Going around admin policy

zmaster

Senior member
May 22, 2005
342
0
71
Hi all,
I am one of the admins at my company. Recently our boss used a group policy to block off firefox.exe and asked me to see if his method is foolproof.

I am trying to hack it. Unfortunately the change of name/location is not effective, so my next step is to try change the process name. How would one go about doing that?
Any other suggestions would be appreciated.

Keep well
Z
 

zmaster

Senior member
May 22, 2005
342
0
71
i tried that, but as soon as the process firefox.exe loads up, it gets shot down by the system
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
If he wants it foolproof, his next step should be to combine non-Admin user accounts with Software Restriction Policy (and of course, to not let anyone log onto an Admin account except IT staff). how SRP works in this scenario. No ability to install stuff, no ability to even run anything that wasn't installed by an Admin. Not even from a USB drive or a CD.
 

Zugzwang152

Lifer
Oct 30, 2001
12,134
1
0
Run it in a virtual machine.

Remote desktop to another unrestricted machine and run it from there.
 

thegisguy

Senior member
Jan 15, 2008
292
0
0
+1 for what ChAoTiCpInOy said. Try installing the portableapps version on your system, rename the exe, and see if it runs.
 

zmaster

Senior member
May 22, 2005
342
0
71
Originally posted by: thegisguy
+1 for what ChAoTiCpInOy said. Try installing the portableapps version on your system, rename the exe, and see if it runs.

tried it. it seems by blocking the dll's the exe gets blocked.
the way i got around it was by running a older version of ff.
still, i convinced him to unblock it by running a report on the advantages of ff vs ie.
bear in mind that the report is heavily biased towards ff.
http://rapidshare.com/files/18...Firefox_vs_IE.pdf.html

was gonna try running it in vm, but he unblocked it now. Now that is an awesome boss. actually listens to your input instead of dismissing it with "my word is the law" attitude

 

VirtualLarry

No Lifer
Aug 25, 2001
56,571
10,207
126
So let me get this straight, this wasn't just a test of a sofware restriction policy, with Firefox.exe arbitrarily picked as a subject, but that your boss was actually considering banning firefox? Why in the world would they do something like that. If they wanted to enhance online security tenfold, they would do an institution-wide rollout of firefox, followed by a banning of IE.

I've never gotten malware using firefox heavily (oftentimes, to go to "seedy" sites), in all of the years that I've used it, which is quite a few. (I was a hardcore Mozilla user from when before Firefox existed and took over as the primary browser product of mozilla.org.)

Edit: Btw, there ARE ways around SRP.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Originally posted by: VirtualLarry
So let me get this straight, this wasn't just a test of a sofware restriction policy, with Firefox.exe arbitrarily picked as a subject, but that your boss was actually considering banning firefox? Why in the world would they do something like that. If they wanted to enhance online security tenfold, they would do an institution-wide rollout of firefox, followed by a banning of IE.

Actually, if they want to enhance online security tenfold, the first thing they'd do would be to make sure all their browser add-ons are up-to-date, e.g. Flash Player, Adobe Reader, QuickTime, Sun Java, etc. That's the big attack surface nowdays. And having done my homework, I'd take IE7 in Protected Mode over any other browser for security, due to its proactive defenses against exploits (known or unknown). IE in Protected Mode is sweet :cool:
 

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
If they wanted to enhance online security tenfold, they would do an institution-wide rollout of firefox, followed by a banning of IE.

More fud. IE in protected mode is safer than FF.
 

lxskllr

No Lifer
Nov 30, 2004
59,427
9,945
126
Originally posted by: bsobel
If they wanted to enhance online security tenfold, they would do an institution-wide rollout of firefox, followed by a banning of IE.

More fud. IE in protected mode is safer than FF.

That only applies to Vista and IE7+, right? I'd say Vista+IE7 is more secure, but XP and under my confidence goes to FireFox and Opera.
 

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
That only applies to Vista and IE7+, right? I'd say Vista+IE7 is more secure, but XP and under my confidence goes to FireFox and Opera.

True, that is a Vista feature.
 

Oakenfold

Diamond Member
Feb 8, 2001
5,740
0
76
Originally posted by: VirtualLarry
So let me get this straight, this wasn't just a test of a sofware restriction policy, with Firefox.exe arbitrarily picked as a subject, but that your boss was actually considering banning firefox? Why in the world would they do something like that.

Maybe they want to limit the # of app's they run? Maybe they do not intend to ever update firefox and only want to manage IE. If they aren't going to ensure that all the FF browsers are kept up to date then they probably don't want FF on their network period, at least if they are thinking about patch management that would be my guess.