From: Jamie Riden (jamie.riden@gmail.com)
Date: Wed Apr 11 2007 - 07:47:01 EDT
Sounds like you are being asked to crack a computer - maybe one that
the company owns, but then again, you personally are not the company.
Do check this out with a lawyer, and you may want to get the
instruction in writing, and check that your boss is authorised to give
such an instruction.
But if it's a company PC, why isn't it on the domain, and why don't
you already have access? Can't you set policies in AD to achieve what
you want?
Like someone else said though, it's patch time for MS anyway. Why not
just take the box for an hour and stick the ANI/CRSS patches on it
while you're ghosting the hard disk?
cheers,
Jamie
PS. Better hope your employee doesn't read pen-test ;)
On 10/04/07, Mifa <mifa@stangercorp.com> wrote:
> We have a user who takes a company computer home with them (no its not a lap top). We have a good reason to need to look at their files. However, we want to do so without that employ knowing. They seem to know something about security becasue auto runs is disabled and the workstation is always locked with a third party software. INserting a U3 drive will not run a program either. Are there any programs that will boot from a floppy then copy a program to the c drive then wite an auto start entry into the registry? This was the only way I can think of to get the user to install a program..
-- Jamie Riden, CISSP / jamesr@europe.com / jamie@honeynet.org.uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:43 EDT