Does the RunOnce key house any items for patches or hotfixes ever?

[Guest]

I want to enable the policy "Do no process the run once list" but one of my
co-workers feels that it will stop updates or hotfixes from applying.

To my knowledge the only update that uses the RunOnce key for installing is
when you re-install Internet Explorer and it runs the Internet Connection
Wizard the first time a "new" user launches IE as that is comming from the
..DEFAULT profile.

My ultimate goal is to cut down on spyware infiltration and a lot of our
techs overlook the RunOnce key's in both HKLM and HKCU.

Hopefully this coworker of mine will accept the answers of the forum users
as I really don't think it's worth $300 to call microsoft and have them tell
me how if you have Windows 2000 Post SP2 that patches all apply synchronously
and don't need reboots to finish their installations. But I doubt this will
be acceptable so I'll probably be calling them anyways.

Thanks for any information in advance.

 

[Marco]

what about chaning the default ACL on the RunOnce key? Just preventing
domain users from writing to that key shouls be enough as hotifixes require
an administrative account anyway.

cheers,

Marco

 

[Guest]

I've already tried to do that but the thing is it seems that the trojans we
get are getting in there using the system account, or if the user has
Administrative privilages it defeats the ACL I've set and the majority of our
users are Local Admins because I never have enough time to fix all the
software we have. I wish vendors would make their software use the registry
correctly and even if they have to use HKLM then open up the security on the
keys they create and use.

Thanks for the suggestion though.

 

[Guest]

Hopefully this reply gets through this time, I keep getting errors.

I've already tried that, the trojans are getting installed via the system
account and the majority of my users are local admins so the acl is useless
in their case. I haven't tried locking down the SYSTEM account yet because I
don't like taking away the one thing that helps me out of a jam when I lock
myself out with acl's

Thanks for responding.

what about chaning the default ACL on the RunOnce key? Just preventing
domain users from writing to that key shouls be enough as hotifixes require
an administrative account anyway.

cheers,

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----

I want to enable the policy "Do no process the run once list" but one of my
co-workers feels that it will stop updates or hotfixes from applying.

To my knowledge the only update that uses the RunOnce key for installing
is
when you re-install Internet Explorer and it runs the Internet Connection
Wizard the first time a "new" user launches IE as that is comming from the
.DEFAULT profile.

My ultimate goal is to cut down on spyware infiltration and a lot of our
techs overlook the RunOnce key's in both HKLM and HKCU.

Hopefully this coworker of mine will accept the answers of the forum users
as I really don't think it's worth $300 to call microsoft and have them
tell
me how if you have Windows 2000 Post SP2 that patches all apply
synchronously
and don't need reboots to finish their installations. But I doubt this
will
be acceptable so I'll probably be calling them anyways.

Thanks for any information in advance.

 

[Guest]

Stupid newsgroup

Hopefully this reply gets through this time, I keep getting errors.

I've already tried that, the trojans are getting installed via the system
account and the majority of my users are local admins so the acl is useless
in their case. I haven't tried locking down the SYSTEM account yet because I
don't like taking away the one thing that helps me out of a jam when I lock
myself out with acl's

Thanks for responding.

what about chaning the default ACL on the RunOnce key? Just preventing
domain users from writing to that key shouls be enough as hotifixes require
an administrative account anyway.

cheers,

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----

I want to enable the policy "Do no process the run once list" but one of my
co-workers feels that it will stop updates or hotfixes from applying.

To my knowledge the only update that uses the RunOnce key for installing
is
when you re-install Internet Explorer and it runs the Internet Connection
Wizard the first time a "new" user launches IE as that is comming from the
.DEFAULT profile.

My ultimate goal is to cut down on spyware infiltration and a lot of our
techs overlook the RunOnce key's in both HKLM and HKCU.

Hopefully this coworker of mine will accept the answers of the forum users
as I really don't think it's worth $300 to call microsoft and have them
tell
me how if you have Windows 2000 Post SP2 that patches all apply
synchronously
and don't need reboots to finish their installations. But I doubt this
will
be acceptable so I'll probably be calling them anyways.

Thanks for any information in advance.

 

[Marco]

Hi

I would begin by fixing al lthe legacy apps and make sure that your users do
not have andim rights to begin with. When they do any attempt to secure the
desktop is doomed to fail as they can do what they want with it, and they
are all the more vulnerable to malware.

Marco
neovalens.com

Hopefully this reply gets through this time, I keep getting errors.

I've already tried that, the trojans are getting installed via the system
account and the majority of my users are local admins so the acl is
useless
in their case. I haven't tried locking down the SYSTEM account yet because
I
don't like taking away the one thing that helps me out of a jam when I
lock
myself out with acl's

Thanks for responding.

what about chaning the default ACL on the RunOnce key? Just preventing
domain users from writing to that key shouls be enough as hotifixes
require
an administrative account anyway.

cheers,

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----

I want to enable the policy "Do no process the run once list" but one of
my
co-workers feels that it will stop updates or hotfixes from applying.

To my knowledge the only update that uses the RunOnce key for
installing
is
when you re-install Internet Explorer and it runs the Internet
Connection
Wizard the first time a "new" user launches IE as that is comming from
the
.DEFAULT profile.

My ultimate goal is to cut down on spyware infiltration and a lot of
our
techs overlook the RunOnce key's in both HKLM and HKCU.

Hopefully this coworker of mine will accept the answers of the forum
users
as I really don't think it's worth $300 to call microsoft and have them
tell
me how if you have Windows 2000 Post SP2 that patches all apply
synchronously
and don't need reboots to finish their installations. But I doubt this
will
be acceptable so I'll probably be calling them anyways.

Thanks for any information in advance.