Yes, I broke the rules
I admit it, I broke the rules. I couldn’t help it because it was just too much of a coincidence. What?, you may be asking. I got on the Internet at the local library using a computer that “doesn’t have access to the Interet” (according to the sign).
They had the Windows XP Pro system setup as a kiosk in order to look up books. All the programs were removed from the Start menu. All the icons on the desktop were gone except for the card catalogue program. I was able to get on the Internet because they obviously didn’t read my last two articles about controlling application access via Windows Group Policies. 
That is what is the coincidental part because I just wrote those articles and here was a chance to prove that all aspects must be followed to prevent access to programs they don’t want to be ran.
The systems were semi-locked down so that the Run command was removed from the Start menu and prevented from being called by pressing the Windows key + R. What they failed to do was prevent access to the Windows Explorer. Just to see if it would work, I right-clicked on the Start button and was able to choose Explore All Users. With Windows Explorer open, I simply had to type in the web address (I used Yahoo!) and I was connected.
I closed out of IE and tried creating a shortcut on the Desktop. Sure enough, that also worked. They didn’t remove the ability to get the context menus. I was able to create a shortcut to IE and to the C: drive. Yes, I deleted both before I walked away from the computers.
While I was looking at the root directory (C:), I found how they locked down the computers. They were using Tweak UI. I had to wonder why they weren’t using Group Policies because they log on to a domain and I know the county uses a Windows 2000 domain (previous job interview).
I’m going to try and contact the IT manager for the county and let him know what I was able to do, why I was able to do it and give him a copy of my articles as a helper on locking down the kiosk systems. 
(ok, not the last part but I will let him know how to do it if he doesn’t know) I know I’d want someone to tell me if they were able to do something they weren’t supposed to be able to do because that could be a security risk.
The card catalogue program is proprietary and it appears to use IE as a backend. There may be a way to run it in kiosk mode like you can run IE in kiosk mode. If not, they can use use the GP to only allow access to the catalogue application.
28.Jun.05 
General
You can leave a response, or trackback from your own site.
6 Responses to “Yes, I broke the rules”
Leave a Reply
- wyckedone.net
F/OSS
Free Antivirus
Free Firewall
Free Utilities
Links
Tech Articles
Tech Boards
This site runs on
I played aroud with a kiosk at Circuit City once. It was set up to go directly to one webpage at boot and stay there. I think it was something about finding DSL in your area. You could close the program with task manager, but it would restart about 5 seconds later. So I typed http://www.google.com in one of the entry fields, highlight, right click->copy, shut the program off, clicked start->run, right click->paste, and hit enter. Once IE was running, the auto-program wouldn’t start and I had internet with no sites blocked.
What you can do when you’re bored…
Unfortunately you’re both hackers and that’s how the courts are ruling too. There’s no such thing as white-hat hackers – you’re all the same. Real IT folks understand that.
How is this hacking? I was using the machine to browse webpages which is what it was set up for. I just wanted to look at more than that one stupid webpage that it was stuck on.
WOOOOO! Time to get the t-shirt. Or, I could get this one so I could wear it at work.
Over at the local college. They had locked down changing a desktop’s wallpaper. But all the computer’s had firefox installed. So I just right clicked and picked “set as wallpaper”. So talk about a stupid policy. I had to guess the local admin password so I could change it back. Took me about five minutes to do so. The password is the name of the school and “NT4.0″….a really hard to figure out.
Extending a helping hand makes it easy to cut off.