Help : Win95 securuty hole (one more)

[Joshua Heling]

In message <199802271354.IAA12154 at viking.sheridanc.on.ca>, Rob 
Naccarato writes
:
>> Rob Naccarato <rob.naccarato at sheridanc.on.ca> wrote :
>> 
>> > Actually, can't it be done via the policies?  In poledit.exe, I 
think
>> > the entry is in Computer->Network->Logon (or something like 
that).
>> > In there is a selection for "Require validation by NT server 
before
>> > access to Win95".
>>  
>> yep that's what i have done. 
>> But here the problem is that authentication prevents you to run
>> applications without some server told that you have the right, 
but so
>> genious Microsoft programmers have decided to permit to run a 
task manager
>> even if you have not logged on and that task manager permits to 
run any
>> application that is installed locally. For example explorer that 
give you
>> e session on the machine.
>> Very clever, no?
>> 
>
>Well, you could delete the taskman.exe file from the local hard 
drive.
>That's what we did here.
>

Or you can enable the "only run allowed windows programs" for the 
default user (HKU\.Default).  (Of course, you want to then define an 
empty list of allowed programs.)  In light testing this appears to 
solve the problem.

The following registry changes will do it:

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Polici
es\Explorer]
"RestrictRun"=dword:00000001

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Polici
es\Explorer\RestrictRun]

Credit due to Mike Pomraning (admin at siraj.com) for pointing this 
solution out to me.

-Joshua

--------
Joshua Heling				    jrh at securepipe.com
SecurePipe Communications, Inc.