Target Audience
- Networking / Security professionals
- System Admins
- The curious
Concepts Covered
- Connecting to and manipulating the registry
- A *Glaring* hole in the Windows GPO implementation
Introduction
First of all, let me say that the use of this program can violate any terms of service or usage policies that are in place at your organization. Please seek permission prior to use, and use this program for testing/proof-of-concept only.
Background
This program was written to demonstrate that even in a Windows domain where Internet Explorer settings are locked down with a GPO, even a basic user ('users' group) can override the GPO setting that forces the use of a proxy server. This can be useful if you are on a public computer that uses a proxy server to filter URLs. This program cannot bypass filtering that uses WCCP or the like to redirect Web traffic at the gateway.
Using the Code
This code is really very simple. All that is required, is that you change a registry setting in the HKEY_CURRENT_USER
hive. (ntuser.dat in the user's profile) All users have the rights to write to this hive, as it stores only the logged in user's settings. This holds true even if the GUI settings are inaccessible due to GPO lock down. Since there is so little code required, I have included the whole application's source:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using Microsoft.Win32;
namespace proxyViolater
{
public partial class Form1 : Form
{
bool alert = false;
public Form1()
{
InitializeComponent();
checkProxy();
alert = true;
}
private void checkProxy()
{
RegistryKey proxy = Registry.CurrentUser.OpenSubKey(
"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", true);
int enabled = int.Parse(proxy.GetValue("ProxyEnable").ToString());
if (enabled == 1)
{
lblStatus.ForeColor = Color.Red;
lblStatus.Text = "Enabled";
}
else
{
lblStatus.ForeColor = Color.Green;
lblStatus.Text = "Disabled";
}
}
private void btnEnable_Click(object sender, EventArgs e)
{
RegistryKey cUser = Registry.CurrentUser.OpenSubKey(
"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", true);
cUser.SetValue("ProxyEnable", 1);
checkProxy();
}
private void btnDisable_Click(object sender, EventArgs e)
{
RegistryKey cUser = Registry.CurrentUser.OpenSubKey(
"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", true);
cUser.SetValue("ProxyEnable", 0);
checkProxy();
}
private void lblStatus_TextChanged(object sender, EventArgs e)
{
if (alert)
{
MessageBox.Show("Please restart all open browsers for
proxy change to take effect.");
}
}
private void timer1_Tick(object sender, EventArgs e)
{
checkProxy();
}
}
}
Points of Interest
It seems like a pretty big hole to me. Let me know if any of you can think of a workaround that would block this behavior using integrated Windows or Active Directory methods.
History
- 25th March, 2008 - Initial post
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.