XP Home and SRP - is it working?

Discussion in 'other security issues & news' started by Sully, Mar 7, 2009.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I have installed gp on xp home using the .cmd file and xpsp3, as mentioned in various places here. It gives xp home the option to use gpedit.msc. I made some rules in there, using the reg tweak for 'Basic User'. I then set path rules for browsers etc, and the permission was set to 'Basic User'. Some other items I set up as disallowed.

    I was visiting that computer today, and having been messing with SAFER registry settings in xp/vista, decided to take a peek. Much to my suprise, the items listed in gpedit, were not in the registry. Indeed, a little more playing revealed that while the gp was housing SRP rules, the registry was not, which meant the rules did nothing.

    I generated some GUID's for the rules I wanted, deleted the existing ones using gpedit, and then merged .reg files to create them. Now it works fine after a logoff.

    So I am wondering, for those of you who might have used xp home and applied the fix for it to have a gp, have you verified it works? Have you examined your registry to see the values exist?

    Sul.
     
  2. tlu

    tlu Guest

    Sully, did you install pcwXPProme as mentioned in a later post in this thread? It's needed.

    BTW: Wouldn't it make sense to ask that question in that thread instead of discussing it in a new one?
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    tlu, yes that is exactly what I have used. Although I went ahead and modified the .cmd file and saved it as different name for future use (english replacements for german that were noted somewhere in that thread).

    As far as putting it in that thread, there are 6 pages and 148 posts. I thought about putting it there, or even in Lucy's thread regarding registry SRP settings. I guess I figured it would get noticed here an not lost in such a large post like yours.

    So, you have used that method, and used gpedit.msc to create path rules, and found them also to exist in your registry?

    Sul.
     
  4. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Ok, if you want to apply the rules you made in gpedit, you need to execute this:

    gpupdate /force

    (I have to do this on my XP Home machine)
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    ?? gpudate does not perform in xp when installing the gp as per the thread tlu indicated. Did I miss something somewhere? I already tried gpudate before, but thought it was not part of what was installed onto xphome.

    Sul.
     
  6. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    What I read elsewhere on this forum is that SRP is not suitable for Windows XP HOME EDITION. Maybe you can work around that, but if you don't want to mess with the registry or make other 'expert' tweaks that can cause problems in the future it's probably better not to use SRP.

    On the other hand, I have never tried it myself.
     
  7. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Well, xp itself looks for SRP rules when creating processes, so wether or not it is suitable for xp home is still a question to be answered. If the same 'checks' are being made in xp home by default that are made in xp pro, then technically the only thing missing would be the registry values to engage it.

    Yes, I like to call it 'hacking' the registry lol. Just because the registry is so contorted and flaky at times, it feels more like hacking that tweaking. I have no problem doing registry work, and I don't imagine that much can go wrong when utilizing SRP in the manner most peeps do it, unless you add the wrong rules to the restricted. And at that, a safe mode boot allows it to be sorted out easily.

    But, I do hear what you are saying. Novice users would need some help, or take a crash course in registry 'tweaking'. ;)

    Sul.
     
  8. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    On XP or 2003 go to Start\Run and type in Gpupdate /force

    Syntax
    gpupdate [/target:{computer|user}] [/force] [/wait:value] [/logoff] [/boot]

    You can find it here (if you don't have it in system32 folder):
    http://www.4shared.com/file/60637937/2123d769/gpupdate.html

    Fly, SRP is perfectly suitable for XP or VISTA Home, but M$ decided not give users the tools to set it up.
     
  9. tlu

    tlu Guest

    Yes, it works perfectly on my machine. Perhaps an error happened when you made the changes for your non-German system?

    EDIT: I've checked it again by adding a new path in gpedit, and - voilà - the new path is added in the registry, too. So I can confirm that it works.
     
    Last edited by a moderator: Mar 8, 2009
Loading...
Thread Status:
Not open for further replies.