students have unfiltered internet access!!!!

G

Guest

Students have somehow get hold of a .reg file that they run and changes the
internet proxy address to the unfiltered proxy IP address. The proxy address
is set in AD.
the file contains amongst other things makes changes to:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
I though i could change permissions on that key through AD but
HKEY_CURRENT_USER is not even listed when I click 'Add key'. (CLASSES_ROOT is
etc)

I would very much like a fix to prevent this as I have just done a search of
userspaces and foud 90 students with this!!!!

Help?
 
M

Marco

Hi

the only thing that comes to mind is to set the policy to prevent the use of
registry editing tools, but AFAIK that only applies to the built in ones
(regedit and regedt32) -- home made registry editing solutions will work.

You could set an ACL on the registry key but being HKEY_CURRENT_USER could
be tricky.

cheers,

Marco
 
G

Guest

Yes, registry editing is already disabled but you can still run .reg
files........any other ideas?



Marco said:
Hi

the only thing that comes to mind is to set the policy to prevent the use of
registry editing tools, but AFAIK that only applies to the built in ones
(regedit and regedt32) -- home made registry editing solutions will work.

You could set an ACL on the registry key but being HKEY_CURRENT_USER could
be tricky.

cheers,

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----
Fabrussio said:
Students have somehow get hold of a .reg file that they run and changes
the
internet proxy address to the unfiltered proxy IP address. The proxy
address
is set in AD.
the file contains amongst other things makes changes to:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
I though i could change permissions on that key through AD but
HKEY_CURRENT_USER is not even listed when I click 'Add key'. (CLASSES_ROOT
is
etc)

I would very much like a fix to prevent this as I have just done a search
of
userspaces and foud 90 students with this!!!!

Help?
Click to expand...
Click to expand...
 
M

Marco

not really .. can you change the ACL on the registry key with a logon
script?

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----


Fabrussio said:
Yes, registry editing is already disabled but you can still run .reg
files........any other ideas?



Marco said:
Hi

the only thing that comes to mind is to set the policy to prevent the use
of
registry editing tools, but AFAIK that only applies to the built in ones
(regedit and regedt32) -- home made registry editing solutions will work.

You could set an ACL on the registry key but being HKEY_CURRENT_USER
could
be tricky.

cheers,

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----
Fabrussio said:
Students have somehow get hold of a .reg file that they run and changes
the
internet proxy address to the unfiltered proxy IP address. The proxy
address
is set in AD.
the file contains amongst other things makes changes to:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
I though i could change permissions on that key through AD but
HKEY_CURRENT_USER is not even listed when I click 'Add key'.
(CLASSES_ROOT
is
etc)

I would very much like a fix to prevent this as I have just done a
search
of
userspaces and foud 90 students with this!!!!

Help?
Click to expand...
Click to expand...
Click to expand...
 
K

Ken B

How about changing permissions on regedit.exe and regedt32.exe to allow only
administrators?

The students aren't local admins on the machine, are they??

Ken


Marco said:
not really .. can you change the ACL on the registry key with a logon
script?

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----


Fabrussio said:
Yes, registry editing is already disabled but you can still run .reg
files........any other ideas?



Marco said:
Hi

the only thing that comes to mind is to set the policy to prevent the
use of
registry editing tools, but AFAIK that only applies to the built in ones
(regedit and regedt32) -- home made registry editing solutions will
work.

You could set an ACL on the registry key but being HKEY_CURRENT_USER
could
be tricky.

cheers,

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----
Students have somehow get hold of a .reg file that they run and
changes
the
internet proxy address to the unfiltered proxy IP address. The proxy
address
is set in AD.
the file contains amongst other things makes changes to:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
I though i could change permissions on that key through AD but
HKEY_CURRENT_USER is not even listed when I click 'Add key'.
(CLASSES_ROOT
is
etc)

I would very much like a fix to prevent this as I have just done a
search
of
userspaces and foud 90 students with this!!!!

Help?
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

How about if i need to run regedit.exe /s files through the login script?



Ken B said:
How about changing permissions on regedit.exe and regedt32.exe to allow only
administrators?

The students aren't local admins on the machine, are they??

Ken


Marco said:
not really .. can you change the ACL on the registry key with a logon
script?

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----


Fabrussio said:
Yes, registry editing is already disabled but you can still run .reg
files........any other ideas?



:

Hi

the only thing that comes to mind is to set the policy to prevent the
use of
registry editing tools, but AFAIK that only applies to the built in ones
(regedit and regedt32) -- home made registry editing solutions will
work.

You could set an ACL on the registry key but being HKEY_CURRENT_USER
could
be tricky.

cheers,

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----
Students have somehow get hold of a .reg file that they run and
changes
the
internet proxy address to the unfiltered proxy IP address. The proxy
address
is set in AD.
the file contains amongst other things makes changes to:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
I though i could change permissions on that key through AD but
HKEY_CURRENT_USER is not even listed when I click 'Add key'.
(CLASSES_ROOT
is
etc)

I would very much like a fix to prevent this as I have just done a
search
of
userspaces and foud 90 students with this!!!!

Help?
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

we use a mandatory roaming profile for all students, could some permissions
be changed in that - on the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
that would be retained? This would be less restrictive for me. I do notice
already though that \\machinename\users only have RX access to this key...so
how are they allowed to change it anyway?

thanks



Ken B said:
How about changing permissions on regedit.exe and regedt32.exe to allow only
administrators?

The students aren't local admins on the machine, are they??

Ken


Marco said:
not really .. can you change the ACL on the registry key with a logon
script?

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----


Fabrussio said:
Yes, registry editing is already disabled but you can still run .reg
files........any other ideas?



:

Hi

the only thing that comes to mind is to set the policy to prevent the
use of
registry editing tools, but AFAIK that only applies to the built in ones
(regedit and regedt32) -- home made registry editing solutions will
work.

You could set an ACL on the registry key but being HKEY_CURRENT_USER
could
be tricky.

cheers,

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----
Students have somehow get hold of a .reg file that they run and
changes
the
internet proxy address to the unfiltered proxy IP address. The proxy
address
is set in AD.
the file contains amongst other things makes changes to:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
I though i could change permissions on that key through AD but
HKEY_CURRENT_USER is not even listed when I click 'Add key'.
(CLASSES_ROOT
is
etc)

I would very much like a fix to prevent this as I have just done a
search
of
userspaces and foud 90 students with this!!!!

Help?
Click to expand...
Click to expand...
Click to expand...
 
C

Chris Henderson

Can't you just deny access to the unfiltered proxy for the student range of
IP's? or do the students not have their own subnet?

Chris
 
K

Ken B

You could always make an ADM file to get around the need to directly call
regedit... but after thinking about it, my suggestion probably isn't the
best solution.

Ken


Fabrussio said:
How about if i need to run regedit.exe /s files through the login script?



Ken B said:
How about changing permissions on regedit.exe and regedt32.exe to allow
only
administrators?

The students aren't local admins on the machine, are they??

Ken


Marco said:
not really .. can you change the ACL on the registry key with a logon
script?

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----


Yes, registry editing is already disabled but you can still run .reg
files........any other ideas?



:

Hi

the only thing that comes to mind is to set the policy to prevent the
use of
registry editing tools, but AFAIK that only applies to the built in
ones
(regedit and regedt32) -- home made registry editing solutions will
work.

You could set an ACL on the registry key but being HKEY_CURRENT_USER
could
be tricky.

cheers,

Marco

--
Free five computers' license for NeoExec for Active Directory
[ www.neovalens.com ]
----
Students have somehow get hold of a .reg file that they run and
changes
the
internet proxy address to the unfiltered proxy IP address. The
proxy
address
is set in AD.
the file contains amongst other things makes changes to:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
I though i could change permissions on that key through AD but
HKEY_CURRENT_USER is not even listed when I click 'Add key'.
(CLASSES_ROOT
is
etc)

I would very much like a fix to prevent this as I have just done a
search
of
userspaces and foud 90 students with this!!!!

Help?
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

You can try this..it worked on my machines
open regedt32 go to HK_Local_Machine on Local machine
select software click security.......permissions....
Advanced...click users...go to View/Edit and Uncheck the 2 Permissions
Set Value and Create Subkey
This should do it if I remember correctly if not...follow the steps and do
it under
HK_Local_Machine on Local machine under System right below Software
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to prevent executing REG files 2
bypass proxy server local addresses broken!! 5
Proxy Server reset 3
policy not reflecting 1
Using Group Policy to add registry entries in HKCU 4
IE7 GPO Proxy issues 2
internet proxy configuration by command 3
The internet is not really world wide (or, why I cannot I access USsites from the Philippines withou 3

Top