Local Policy problem

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have got some local policies applied and I want to document my policies
using gpresult or RSOP. My dilema is on one of my restrictive policies it is
set to hide the C drive, you are not able to run the run command etc........
(very restrictive)

How can I get a gpresult or RSOP for that restricted user logged onto that
machine if I cant get to run them tools?

Any ideas?
 
toal5 said:
I have got some local policies applied and I want to document my policies
using gpresult or RSOP. My dilema is on one of my restrictive policies it is
set to hide the C drive, you are not able to run the run command etc........
(very restrictive)
Click to expand...

Perhaps you could add cmd.exe to the Startup folder in the Start Menu temporarily?

Harry.
 
Harry

I can add this to the start menu but when started it tells me this feature
has been disabled (which it was in the policy)

Any other ideas???
 
toal5 said:
I can add this to the start menu but when started it tells me this feature
has been disabled (which it was in the policy)
Click to expand...

You should be able to get a command window by editing the registry to change
your default shell.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Look at the Shell value; change it from explorer.exe to cmd.exe.

Warning:- I haven't tested this. It should work but it could make it impossible
to log in. Make sure you can change the registry value back from a remote
computer before trying this!

Harry.
 
Hi Harry

Can't do it, registry editing is also disabled.
Think of my policy as...... trying to stop (learners - kids) trying to
hack into the system so, all these things and more are disabled
Regestry editing
Run command
Remote registry
access to C:....... etc....
 
toal5 said:
Can't do it, registry editing is also disabled.
Click to expand...

Remote registry access is disabled? May I ask why? You have to be an
administrator to access the registry remotely, so there's no risk in leaving it
enabled.

What happens if you put a command script (test.cmd) into the Start Menu and try
to run it? Try one with just a few simple commands:

echo hi
pause

Harry.
 
Your policy stops you from doing this, exactly as you intended.

Change the policy to allow cmd to run and then do the audit.
You will know the one difference to the result and your actual policy.

Regards
Mark Dormer
 
Back
Top