VBS script problem

From: Matt 8 Aug 2013 12:18
To: PNCOOL 5 of 23
Isn't the more important thing trying to work out what this default profile is (is it a local machine profile?) and why it isn't locked down and password protected?

Seems like there is something much more fatally flawed if they can gain access to the local machine with Administrator privileges that easily.
From: PNCOOL 8 Aug 2013 14:09
To: Matt 6 of 23
That's just it, they're logging into a network profile and when it loads, they remove the network cable before it's got all of the GPO settings, effectively giving them lots more rights.  So it's their profile, only it hasn't fully loaded.
From: Peter (BOUGHTONP) 8 Aug 2013 18:03
To: PNCOOL 7 of 23
You're doing something wrong.

I have no idea what, but if a correctly setup modern Windows network can be circumvented by temporarily pulling a network cable it would be all over the news and everyone here would probably already know about it. (And Microsoft would be working on a real patch, not a VBS kludge.)

The process of loading a profile should add privileges, not give full admin rights then remove them.

From: PNCOOL 8 Aug 2013 18:06
To: Peter (BOUGHTONP) 8 of 23
They can't circumvent domain privileges, but they can circumvent ones locally.  They pretty much end up with local admin rights.
From: Matt 8 Aug 2013 18:20
To: PNCOOL 9 of 23
But that's kinda the point, why isn't the default profile locked down and if it isn't can you change the default profile so it is locked down or put a password on it?

Not saying you're doing it wrong, just that's what I would be looking to change rather than use a hack in the form of a VB script.
From: PNCOOL 8 Aug 2013 18:43
To: Matt 10 of 23
Do you know how you change the default profile though?
From: Matt 8 Aug 2013 18:57
To: PNCOOL 11 of 23
No, I don't. But the profile must be being loaded from somewhere, so you must be able to change it.

Link: http://www.mombu.com/microsoft/windows-group-policy/t-group-policy-being-bypassed-by-unplugging-the-network-cable-511604.html
EDITED: 8 Aug 2013 19:00 by MATT
From: Kenny J (WINGNUTKJ) 9 Aug 2013 10:57
To: Matt 12 of 23
I like that their forum filters the "cum" out of "circumvent".
From: PNCOOL 9 Aug 2013 11:06
To: Matt 13 of 23
Aha, you actually just copy another profile and make it the default.  Nice one, I'll try that.
From: PNCOOL 9 Aug 2013 11:06
To: Kenny J (WINGNUTKJ) 14 of 23
I bet no one on that forum lives in Scunthorpe then.
From: af (CAER)13 Aug 2013 16:57
To: PNCOOL 15 of 23
I may be completely off target here, but could the problem be that you need to use an actual executable in the registry entry, and supply the script's filename as a parameter?

Like instead of just

"C:\Windows\HackyScript.vbs"

you'd have

"C:\Windows\RunVBScript.exe C:\Windows\HackyScript.vbs"
From: graphitone 1 Sep 2013 15:11
To: PNCOOL 16 of 23
Or Penistone...
From: Kenny J (WINGNUTKJ) 1 Sep 2013 16:21
To: graphitone 17 of 23
Bawdrip should be fine though...

http://i.imgur.com/XRbGpt2.jpg
From: graphitone 1 Sep 2013 20:15
To: Kenny J (WINGNUTKJ) 18 of 23
As if anyone knows anything about coding living in Bawdrip. All their time is taken up gossiping about their town's name. I'm sure it sounds more salacious when spoken with your subtle, yet sonorous lilt. </s's>

Quote: From the Bawdrip wikipedia page...
and most of the houses are far enough away to qualify for free bus transport

Wow, I wish I lived in a far away house so I could get a magical free bus service too.

From: Drew (X3N0PH0N) 2 Sep 2013 02:14
To: graphitone 19 of 23
Apostrophes do not make fucking plurals.
From: graphitone 2 Sep 2013 07:01
To: Drew (X3N0PH0N) 20 of 23
 :-(( I needed something in there to define what I meant. In hindsight I should've typed /Ss. However that looks like I'm trying to either refer to or close the SS down and what a nice neighbourly bunch of boys they were. Not that that's got anything to do with a farcical HTML tag. I'm sure there's (probably) a point in there somewhere, but I've been distracted by breakfast and work and any train of thought I had going has pulled out of the station leaving all the passengers behind looking confused and disgruntled.
From: Ken (SHIELDSIT) 2 Sep 2013 07:26
To: Drew (X3N0PH0N) 21 of 23
I try to make them, except my true love is the comma! 
EDITED: 2 Sep 2013 07:26 by SHIELDSIT
From: Drew (X3N0PH0N) 2 Sep 2013 07:41
To: graphitone 22 of 23
(hug)
From: milko 2 Sep 2013 16:03
To: Kenny J (WINGNUTKJ) 23 of 23
How coincidental. I passed near and commented about that very place, on Saturday.