Tuesday, March 17, 2009

Windows Secret - Poledit

Poledit or Policy Editor is a small kewl tool which is being commonly used by system administrators to alter the settings of a system. This utility is noti nstalled by default by Windows. You need to install in manually from the Windows98 Installation Kit from the Resource Kit folder. user.dat file that we sawearlier.

The Policy Editor tool imposes restrictions on the user's system by editing the user.dat file which in turn means that it edits the Windows Registry to change thes ettings. It can be used to control or restrict access to each and every folder and option you could ever think of. It has the power to even restrict access to individual folders, files, the Control Panel,
MS DOS, the drives available etc. Sometimes this software does make life really hard for a Hacker. So how can we remove the restrictions imposed by the Policy Editor? Well read ahead to learnmore.

You see the Policy Editor is not the only way to restrict a user's activities. As we already know that the Policy Editor edits the Windows Registry(user.dat) file to impose such restrictions. So this in turn would mean that we can directly make changes to the Windows Registry using a .reg file or directly to remove or add restrictions.

Launch Regedit and go to the following Registry Key:

HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies

Under this key, there will definitely be a key named explorer. Now under this explorer key we can create new DWORD values and modify it's value to 1 in order to impose the restriction. If you want to remove the Restriction, then you can simply delete the respective DWORD values or instead change their values to 0. The following is a list of DWORD values that can be created under the Explorer Key-:

NoDeletePrinter : Disables Deletion of already installed Printers

NoAddPrinter : Disables Addition of new Printers

NoRun : Disables or hides the Run Command

NoSetFolders : Removes Folders from the Settings option on Start Menu (ControlPanel, Printers, Taskbar)

NoSetTaskbar : Removes Taskbar system folder from the Settings option on Start Menu

NoFind : Removes the Find Tool (Start >Find)

NoDrives : Hides and does not display any Drives in My Computer

NoNetHood : Hides or removes the Network Neighborhood icon from the desktop

NoDesktop : Hides all items including, file, folders and system folders from the Desktop

NoClose : Disables Shutdown and prevents the user from normally shutting down Windows.

NoSaveSettings : Means to say, 'Don't save settings on exit'

DisableRegistryTools : Disable Registry Editing Tools (If you disable this option,the Windows Registry Editor(regedit.exe) too will not work.)

NoRecentDocsHistory: Removes Recent Document system folder from the Start Menu (IE4 and above)

ClearRecentDocsOnExit: Clears the Recent Documents system folder on Exit.

Nolnternetlcon: Removes the Internet (system folder) icon from the Desktop

Under the same key: HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies
you can create new subkeys other than the already existing Explorer key. Now create a new key and name it System. Under this new key, system we can create the following new DWORD values(1 for enabling the particular option and 0 for disabling the particular option):

NODispCPL: Hides Control Panel

NoDispBackgroundPage: Hides Background page.

NoDispScrsavPage: Hides Screen Saver Page

NoDispAppearancePage: Hides Appearance Page

NoDispSettingsPage: Hides Settings Page

NoSecCPL: Disables Password Control Panel

NoPwdPage: Hides Password Change Page

NoAdminPaqe: Hides Remote Administration Page

NoProfilePage: Hides User Profiles Page

NoDevMgrPage: Hides Device Manager Page

NoConfigPage: Hides Hardware Profiles Page

NoFileSysPage: Hides File System Button

NoVirtMemPage: Hides Virtual Memory Button

Similarly, if we create a new subkey named Network, we can add the following DWORDv alues under it(1 for enabling the particular option and 0 for disabling the particular option):

NoNetSetupSecurityPage: Hides Network Security Page

NoNelSetup: Hides or disables the Network option in the Control Panel

NoNetSetupIDPage: Hides the Identification Page

NoNetSetupSecurityPage: Hides the Access Control Page

NoFileSharingControl: Disables File Sharing Controls

NoPrintSharing: Disables Print Sharing Controls

Similarly, if we create a new subkey named WinOldApp, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):

Disabled: Disable MS-DOS Prompt

NoRealMode: Disable Single-Mode MS-DOS.

So you see if you have access to the Windows Registry, then you can easily createnew DWORD values and set heir value to 1 for enabling the particular option and 0for disabling the particular option. But Sometimes, access to the Windows Registryis blocked. So what do you do? Go to the Windows Directory and delete eitheruser.dat or system.dat (These 2 files constitute the Windows Registry.) andreboot. As soon as Windows logs in, it will display a Warning Message informingyou about an error in the Windows Registry. Simply ignore this Warning Message andPress CTRL+DEL+ALT to get out of this warning message.(Do not press OK) You willfind that all restrictions have been removed.

The most kind of restriction found quite commonly is the Specific FolderRestriction, in which users are not allowed access to specific folders, the mostcommon being the Windows folder, or sometimes even access to My Computer isblocked. In effect, you simply cannot seem to access the important kewl fileswhich are needed by you to do remove restrictions. What do you? Well use the RUNcommand. (START >RUN). But unfortunately a system administrator who is intelligentenough to block access to specific folder, would definitely have blocked access tothe RUN command. Again we are stuck.

Windows is supposed to be the most User Friendly Operating System on earth. (Atleast Microsoft Says so.)

It gives the User an option to do the same thing in various ways. You see the RUN command is only the most convenient option of launching applications, but not the only way. In Windows you can create shortcuts to almost anything from a file, folder to a Web URL. So say your system administrator has blocked access to the c:\windows\system folder and you need to access it. What do you do? Simply create a Shortcut to it. To do this right click anywhere on the desktop and select New >Shortcut. A new window titled Create Shortcut pops up. Type in the path of the restricted folder you wish to access, in this case c:\windows\system. Click Next, Enter the friendly name of the Shortcut and then click Finish. Now you can access the restricted folder by simply double clicking on the shortcut icon. Well that shows how protected and secure *ahem Windows *ahem is.

No comments:

Post a Comment