Pupil hiding files

[Geoff]

Just a little heads up.

Had a pupil here come to me claiming he'd 'lost' a folder, but he hadn't! Seems he'd found a little 'hack' on the internet and had tried it out.

http://www.bloggingindia.net/2007/05...shackspatches/

Unfortunately for him, access to the command line/running bat & cmd files is limited. So he had to come grovelling to get his precious folder back.

[_Bat_]

What an idiot. I take it he came clean with what he'd done in the end then?

[Geoff]

No, but I'd read about this earlier today doing my rounds round various tech news sites. It was obvious what he'd done when I viewed the folder from a command prompt.

[mrtechsystems]

Thanks for the tip Geoff

[phreak]

Interesting little hack. Thanks for the heads up.

[neogarfield]

Hi,
Thanks Geoff for the heads up. I didnt realize that such a problem could arise. I just edited my post to include a warning
http://www.bloggingindia.net/2007/05...shackspatches/

Cheers,
Mohan (aka NeoGarfield) @ bloggingindia.net

[kevin_lane]

hey thanks for the info quite good bit tricky to pull off but i don't think we need to worry even though i'm security conscious

[ChrisH]

I run attrib -h on log off to stop this folder hiding nonsense.

[Geoff]

Does that actually work in this case ChrisH? My understanding is that because it's got the Control Panel CLSID in the folder name it turns into a Control Panel shortcut rather than there being any attributes set.

[kevin_lane]

but if your a normal domain user and you have your group policy set not to allow the control panel or anything they shouldn't be able to do anything even if they have view access surely most restrictive would apply

[Geoff]

You misunderstand kevin. To trigger this unfortunate series of events all an end user needs to be able to do is rename a folder. Something you can do from the GUI. Plus it isn't the point of this 'hack' to gain access to the control panel, it is to hide the files in the folder thats been renamed.

[neogarfield]

but if your a normal domain user and you have your group policy set not to allow the control panel or anything they shouldn't be able to do anything even if they have view access surely most restrictive would apply

Kevin, in that case, this hack will function the same, except when a user accesses the locked folder, he wont be directed to the Control Panel, but will receive the same message he receives when he tries to access the Control Panel normally (Start>Control Panel OR My Computer>Control Panel)

[kevin_lane]

hi yea i understand that think i was just taking it to far really

[wil0]

thats a pretty clever trick. i knew you could rename the folder to a control panel icon, but i never thought about hideing files in the folder.
They could just hide their files in a word, publisher, or ppt file? thats what i used todo...

[TechMonkey]

They'd be really stuffed in our case as we delete spurious shortcuts in user areas. A link to control panel, even though it can't do anything as it is locked down, woul dbe gone quicker than the last eclair at a bakery convention.