securing logon scripts and wallpapers etc.

  • Thread starter Thread starter RolfHerbert@googlemail.com
  • Start date Start date
R

RolfHerbert@googlemail.com

Guest
Hi all,

Im having a funny few minutes. In order for my logon batch amnd small
vbs program to run at logon and for the GPO to enforce desktop
wallpaper images, they must be in an accessible shared folder. My
worry is; what is to stop a savvy user from finding those shares and
altering the wallpaper or logon scripts/vbs..? Is it possible to
secure these files from general domain users access but still leave
them available during logon..?

Thanks all, I couldnt find any answers online so far.

Rolf
 
Re: securing logon scripts and wallpapers etc.

Hello,

What do you mean by "GPO to enforce desktop" ?
If it"s done through GPO, it's enforced every 90mn (+-~30mn), so there is no
need for a logon script.

If your logon script doesn't change/create any file when executing, then
secure the share/folder through read only access to users.

If it's just for the first logon of users, then create a default user
profile in netlogon for new users.

--
Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr

"RolfHerbert@googlemail.com" <rolf@it-buy.co.uk> a écrit dans le message de
news:21949954-ca1d-486d-86cf-594f535e875b@25g2000hsx.googlegroups.com...
> Hi all,
>
> Im having a funny few minutes. In order for my logon batch amnd small
> vbs program to run at logon and for the GPO to enforce desktop
> wallpaper images, they must be in an accessible shared folder. My
> worry is; what is to stop a savvy user from finding those shares and
> altering the wallpaper or logon scripts/vbs..? Is it possible to
> secure these files from general domain users access but still leave
> them available during logon..?
>
> Thanks all, I couldnt find any answers online so far.
>
> Rolf
 
Re: securing logon scripts and wallpapers etc.

RolfHerbert@googlemail.com <rolf@it-buy.co.uk> wrote:
> Hi all,
>
> Im having a funny few minutes. In order for my logon batch amnd small
> vbs program to run at logon and for the GPO to enforce desktop
> wallpaper images, they must be in an accessible shared folder. My
> worry is; what is to stop a savvy user from finding those shares and
> altering the wallpaper or logon scripts/vbs..? Is it possible to
> secure these files from general domain users access but still leave
> them available during logon..?
>
> Thanks all, I couldnt find any answers online so far.
>
> Rolf

I'd really hope your shared location was already set up not to allow
anything other than read access by your users. Use a hidden share
(\\server\sharename$) and set it up with NTFS security so your users get
read-only access.
 
Back
Top