LinkBack URL
About LinkBacksAwesome, Will make an update to main source if I got time tonight.Originally Posted by meastaugh1
:P One of those silly bugs!
Many thanks,
Steve
Awesome, Will make an update to main source if I got time tonight.
:P One of those silly bugs!
Many thanks,
Steve
Latest version (mini update) should now have passworded chars and black text on the login box rather than white :P
Also the registry bug should be fixed in the new version for you! Any feedback on if it's working etc would be great (obviously no rush)
Many thanks,
Steve
I've allocated the new version to a room and it's working fine with read-only permission now, thanks.
Steve21 (29th June 2011)
Cool, Good to hear :P
Steve
I downloaded your program yesterday and have been 'playing' with it today. Is it possible to remove the Steve21 from the lock screen? The only reason I ask is because a google search for steve21 comes up with info about the program and the less info you give the 'Little Darlings', the better.
Leigh
Last edited by TheScarfedOne; 19th July 2011 at 04:19 PM. Reason: Language
I can certainly change it from Steve21 to my name, or such. Just so there's no searchable link to here. But for obvious reasons still like some reference :P Even if it's just to stop people trying to claim it's theirs.
If that sounds good, I'll make a few changes this weekend, (or tonight if I get time).
Steve
Last edited by TheScarfedOne; 19th July 2011 at 04:19 PM. Reason: Language
Your name's still in the admin areabut either way that'd be great.
Aye :P But after one view (aka original setup) that page is locked and hidden "normally" :PYour name's still in the admin area
But yeah, can do that no probs.
Steve
Hi,
Thanks for this - all looks great. Will give it a go shortly.
But - just to clarify - how is the EduLock.exe normally executed by the workstation? As it is not a service, is it intended to be run from HKLM\...Windows\Explorer\Run ? How does this prevent GPO bypass if the cable is disconnected before Run... items are executed?
Thanks,
Moby
In terms of running it, there's a few ways, startup aka hklm/run etc, as a note I'm playing with writing it as a service, but taking a while :P
In terms of GPO, there's a test function within the program that will force gpupdate to happen when it "unlocks". So if it's removed during boot, it should reapply GPs once unlocked, aka once plugged in. But this is currently test function, again updating this as I go based on feedback :P
Steve
Thanks for this Steve. But consider the following scenario:
<Snipping to prevent students reading.>
Seems IMHO that EduLock is helpful, but actually still has a hole in it
Last edited by Steve21; 18th July 2011 at 01:31 PM.
I feel you're slightly misunderstanding EduLock as such :P The main idea of it was to stop users disconnecting cables while logged on, to play games etc while networked apps can't connect to disable it. It will work in terms of if the cable isn't connected once it finialised login, as the program is running. But I doubt people will know when to plug it in, just to get files, but not GPOs :P
There's simple fix to the thing you're referring to :P Do a gpupdate on login. (or wait for the service re-code)
Steve
Last edited by Steve21; 18th July 2011 at 01:31 PM.
Hi Steve,
From the beginning page it says that EduLock aims to prevent users bypassing GPOs. This is not correct. What you actually mean is that EduLock aims to prevent users bypassing 3rd party security applications that run outside of Group Policy.
Group Policy Objects are processed primarily at logon. They include software restriction (or Applocker) policies.
<Snipping to prevent students reading.>
And if EduLock is deployed by group policy itself (i.e. as a login script) then this too will be disabled, as it will never be run.
Just my 2p worth, sorry. Until EduLock is *always* running in the background as a service, it is easily defeatable IMHO. Sorry!
Moby.
Last edited by Steve21; 18th July 2011 at 01:33 PM.
I'm not being funny, but that is a really silly statement...
It doesn't say that at all... It says playing games, and disabling GPOs. Disabling, isn't the same as bypassing. This isn't security software....
Ofcourse software won't deploy if it's done over network and the cable isn't plugged in. Name a piece of software that does?
And once again, just run a gpupdate script at start if you think it's such a big issue... or as I said, wait until it's re-coded.
Steve
Hi,
Thanks for this. I really do understand what you're trying to acheive.
But EduLock is deployed by GPO logon script, then users will quickly learn that it too can be defeated: By pulling out the cable sooner.
If a user pulls out the network cable during logon, group policy settings will not be loaded and EduLock will not be run. This would only be fixed if EduLock ran as a service that was always running.
If EduLock was implemented as a service, may I suggest that you incorporate a feature to allow nominated security groups for which EduLock will temporarily stop looking for disconnects whilst they are logged on (e.g. local admins, domain staff etc)..
Regards
Moby.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
