GPCul8or is a tool through which you can circumvent the group policy set for you as a limited user. There exists a vulnerability within many group policy settings is that the applications at which they are directed enforce the settings.
This vulnerability was brought forth by Mark Russinovich of the Sysinternals. The tool that he designed was GPDisable. But, a year later, when Microsoft acquired Sysinternals, this tool was lost. You can still find an archived post about the same here.
A similar idea concept has been used for GPCul8or. This tool has been programmed by Eric Rachner. It is also open source. As the author puts it, ‘it is a quick & dirty little tool’, which is not configurable. It is a little program for bypassing certain group policy restrictions under Windows. It works by loading GPCul8r.dll into the process space of whatever program needs to bypass group policy. Once loaded, GPCul8r works by detouring calls to the ZwQueryValueKey function to see if the program is querying one of the keys related to a group policy setting we want to bypass. If so, GPCul8r returns STATUS_OBJECT_NOT_FOUND, thereby tricking the caller into thinking the key doesn’t exist.
Now, how do you install GPCul8or? Here is how:
1. Copy GPCul8r.dll and detoured.dll to a permanent location.
2. Use withdll.exe to launch regedit.exe with GPCul8r.dll & detoured.dll
mapped into its process space as follows:
c:> withdll /p:<full pathname of detoured.dll> /d:<full pathname of
gpcul8r.dll> regedit.exe
3. Edit HKLMSOFTWAREMicrosoftWindows
NTCurrentVersionWindowsAppInit_DLLs, adding both GPCul8r.dll and detoured.dll to the list of DLL’s.
Dowload the source here.
Related External Links
Searches leading to this post:bypass group policy windows 7, bypassing group policies, circumvent group policy with regedit, gpdisable source code, group policy bypass windows 7, windows 7 opt out of group policy
Comments on this entry are closed.