5.1 Security Considerations for Implementers

The key security issues are as follows:

  • Help to ensure that the executable files run under the security context of the policy target.

  • Prevent spoofing that might allow a non-administrator of the computer to alter the behavior of the executable file.

  • Take into account that the data stored at the file system path of a script is to be secured to be writable only to GPO administrators. For scripts that are stored inside the GPO's file system path, this is covered by the security measures used to secure the GPO itself. If scripts are stored in user-defined locations outside the GPO, the administrator that configures the Group Policy: Scripts Extension Encoding is responsible for securing the script. Implementers can encourage the user to be mindful of this consideration through the user interface of administrative tools.

  • Note that any scripts or executable code configured to be executed by this protocol allow the administrators of the GPO from which the scripts were configured to become administrators on the computer or to invoke code in the context of a user that logs in to the client. The functionality of this protocol is one of the reasons that any administrators of a GPO have the capability of becoming administrators of the client computer.

  • When an executable file (as specified by <integer>CmdLine) has no path specified, the implementer searches for the executable file in trusted locations. An example, using Defrag.exe, is presented in section 4.