Re: Network Misuse

["Nikhil Wagholikar" <visitnikhil () gmail com>]

Hi Mohamad,

Kurt Buff's suggestion is very fantastic & upto the point; just
connect to remote registry of client's machine & have a look into the
registry key which he has mentioned.

However, in a domain based environment, its always good to disallow
users to change their IE's proxy settings.

Step 1. Set a global group policy "proxy settings" either for all
users or for particular OU by navigating to:

User's Configuration/Windows Settings/Internet Explorer Maintenance/Connection/

Under this, we have a policy called "Proxy Settings". Set this to
whatever is suitable.

Step 2. Then disallow globally or user's in that particular OU
(whichever you planed for), by navigating to:

User's Configuration/Administrative Templates/Windows
Components/Internet Explorer/

Here 'Enable' the setting called "Disable Changing Proxy Settings".

And you are done.

Get relaxed since from now onwards, no global user or users within
modified OU (whichever you had set for) will ever be able to change or
switch to any other proxy server & hence will not be able to use any
software like Yahoo or MSN Messenger.

-------
Nikhil Wagholikar
Information Security Analyst
NII Consulting
Web: http://www.niiconsulting.com


On 8/15/07, Mohamad Mneimneh <Mohamad.Mneimneh () dargroup com> wrote:
> Hi List,
>
> I am seeing users on my LAN using unauthorized sw such as msn messenger.
> By default, this service is blocked for the average user. I am
> suspecting that these users have set another proxy in their IE browser
> than that of the local site, possibly the proxy of one on the company's
> remote sites where no such restrictions exist, or even worse using some
> tunneling mechanism.
>
> My question is: Is there any way to obtain the Internet Explorer's proxy
> settings remotely so I can confirm this?
>
> Thanks,
>
> -Mohamad.