Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Group Policy


  • Please log in to reply
3 replies to this topic

#1 Valdezdj

Valdezdj

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 22 June 2012 - 01:01 AM

Hello.

I have a stand alone XP pro computer that is not (as far as I know) part of a Domain.

I have found many indicators that my machine is being fed Group Policy from a Domain controller.

I would like to know how this could be when I have not attempted to join a Domain.

Perhaps someone could give me a reasonable explanation why all my OS settings, security, software firewall, registry and even spoofed MAC addresses appear to be set by Group Policy dispite the fact my computer is not (as far as I know) a member of a Domain.

Thanks.

-DJ

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 PM

Posted 22 June 2012 - 02:49 AM

So I assume you are in a LAN with domain controllers?

Did you check Computer Properties / Computer Name?
Does it say you are in a domain or in a workgroup?
And if you click the Change button, is the domain or workgroup radio button checked?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Valdezdj

Valdezdj
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 27 June 2012 - 02:24 PM

No. I'm not on a LAN with DC's. It's my little ole stand alone home computer.

The domain is not filled in. It is in the default setting WORKGROUP.

However, the admin accout doesn't have the rights it should and many references in log files indicating RAS, RemoteDesktopHelp, terminal services and a myriad of remote access references. The settings to turn off remotedesktop for instance are not available as if Group Policy removed them.

There are many indicators that the settings are all configured with a GP coming from somewhere.

When I first tried using GPEdit.msc it came up and showed lots of interesting settings that appear to have been
inherited from a Windows 2008 server. I don't own a Win2008 server.

During my perusal, the display suddenly blanked and the command gpedit.msc (DOS or RUN) would not execute.

It seems like a third party to me... but I wanted to rule out other possibilities first.

Thanks for the response...

#4 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:04:53 PM

Posted 27 June 2012 - 03:14 PM

I'm going to suggest going here to the Am I Infected forum which is my suggestion for your problem.
http://www.bleepingcomputer.com/forums/forum103.html

My laptop seems to be laggy and runs hot, at times it's hotter than other times. It also runs loud.

Many time Malware can change settings to prevent you taking certain actions. For example it may disable the Taskmanager where you get a message such as: Task Manager has been disabled by your administrator.

Good Luck
Roger

Edited by rotor123, 27 June 2012 - 03:20 PM.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users