GPO "security" bug ?

Jesper Nielsen · Jun 30, 2003

Hi
I've tried implementing that users aren't allowed to lock the computers via
the GPO on a windows 2000 server (the clients are w2k). At first sight it
seems to work just fine, however I have found out that it is possible for
the users to prevent this GPO from working by unplugging the net connection
right after login+password verification.
Is there a solution to this "security" bug ?

Regards,
Jesper

Jerold Schulman · Jun 30, 2003

Hi
I've tried implementing that users aren't allowed to lock the computers via
the GPO on a windows 2000 server (the clients are w2k). At first sight it
seems to work just fine, however I have found out that it is possible for
the users to prevent this GPO from working by unplugging the net connection
right after login+password verification.
Is there a solution to this "security" bug ?

Regards,
Jesper

The only thing I can think of is to test for the network connection in the login
script, and if it is missing, shutdown.

if not exist %LOGONSERVER%\NETLOGON\*.* %LOGONSERVER%\NETLOGON\shutdown.exe /l
/r /t:01

See tip 3277 in the 'Tips & Tricks' at http://www.jsiinc.com for the list of
tools in the reskit supplement.

See tip 2974.

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

Jesper Nielsen · Jul 3, 2003

Hmm ok, Thx for the answer.

Regards,
Jesper

Jerold Schulman said:
The only thing I can think of is to test for the network connection in the login
script, and if it is missing, shutdown.

if not exist %LOGONSERVER%\NETLOGON\*.*

%LOGONSERVER%\NETLOGON\shutdown.exe /l

GPO "security" bug ?

Jesper Nielsen

Jerold Schulman

Jesper Nielsen