Blocking/modifying NETLOGON scripts coming from PDC?
/usr/ceo
the domain (this is common of course) and these logon scripts launch IE
automatically (so we can see the company news on the home page.) It
burns me up because my employer insists on doing this even though
everyone in the company complains about it and has made an appeal to
end this idiotic practice. (In my opinion, it's the electronic
equivalent to someone coming in your cube every morning at 9AM, rudely
interrupting whatever you are working on, and shoving a memo in your
face saying, "HERE!!! READ THIS ***NOW***!!!!")
I've considered a number of ways to stop this, but it really is a bit
problematic because the origination does come from the logon script,
not a Run reg key poke or anything else like that that is locally
controlled. (I've researched this, so I know this is the case.) I've
considered:
1) Packet mangling: Intercept the packet at the network level with the
script code, and "rem" out the command in the login script
2) Modifying my command shell (custom COMSPEC) to intercept running the
script or altering the script
3) Creating my own replacement iexplore.exe and setting up a flag
system locally so that IE aborts unless it's flagged by me to run
All of these are a bit problematic. I'm leaning toward something
inbetween (1) and (2) above or something that would facilitate that.
Does anyone know of anything that allows one to flag certain commands
in the command interrepter and tell them NOT to run? I'm talking about
something that would operate about like Kerios or Tiny Firewall does at
the network level only on command scripts. I hope this makes sense.
The premise is this: Even though the command comes from the PDC, it's
still using resources on my side to run it (eg. cmd.exe, etc.) So
there has to be a way to intercept and block this kind of nonsense.
Anyone? I'd love to hear any suggestions anyone has. I really don't
want to have to write something to do the above, but I'm fed up with it
enough to consider doing it.
Thanks,
/usr/ceo