securing logon scripts and wallpapers etc.

[Guest RolfHerbert@googlemail.com]

Hi all,

 

Im having a funny few minutes. In order for my logon batch amnd small

vbs program to run at logon and for the GPO to enforce desktop

wallpaper images, they must be in an accessible shared folder. My

worry is; what is to stop a savvy user from finding those shares and

altering the wallpaper or logon scripts/vbs..? Is it possible to

secure these files from general domain users access but still leave

them available during logon..?

 

Thanks all, I couldnt find any answers online so far.

 

Rolf

[Guest Mathieu CHATEAU]

Re: securing logon scripts and wallpapers etc.

 

Hello,

 

What do you mean by "GPO to enforce desktop" ?

If it"s done through GPO, it's enforced every 90mn (+-~30mn), so there is no

need for a logon script.

 

If your logon script doesn't change/create any file when executing, then

secure the share/folder through read only access to users.

 

If it's just for the first logon of users, then create a default user

profile in netlogon for new users.

 

--

Cordialement,

Mathieu CHATEAU

English blog: http://lordoftheping.blogspot.com

French blog: http://www.lotp.fr

 

"RolfHerbert@googlemail.com" <rolf@it-buy.co.uk> a écrit dans le message de

news:21949954-ca1d-486d-86cf-594f535e875b@25g2000hsx.googlegroups.com...

> Hi all,

>

> Im having a funny few minutes. In order for my logon batch amnd small

> vbs program to run at logon and for the GPO to enforce desktop

> wallpaper images, they must be in an accessible shared folder. My

> worry is; what is to stop a savvy user from finding those shares and

> altering the wallpaper or logon scripts/vbs..? Is it possible to

> secure these files from general domain users access but still leave

> them available during logon..?

>

> Thanks all, I couldnt find any answers online so far.

>

> Rolf

[Guest Lanwench [MVP - Exchange]]

Re: securing logon scripts and wallpapers etc.

 

RolfHerbert@googlemail.com <rolf@it-buy.co.uk> wrote:

> Hi all,

>

> Im having a funny few minutes. In order for my logon batch amnd small

> vbs program to run at logon and for the GPO to enforce desktop

> wallpaper images, they must be in an accessible shared folder. My

> worry is; what is to stop a savvy user from finding those shares and

> altering the wallpaper or logon scripts/vbs..? Is it possible to

> secure these files from general domain users access but still leave

> them available during logon..?

>

> Thanks all, I couldnt find any answers online so far.

>

> Rolf

 

I'd really hope your shared location was already set up not to allow

anything other than read access by your users. Use a hidden share

(\\server\sharename$) and set it up with NTFS security so your users get

read-only access.