:P One of those silly bugs!
Also the registry bug should be fixed in the new version for you! Any feedback on if it's working etc would be great (obviously no rush :D)
I've allocated the new version to a room and it's working fine with read-only permission now, thanks.
I downloaded your program yesterday and have been 'playing' with it today. Is it possible to remove the Steve21 from the lock screen? The only reason I ask is because a google search for steve21 comes up with info about the program and the less info you give the 'Little Darlings', the better.
If that sounds good, I'll make a few changes this weekend, (or tonight if I get time).
Thanks for this - all looks great. Will give it a go shortly.
But - just to clarify - how is the EduLock.exe normally executed by the workstation? As it is not a service, is it intended to be run from HKLM\...Windows\Explorer\Run ? How does this prevent GPO bypass if the cable is disconnected before Run... items are executed?
In terms of GPO, there's a test function within the program that will force gpupdate to happen when it "unlocks". So if it's removed during boot, it should reapply GPs once unlocked, aka once plugged in. But this is currently test function, again updating this as I go based on feedback :P
Thanks for this Steve. But consider the following scenario:
Seems IMHO that EduLock is helpful, but actually still has a hole in it :)
There's simple fix to the thing you're referring to :P Do a gpupdate on login. (or wait for the service re-code :getmecoat:)
From the beginning page it says that EduLock aims to prevent users bypassing GPOs. This is not correct. What you actually mean is that EduLock aims to prevent users bypassing 3rd party security applications that run outside of Group Policy.
Group Policy Objects are processed primarily at logon. They include software restriction (or Applocker) policies.
And if EduLock is deployed by group policy itself (i.e. as a login script) then this too will be disabled, as it will never be run.
Just my 2p worth, sorry. Until EduLock is *always* running in the background as a service, it is easily defeatable IMHO. Sorry!
I'm not being funny, but that is a really silly statement...
It doesn't say that at all... It says playing games, and disabling GPOs. Disabling, isn't the same as bypassing. This isn't security software....
Ofcourse software won't deploy if it's done over network and the cable isn't plugged in. Name a piece of software that does?
And once again, just run a gpupdate script at start if you think it's such a big issue... or as I said, wait until it's re-coded.
Thanks for this. I really do understand what you're trying to acheive.
But EduLock is deployed by GPO logon script, then users will quickly learn that it too can be defeated: By pulling out the cable sooner.
If a user pulls out the network cable during logon, group policy settings will not be loaded and EduLock will not be run. This would only be fixed if EduLock ran as a service that was always running.
If EduLock was implemented as a service, may I suggest that you incorporate a feature to allow nominated security groups for which EduLock will temporarily stop looking for disconnects whilst they are logged on (e.g. local admins, domain staff etc)..