If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Prevent Windows Explorer DLL Searching in UNC home Folder?
I'm investigating some response issues with Windows Explorer when a user's
home drive is mapped to a network share. During my network captures I see that if I launch a local program, such as Calculator or Word 2003, that it performs several queries to my home drive looking for wshenv.dll. If I'm in Windows Explorer and click on an Excel file to open it, for example, then I see several queries for shell32.dll in my home directory. I've enabled the safedllsearchmode and safeprocesssearchmode, but I'm still seeing these DLL queries. In addition I enabled the StartRunNoHomePath option as well. However, per KB 264061 if the HOMEDRIVE path is defined it will still be searched. I confirmed this variable is defined, which explains why this didn't help prevent the searches. This also seems to present some security risk, as a user could place a DLL in their home folder and Explorer would possibly run it given that it searches there very frequently. One of our goals is to minimize WAN traffic. And as far I can tell, these queries are not useful and just put extra traffic on the WAN whenever anyone starts a program or clicks on a file. Any ideas on putting a damper on all DLL searches in a user's home folder? This is with Windows XP SP2 in a domain environment. |
Ads |
#2
|
|||
|
|||
Prevent Windows Explorer DLL Searching in UNC home Folder?
IT Guy wrote:
I'm investigating some response issues with Windows Explorer when a user's home drive is mapped to a network share. During my network captures I see that if I launch a local program, such as Calculator or Word 2003, that it performs several queries to my home drive looking for wshenv.dll. If I'm in Windows Explorer and click on an Excel file to open it, for example, then I see several queries for shell32.dll in my home directory. I've enabled the safedllsearchmode and safeprocesssearchmode, but I'm still seeing these DLL queries. In addition I enabled the StartRunNoHomePath option as well. However, per KB 264061 if the HOMEDRIVE path is defined it will still be searched. I confirmed this variable is defined, which explains why this didn't help prevent the searches. This also seems to present some security risk, as a user could place a DLL in their home folder and Explorer would possibly run it given that it searches there very frequently. One of our goals is to minimize WAN traffic. And as far I can tell, these queries are not useful and just put extra traffic on the WAN whenever anyone starts a program or clicks on a file. Any ideas on putting a damper on all DLL searches in a user's home folder? This is with Windows XP SP2 in a domain environment. I'm not really sure I see where the problem is, but why not stop using home directories entirely? You don't need them anymore - they're archaic. Just use folder redirection. See How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003 \http://support.microsoft.com/kb/274443 ....although I'm not sure where the WAN enters into it. You should have the home directories or redirected folders going to a local server. |
#3
|
|||
|
|||
Prevent Windows Explorer DLL Searching in UNC home Folder?
IT Guy wrote:
I'm investigating some response issues with Windows Explorer when a user's home drive is mapped to a network share. During my network captures I see that if I launch a local program, such as Calculator or Word 2003, that it performs several queries to my home drive looking for wshenv.dll. If I'm in Windows Explorer and click on an Excel file to open it, for example, then I see several queries for shell32.dll in my home directory. I've enabled the safedllsearchmode and safeprocesssearchmode, but I'm still seeing these DLL queries. In addition I enabled the StartRunNoHomePath option as well. However, per KB 264061 if the HOMEDRIVE path is defined it will still be searched. I confirmed this variable is defined, which explains why this didn't help prevent the searches. This also seems to present some security risk, as a user could place a DLL in their home folder and Explorer would possibly run it given that it searches there very frequently. One of our goals is to minimize WAN traffic. And as far I can tell, these queries are not useful and just put extra traffic on the WAN whenever anyone starts a program or clicks on a file. Any ideas on putting a damper on all DLL searches in a user's home folder? This is with Windows XP SP2 in a domain environment. I'm not really sure I see where the problem is, but why not stop using home directories entirely? You don't need them anymore - they're archaic. Just use folder redirection. See How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003 \http://support.microsoft.com/kb/274443 ....although I'm not sure where the WAN enters into it. You should have the home directories or redirected folders going to a local server. |
Thread Tools | |
Display Modes | |
|
|