> Ok all of that works and yesterday I discovered a hole i didn't knew. > I knew that when in a session, you get start menu from task bar when you > press CTRL+ESC. > What I didn't knew is that, when out of a session, if you pree CTRL+ESC, > you get task manager. That tool permits you to shutdown computer, but > also (thanks to Bill Gates) to run an application.Yeah. Don't you love this one. In fact even if you have disabled the shutdown command using the policy editor you can still use the Task Manager ( which you can run...taskman.exe ) to shutdown, logon again, etc... In fact, all you have to do to shutdown to DOS is create a PIF file for command.com and set it to run in DOS mode under the advanced section of the pif. I think you are just going to have to realize that it is impossible to secure Windows 95. Trust me I have tried. Another note. It is also imposssible to force a user to be validated by a domain at the network login box. If you type in a non-existent domain, windows 95 will say "...Duhhhhh...I guess you are a valid user...nobody can tell me any different..." Fun huh?! If you require user validation to access the computer go with Windows NT ( or better still Unix ). All you are going to get with 95 is a 95% solution ( no pun intended ). j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 )
"Gerald W. Carter" <cartegw@Eng.Auburn.EDU> wrote:> Another note. It is also imposssible to force a user to be validated by > a domain at the network login box. If you type in a non-existent > domain, windows 95 will say "...Duhhhhh...I guess you are a valid > user...nobody can tell me any different..." Fun huh?!Actually, can't it be done via the policies? In poledit.exe, I think the entry is in Computer->Network->Logon (or something like that). In there is a selection for "Require validation by NT server before access to Win95". Sorry, I don't have a Win95 box near me, so I don't have the exact path. -- Rob Naccarato "I know I'm a lot of feathers, Sys Admin but not much chicken." Sheridan College -KM Oakville, Ont. Canada
Rob Naccarato <rob.naccarato@sheridanc.on.ca> wrote :> Actually, can't it be done via the policies? In poledit.exe, I think > the entry is in Computer->Network->Logon (or something like that). > In there is a selection for "Require validation by NT server before > access to Win95".yep that's what i have done. But here the problem is that authentication prevents you to run applications without some server told that you have the right, but so genious Microsoft programmers have decided to permit to run a task manager even if you have not logged on and that task manager permits to run any application that is installed locally. For example explorer that give you e session on the machine. Very clever, no? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Michel APPLAINCOURT | E-mail : michel.applaincourt@umh.ac.be Computer Sciences Assistant | Phone : 32 65 373498 Universite de Mons-Hainaut | Fax : 32 65 373318 [Sad...But True] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-