Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Friday, July 22, 2011

Can a user use an old copy of their registry to override Group Policy?

This is a real interesting one from my 6419B class in May.  During our discussion on Group Policy, I was asked a “hacking question” as it was put.  If the user had a copy of their registry before a GPO was applied, can they import that copy and override the GPO?

To test this one out I exported a copy of a client GPO that had a standard user logged in on it and saved it to the desktop.  I then created and applied a GPO the removed the Recycle Bin from the desktop.  Once applied, the Recycle Bin was removed from the desktop.  We then imported the backed up registry and received this error:

Cannot import C:\Users\adam\Desktop\MyReg.reg: Not all data was successfully written to the registry.  Some keys are open by the system or other processes.

The GPO held and the registry was unaltered.

No comments: