
profile, is it possible for a regular user to create bridge connection that
makes the computer a routing device (intentionally or unintentionally). If
possible can we restrict them through group policy.
Problem we are facing in multiple profile is during the patch deployment,
end user has to physically re-login on the machine, otherwise it stuck on
profile selection screen. Although we could have created an automated timer
for default profile, however different users have different default.
I would appreciate any input.
Thanks
P.S: please let me know if I have posted this question in the wrong forum.
[ reply ]