Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows :: win5247.htm

Active Directory "Group Policy" updates cas be locked
5th Apr 2002 [SBWID-5247]

	Active Directory \"Group Policy\" updates cas be locked


	 Microsoft Windows 2000 Server 

	 Microsoft Windows 2000 Advanced Server 

	 Microsoft Windows 2000 Datacenter Server 



	In Microsoft Security Bulletin [MS02-016] :




	When a machine or user logs onto  the  domain,  it  reads  the  GPO  and
	applies the settings it contains.

	An attacker would likely exploit  the  vulnerability  by  first  logging
	onto the domain normally, and then opening the Group Policy  files  with
	exclusive read access. She could then log  onto  the  network  a  second
	time. Because the policy files would be locked, the second  logon  would
	occur without Group Policy being applied.  The  result  would  be  that,
	although all previous Group Policy settings on the second machine  would
	remain in force, any new policy  settings  would  not  be  applied.  The
	attacker’s second session would take place  using  what  policy
	settings had most recently been applied.

	The effect wouldn\'t be limited only to the  attacker.  Any  other  user
	who happened to log onto the network while the Group Policy  files  were
	locked would also do so without new policy settings being applied.



	Microsoft Windows 2000 Server and Advanced Server: 



	Microsoft Windows 2000  Datacenter  Server:  Patches  for  Windows  2000
	Datacenter Server are hardware-specific and available from the  original
	equipment manufacturer.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH