RE: Does MSN Messenger Bypass Group Policy?

["Robert Sullivan" <rsullivan () art-line com>]

Another neat trick that you can do is to schedule a task.  Even if you
don't have access to run any programs, the system will run the program
for you.  If you don't have access to scheduled tasks, you can run
forbidden programs if they are spawned from allowed programs!  We used
Microsoft's C++ at school, which was one of the few allowed programs.
> From there you could just open a binary (like minesweeper :), then go
"run program" and it would run like a champ.  This was in a Windows
98/NT environment, I don't know if it works on 2000/XP.

-- 
Bob Sullivan
Art Line Inc.
rsullivan () art-line com

-----Original Message-----
From: uraken [mailto:uraken () myrealbox com] 
Sent: Tuesday, July 30, 2002 4:56 AM
To: vuln-dev () securityfocus com
Subject: Re: Does MSN Messenger Bypass Group Policy?

In-Reply-To: <000301c23403$fbae5e10$05290a0a@vaio>

I came across a similar scenario with AOL instant messenger a few years 
back. Windows 95 clients on a NetWare network. Login scripts enforced 
the "only allow these executables" policy. With aim.exe not on 
the "allowed list", it would still run if spawned from the registry 
(instead of the startup folder). I guess that way windows treated AIM as
a 
service and not an application, therefore making it exempt from the 
policy!?

Would be interesting to see if this works for other apps


regrds

Uraken



-----Original Message-----
From: Andy Wood [mailto:andy () focalpoint hrcoxmail com]
Sent: 25 July 2002 18:52
To: vuln-dev () securityfocus com
Subject: Does MSN Messenger Bypass Group Policy?


        Pls ignore this if it has been a discussion in the past.  

        If msmesgs.exe is set in the "Don't run specified windows
applications" within the Group Policy and you then try to execute the
app the msg states that the action was cancelled due to
restrictions....like it should.  However, when Outlook XP is started MSN
Messenger starts as well.  Feature or flaw?

Thanks,

Andy