Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Group Policy

Started by Valdezdj , Jun 22 2012 01:01 AM

  • Please log in to reply
3 replies to this topic

#1 Valdezdj

Valdezdj

    New Member

  • Members
  • Pip
  • 2 posts

Posted 22 June 2012 - 01:01 AM

Hello.

I have a stand alone XP pro computer that is not (as far as I know) part of a Domain.

I have found many indicators that my machine is being fed Group Policy from a Domain controller.

I would like to know how this could be when I have not attempted to join a Domain.

Perhaps someone could give me a reasonable explanation why all my OS settings, security, software firewall, registry and even spoofed MAC addresses appear to be set by Group Policy dispite the fact my computer is not (as far as I know) a member of a Domain.

Thanks.

-DJ

 

  • BC Ads
  • BleepingComputer.com

#2 Didier Stevens

Didier Stevens

    Distinguished Member

  • BC Advisor
  • PipPipPipPipPip
  • 821 posts
  • Gender:Male

Posted 22 June 2012 - 02:49 AM

So I assume you are in a LAN with domain controllers?

Did you check Computer Properties / Computer Name?
Does it say you are in a domain or in a workgroup?
And if you click the Change button, is the domain or workgroup radio button checked?
Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com
Microsoft MVP 2011-2013 Consumer Security
Posted Image

#3 Valdezdj

Valdezdj

    New Member

  • Members
  • Pip
  • 2 posts

Posted 27 June 2012 - 02:24 PM

No. I'm not on a LAN with DC's. It's my little ole stand alone home computer.

The domain is not filled in. It is in the default setting WORKGROUP.

However, the admin accout doesn't have the rights it should and many references in log files indicating RAS, RemoteDesktopHelp, terminal services and a myriad of remote access references. The settings to turn off remotedesktop for instance are not available as if Group Policy removed them.

There are many indicators that the settings are all configured with a GP coming from somewhere.

When I first tried using GPEdit.msc it came up and showed lots of interesting settings that appear to have been
inherited from a Windows 2008 server. I don't own a Win2008 server.

During my perusal, the display suddenly blanked and the command gpedit.msc (DOS or RUN) would not execute.

It seems like a third party to me... but I wanted to rule out other possibilities first.

Thanks for the response...

#4 rotor123

rotor123

    Forum Addict

  • Moderator
  • PipPipPipPipPipPip
  • 5,369 posts
  • Gender:Male
  • Location:New Jersey

Posted 27 June 2012 - 03:14 PM

I'm going to suggest going here to the Am I Infected forum which is my suggestion for your problem.
http://www.bleepingcomputer.com/forums/forum103.html

My laptop seems to be laggy and runs hot, at times it's hotter than other times. It also runs loud.

Many time Malware can change settings to prevent you taking certain actions. For example it may disable the Taskmanager where you get a message such as: Task Manager has been disabled by your administrator.

Good Luck
Roger

Edited by rotor123, 27 June 2012 - 03:20 PM.

My next Upgrade, USB 3 on my remaining desktop. The only External storage devices I currently Buy are USB3 devices
How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
My first Computer had a Whopping 16K of memory @ 0.89MHz. My first hard drive held 20 Megabytes and never filled up.
My Oldest Motherboard and Hard Drive are a 80286 @ 8Mhz and a Seagate 20 Megabyte MFM drive.  
Forum Rules, The BC Welcome Guide

Back to AntiVirus, Firewall and Privacy Products and Protection Methods


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. AntiVirus, Firewall and Privacy Products and Protection Methods
  4. Privacy Policy
  5. Rules ·