Group policy for updating registry on client computers

Note: Alternatively you could just add the name of the user or group you want to prevent from using USB storage devices. Now repeat the steps above and this time select “C:\Windows\Inf\Usbstor.pnf” You should see something like the images below in your group policy.

Now either way when users plug in a USB Storage devices into a computer it will prevent OS from seeing the device thus preventing the users from reading and writing to removable media.

To obscure the password from casual users, it is not stored as clear text in the XML source code of the preference item. Because the password is stored in SYSVOL, all authenticated users have read access to it.

Of course once they have the password of the account they can probably use that account which quite often has elevated privileges…

While in this post I have focused on the Local Users account password option this is not the only location that you can save a password.

This module enumerates the victim machine’s domain controller and connects to it via SMB.

It then looks for Group Policy Preference XML files containing local user accounts and passwords and decrypts them using Microsofts public AES key. Reference: https:// Any users that has the Meta Spoit tool installed on their computer and has an account on your domain can scan your Active Directory and decrypt the stored value of password in a Group Policy Preference .

Leave a Reply