• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Blocking SCCM?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows

View previous topic :: View next topic  
Author Message
LazyD
Just Arrived
Just Arrived


Joined: 17 Nov 2009
Posts: 0


Offline

PostPosted: Tue Nov 17, 2009 2:44 pm    Post subject: Blocking SCCM? Reply with quote

Hello,

First post here, looks like a good site.

I know that it can be relatively simple to block group policy on a client given that the local admin password is known, but can SCCM also be blocked on the individual client by a user who is aware of the admin password? For example so that software deployed via sccm would not install? I've looked in the articles section for something on this but can't find anything, if anyone knows any good articles on this I would appreciate that, explaining the whole process, what services need to run on the client etc.

Thank you!
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Wed Nov 18, 2009 2:37 am    Post subject: Reply with quote

So you are hoping that having invested enormously in a piece of software someone will have written detailed articles telling you how to prevent it from working properly?

Hmmm.

I suspect it is possible to do this if indeed you have local admin rights, but then I would also hope that a company spending money on SCCM would have invested some time as well to better control who has admin rights or can find out a local admin password.
Back to top
View user's profile Send private message Visit poster's website
LazyD
Just Arrived
Just Arrived


Joined: 17 Nov 2009
Posts: 0


Offline

PostPosted: Wed Nov 18, 2009 12:11 pm    Post subject: Reply with quote

Quote:
So you are hoping that having invested enormously in a piece of software someone will have written detailed articles telling you how to prevent it from working properly?

Well, yes. Why not? People have written detailed articles on circumventing other types of security and deployment techniques.

Of course the company controls who has access to local admin rights but as an IT professional there are scenarios when I would not want group policy and sccm to work on a client for purposes that are beyond the scope of this thread. To put it briefly, I work for a local education authority and connect to government backbone networks, we are heavily regulated and required to comply with strict rules which often rule out the possibility of testing software and other purposes (and also often rules out the possibility of just using clients in what most techs would consider a "normal" manner, can't do anything on these networks). The network environment is split amongst a vast bureaucracy of government departments, local governement and public private partnerships. Although I do not have access to the sccm managment console for the particular domain in which I am presently working I do have permission to test blocking of gp (which is done) and sccm. Trust me, that was the brief version.

Anyone else?
Back to top
View user's profile Send private message
ThePsyko
SF Mod
SF Mod


Joined: 17 Oct 2002
Posts: 16777178
Location: California

Offline

PostPosted: Wed Nov 18, 2009 6:18 pm    Post subject: Reply with quote

How long do you need it blocked for? I haven't used SCCM but a brief look into what I think you're trying to do led me to the ccmexec service, which can be stopped and/or disabled - effectively preventing contact between the client and server.
Back to top
View user's profile Send private message Send e-mail
LazyD
Just Arrived
Just Arrived


Joined: 17 Nov 2009
Posts: 0


Offline

PostPosted: Thu Nov 19, 2009 6:29 pm    Post subject: Reply with quote

Thanks, I'll try to rename ccmexec.exe and see how that goes.
Back to top
View user's profile Send private message
LazyD
Just Arrived
Just Arrived


Joined: 17 Nov 2009
Posts: 0


Offline

PostPosted: Thu Apr 29, 2010 10:02 am    Post subject: Reply with quote

Renamed:

ccmexec.exe
ccmrepair.exe
ccmrestart.exe

With .old on the ends. They all got recreated again and sccm continued to work. How could I get them to stop being recreated?
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register