+ Post New Thread
Page 4 of 6 FirstFirst 123456 LastLast
Results 46 to 60 of 87
EduLock Thread, Steve21 presents: EduLock in Projects:; Originally Posted by meastaugh1 That's the one, new version retrieves reg values, old version generates the crash error. Awesome, Will ...
  1. #46

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,686
    Thank Post
    334
    Thanked 513 Times in 481 Posts
    Rep Power
    178
    Quote Originally Posted by meastaugh1 View Post
    That's the one, new version retrieves reg values, old version generates the crash error.
    Awesome, Will make an update to main source if I got time tonight.

    :P One of those silly bugs!

    Many thanks,
    Steve

  2. #47

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,686
    Thank Post
    334
    Thanked 513 Times in 481 Posts
    Rep Power
    178
    Quote Originally Posted by meastaugh1 View Post
    When you right click the sys tray icon, did you intend for this password field to still show white text on a white background, as opposed to it being a proper password field? I can understand why you might do this while developing, as you can highlight to see what has been written.
    Latest version (mini update) should now have passworded chars and black text on the login box rather than white :P

    Also the registry bug should be fixed in the new version for you! Any feedback on if it's working etc would be great (obviously no rush )

    Many thanks,
    Steve

  3. #48
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    889
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32
    I've allocated the new version to a room and it's working fine with read-only permission now, thanks.

  4. Thanks to meastaugh1 from:

    Steve21 (29th June 2011)

  5. #49

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,686
    Thank Post
    334
    Thanked 513 Times in 481 Posts
    Rep Power
    178
    Quote Originally Posted by meastaugh1 View Post
    I've allocated the new version to a room and it's working fine with read-only permission now, thanks.
    Cool, Good to hear :P

    Steve

  6. #50
    LeighMJ's Avatar
    Join Date
    Apr 2011
    Location
    Mornington Peninsula
    Posts
    5
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I downloaded your program yesterday and have been 'playing' with it today. Is it possible to remove the Steve21 from the lock screen? The only reason I ask is because a google search for steve21 comes up with info about the program and the less info you give the 'Little Darlings', the better.

    Leigh
    Last edited by TheScarfedOne; 19th July 2011 at 04:19 PM. Reason: Language

  7. #51

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,686
    Thank Post
    334
    Thanked 513 Times in 481 Posts
    Rep Power
    178
    Quote Originally Posted by LeighMJ View Post
    I downloaded your program yesterday and have been 'playing' with it today. Is it possible to remove the Steve21 from the lock screen? The only reason I ask is because a google search for steve21 comes up with info about the program and the less info you give the 'Little Darlings', the better.

    Leigh
    I can certainly change it from Steve21 to my name, or such. Just so there's no searchable link to here. But for obvious reasons still like some reference :P Even if it's just to stop people trying to claim it's theirs.

    If that sounds good, I'll make a few changes this weekend, (or tonight if I get time).

    Steve
    Last edited by TheScarfedOne; 19th July 2011 at 04:19 PM. Reason: Language

  8. #52
    LeighMJ's Avatar
    Join Date
    Apr 2011
    Location
    Mornington Peninsula
    Posts
    5
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by Steve21 View Post
    But for obvious reasons still like some reference :P Even if it's just to stop people trying to claim it's theirs.
    Your name's still in the admin area but either way that'd be great.

  9. #53

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,686
    Thank Post
    334
    Thanked 513 Times in 481 Posts
    Rep Power
    178
    Quote Originally Posted by LeighMJ View Post
    Your name's still in the admin area but either way that'd be great.
    Aye :P But after one view (aka original setup) that page is locked and hidden "normally" :P

    But yeah, can do that no probs.

    Steve

  10. #54

    Join Date
    Sep 2009
    Posts
    133
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    10
    Hi,

    Thanks for this - all looks great. Will give it a go shortly.

    But - just to clarify - how is the EduLock.exe normally executed by the workstation? As it is not a service, is it intended to be run from HKLM\...Windows\Explorer\Run ? How does this prevent GPO bypass if the cable is disconnected before Run... items are executed?

    Thanks,
    Moby

  11. #55

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,686
    Thank Post
    334
    Thanked 513 Times in 481 Posts
    Rep Power
    178
    Quote Originally Posted by mobybrick View Post
    Hi,

    Thanks for this - all looks great. Will give it a go shortly.

    But - just to clarify - how is the EduLock.exe normally executed by the workstation? As it is not a service, is it intended to be run from HKLM\...Windows\Explorer\Run ? How does this prevent GPO bypass if the cable is disconnected before Run... items are executed?

    Thanks,
    Moby
    In terms of running it, there's a few ways, startup aka hklm/run etc, as a note I'm playing with writing it as a service, but taking a while :P

    In terms of GPO, there's a test function within the program that will force gpupdate to happen when it "unlocks". So if it's removed during boot, it should reapply GPs once unlocked, aka once plugged in. But this is currently test function, again updating this as I go based on feedback :P

    Steve

  12. #56

    Join Date
    Sep 2009
    Posts
    133
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    10
    Thanks for this Steve. But consider the following scenario:

    <Snipping to prevent students reading.>

    Seems IMHO that EduLock is helpful, but actually still has a hole in it
    Last edited by Steve21; 18th July 2011 at 01:31 PM.

  13. #57

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,686
    Thank Post
    334
    Thanked 513 Times in 481 Posts
    Rep Power
    178
    Quote Originally Posted by mobybrick View Post
    <Snipping to prevent students reading.>
    I feel you're slightly misunderstanding EduLock as such :P The main idea of it was to stop users disconnecting cables while logged on, to play games etc while networked apps can't connect to disable it. It will work in terms of if the cable isn't connected once it finialised login, as the program is running. But I doubt people will know when to plug it in, just to get files, but not GPOs :P

    There's simple fix to the thing you're referring to :P Do a gpupdate on login. (or wait for the service re-code )



    Steve
    Last edited by Steve21; 18th July 2011 at 01:31 PM.

  14. #58

    Join Date
    Sep 2009
    Posts
    133
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    10
    Hi Steve,

    From the beginning page it says that EduLock aims to prevent users bypassing GPOs. This is not correct. What you actually mean is that EduLock aims to prevent users bypassing 3rd party security applications that run outside of Group Policy.

    Group Policy Objects are processed primarily at logon. They include software restriction (or Applocker) policies.

    <Snipping to prevent students reading.>

    And if EduLock is deployed by group policy itself (i.e. as a login script) then this too will be disabled, as it will never be run.

    Just my 2p worth, sorry. Until EduLock is *always* running in the background as a service, it is easily defeatable IMHO. Sorry!

    Moby.
    Last edited by Steve21; 18th July 2011 at 01:33 PM.

  15. #59

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,686
    Thank Post
    334
    Thanked 513 Times in 481 Posts
    Rep Power
    178
    I'm not being funny, but that is a really silly statement...

    It doesn't say that at all... It says playing games, and disabling GPOs. Disabling, isn't the same as bypassing. This isn't security software....

    Ofcourse software won't deploy if it's done over network and the cable isn't plugged in. Name a piece of software that does?

    And once again, just run a gpupdate script at start if you think it's such a big issue... or as I said, wait until it's re-coded.

    Steve

  16. #60

    Join Date
    Sep 2009
    Posts
    133
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    10
    Hi,

    Thanks for this. I really do understand what you're trying to acheive.

    But EduLock is deployed by GPO logon script, then users will quickly learn that it too can be defeated: By pulling out the cable sooner.

    If a user pulls out the network cable during logon, group policy settings will not be loaded and EduLock will not be run. This would only be fixed if EduLock ran as a service that was always running.

    If EduLock was implemented as a service, may I suggest that you incorporate a feature to allow nominated security groups for which EduLock will temporarily stop looking for disconnects whilst they are logged on (e.g. local admins, domain staff etc)..

    Regards
    Moby.

SHARE:
+ Post New Thread
Page 4 of 6 FirstFirst 123456 LastLast

Similar Threads

  1. Presents
    By russdev in forum General Chat
    Replies: 26
    Last Post: 3rd January 2007, 03:37 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •