A
Andrew Aronoff
Some malware critters are adding Group Policy settings to the
registry. Some current favorites are enabling Active Desktop and
specifying the wallpaper. The user unaware of Group Policy is hapless
to reset the display.
It's easy enough to scan the registry to determine if the settings
exist, but is there any way to differentiate on a given PC between
settings applied by Group Policy (which would not be alarming) from
values that were simply added to appropriate sub-keys under
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies?
If the values were unauthorized, the user would be warned. If the
values were added under the auspices of Group Policy, no warning would
be needed.
regards, Andy
--
**********
Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com
To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org
**********
registry. Some current favorites are enabling Active Desktop and
specifying the wallpaper. The user unaware of Group Policy is hapless
to reset the display.
It's easy enough to scan the registry to determine if the settings
exist, but is there any way to differentiate on a given PC between
settings applied by Group Policy (which would not be alarming) from
values that were simply added to appropriate sub-keys under
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies?
If the values were unauthorized, the user would be warned. If the
values were added under the auspices of Group Policy, no warning would
be needed.
regards, Andy
--
**********
Please send e-mail to: usenet (dot) post (at) aaronoff (dot) com
To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org
**********