Right clicking and security

[insecure]

Our local library disabled right clicking in a few programs on their
computers (all Win2K). Now the contextual menus are not available when
right clicking the Desktop's Start button, or on a file name while in
Windows Explorer. The librarian claimed that that was done to prevent
users from hacking their computers. Is this a valid reason? How can an
user hack a computer with right clicking that he cannot do otherwise?

In the Google newsgroup archive there are a few posters wanting to
disable right clicking the Start button to prevent an user from opening
Windows Explorer that way. Why is that a concern? With right clicking
disabled, an user can still open Windows Explorer by the Start/Programs
route. What am I missing here?

A related question. When I right click on the Start buttons on different
computers (all running Win2K), the contextual menus have different
options listed. How can I customize or control what appear in these
menus?

Thanks.

 

[Mimic]

Our local library disabled right clicking in a few programs on their
computers (all Win2K). Now the contextual menus are not available when
right clicking the Desktop's Start button, or on a file name while in
Windows Explorer. The librarian claimed that that was done to prevent
users from hacking their computers. Is this a valid reason? How can an
user hack a computer with right clicking that he cannot do otherwise?

In the Google newsgroup archive there are a few posters wanting to
disable right clicking the Start button to prevent an user from opening
Windows Explorer that way. Why is that a concern? With right clicking
disabled, an user can still open Windows Explorer by the Start/Programs
route. What am I missing here?

A related question. When I right click on the Start buttons on different
computers (all running Win2K), the contextual menus have different
options listed. How can I customize or control what appear in these
menus?

Thanks.

theres many many ways to hack a computer, at myold work they did the same
thing, as well as a multitude of other "security" implimentations. All it
took was ms word, a hyperlink and edit.com, seconds later i had rooted the
server.

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

 

[al]

Our local library disabled right clicking in a few programs on their
computers (all Win2K). Now the contextual menus are not available when
right clicking the Desktop's Start button, or on a file name while in
Windows Explorer. The librarian claimed that that was done to prevent
users from hacking their computers. Is this a valid reason? How can an
user hack a computer with right clicking that he cannot do otherwise?

In the Google newsgroup archive there are a few posters wanting to
disable right clicking the Start button to prevent an user from opening
Windows Explorer that way. Why is that a concern? With right clicking
disabled, an user can still open Windows Explorer by the Start/Programs
route. What am I missing here?

A related question. When I right click on the Start buttons on different
computers (all running Win2K), the contextual menus have different
options listed. How can I customize or control what appear in these
menus?

Thanks.

It's just one of those commonly used policies like disabling Control Panel.
There's no "right-click" hack per-say around, but you can do things by right
clicking that might not be desirable to the system admin. At the end of the
day he/she must ensure in a library that anyone using the machine can only
use it to do the bare minimum it's designed for and nothing else (standard
practice - principle of least privilege).


a

 

[Leythos]

[snip]

theres many many ways to hack a computer, at myold work they did the same
thing, as well as a multitude of other "security" implimentations. All it
took was ms word, a hyperlink and edit.com, seconds later i had rooted the
server.

In the days of MS Word, when we used Windows NT 3.51 and 4, you could
open system information (from help/about) and open a command prompt from
there - use to be really funny to show corporate IT about that one.

 

[Steven L Umbach]

It is another way for users to go to places they should not. For instance you can use
the right click menu on the desktop to create a new shortcut and then use browse to
view Explorer or even Network Places which may be unavailable via normal means due to
Group Policy restrictions. If the user does not need the context menu to do their
work then I think it makes sense to disable it in places like a library. Ultimately
the strategy of hiding items will lose out if ntfs/share permissions are too
permissive. It is a decision to make that balances security and convenience. I am not
sure where to make the start menu context changes - somewhere in the registry for
sure. Try searching Google web and groups for "start context menu". --- Steve

 

[Mimic]

[snip]

theres many many ways to hack a computer, at myold work they did the same
thing, as well as a multitude of other "security" implimentations. All it
took was ms word, a hyperlink and edit.com, seconds later i had rooted the
server.

In the days of MS Word, when we used Windows NT 3.51 and 4, you could
open system information (from help/about) and open a command prompt from
there - use to be really funny to show corporate IT about that one.

you can still do it through word by inserting a hyperlink to cmd.exe /
command.com

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

 

[insecure]

It's just one of those commonly used policies like disabling Control Panel.
There's no "right-click" hack per-say around, but you can do things by right
clicking that might not be desirable to the system admin.

What kind of things are you referring to? Specifically, with right
clicking the Start button. Not trying to learn how to upset an admin,
but really am curious.

At the end of the

day he/she must ensure in a library that anyone using the machine can only
use it to do the bare minimum it's designed for and nothing else (standard
practice - principle of least privilege).

Agreed with the intent. In many ways, I wish there are machines shipped
with that bare minimum configuration. It would be a great way to
introduce a computer to an absolute novice.

However, is it necessary to disable a complete contextual menu? Can the
admin remove the problematic options from the menu and still make it
available?

 

[Volker Birk]

you can still do it through word by inserting a hyperlink to cmd.exe /
command.com

Or with a simple >shell "cmd.exe"< as direct VBA command, or by
inserting an Object of cmd.exe, or ...

VB.

 

[Mimic]

Or with a simple >shell "cmd.exe"< as direct VBA command, or by
inserting an Object of cmd.exe, or ...

VB.
--

No, continue, or what... ?

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

 

[Volker Birk]

No, continue, or what... ?

Or by File Open and creating a shortcut in the File Open dialog,
or by inserting field { DDE "cmd.exe" "f*ck" }, and pressing F9,
or by ...

VB.

 

[Volker Birk]

When I right click on the Start buttons on different
computers (all running Win2K), the contextual menus have different
options listed. How can I customize or control what appear in these
menus?

This menu is a derivate of the context menu for folders, so
customizing that will help.

Perhaps reading documentation on http://msdn.microsoft.com would
be a good idea.

VB.

 

[Mimic]

Or by File Open and creating a shortcut in the File Open dialog,
or by inserting field { DDE "cmd.exe" "f*ck" }, and pressing F9,
or by ...

VB.

yes continue....

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

 

[Volker Birk]

yes continue....

Hm... perhaps you could continue yourself?

File Save & shortcut, File Save As Webpage & Shortcut,
{ DDEAUTO "cmd.exe" "f*ck" } are easy now.

File Print, Print in file, and shortcut is obvious.
Also all other file dialogs are clear, some of them
reachable in the Insert menu, some at other places.

Driving ActiveX Controls with the Controls Toolbar, and using
their possibilities is also not so difficult.

I'm sure, if you're searching for other possibilities,
you'll find them.

Enough?

I can say, I never found an internet cafe with Windows boxes
wich resisted, did not matter what "security system" they
had, because that game you can play also without Office -
with that it is more easy of course.

I was amused by the fact that the Museum for Communications
in Berlin (formerly known as "Post Museum") used Windows as
kiosk system with IE in kiosk mode. The trackpad and the one
and single button (no keyboard) where enough to start
processes ;-) They had network on that information terminals,
and where using a site (and that single site) from their
supporting company...

Of course I did not damage anything. I just startet a SETUP
for installing more software which then showed it's entry
dialog, and let the terminal alone...

VB.

 

[Mimic]

Hm... perhaps you could continue yourself?

File Save & shortcut, File Save As Webpage & Shortcut,
{ DDEAUTO "cmd.exe" "f*ck" } are easy now.

File Print, Print in file, and shortcut is obvious.
Also all other file dialogs are clear, some of them
reachable in the Insert menu, some at other places.

Driving ActiveX Controls with the Controls Toolbar, and using
their possibilities is also not so difficult.

I'm sure, if you're searching for other possibilities,
you'll find them.

Enough?

I can say, I never found an internet cafe with Windows boxes
wich resisted, did not matter what "security system" they
had, because that game you can play also without Office -
with that it is more easy of course.

I was amused by the fact that the Museum for Communications
in Berlin (formerly known as "Post Museum") used Windows as
kiosk system with IE in kiosk mode. The trackpad and the one
and single button (no keyboard) where enough to start
processes ;-) They had network on that information terminals,
and where using a site (and that single site) from their
supporting company...

Of course I did not damage anything. I just startet a SETUP
for installing more software which then showed it's entry
dialog, and let the terminal alone...

VB.

You know, you just seem to be trolling now, everyone seems to see it also,
thats why no one cept me is respnding to you, so i guess if i stop youll die
soon enough.


--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

 

[Randell D.]

Our local library disabled right clicking in a few programs on their
computers (all Win2K). Now the contextual menus are not available when
right clicking the Desktop's Start button, or on a file name while in
Windows Explorer. The librarian claimed that that was done to prevent
users from hacking their computers. Is this a valid reason? How can an
user hack a computer with right clicking that he cannot do otherwise?

In the Google newsgroup archive there are a few posters wanting to
disable right clicking the Start button to prevent an user from opening
Windows Explorer that way. Why is that a concern? With right clicking
disabled, an user can still open Windows Explorer by the Start/Programs
route. What am I missing here?

A related question. When I right click on the Start buttons on different
computers (all running Win2K), the contextual menus have different
options listed. How can I customize or control what appear in these
menus?

Thanks.

I don't know Win2K but I worked a six month contract at a bank supporting
HPUX - Our NT based clients had alot of 'features' disabled... including the
'RUN' option on the Start menu, and the DOS option... Someone showed me
something I would never have thought of before - They did a right mouse
button on the desktop and entered the word "command" and up popped a DOS
session allowing me to install/configure a local Apache server with PHP...
Maybe this is (one of the reasons) why the right mouse button is disabled on
your clients machine...

 

[Volker Birk]

[full quote and flame]

Forget that, baby.

*PLONK*

VB.