GPEdit ByPass

Posted on 2006-04-28
Last Modified: 2013-12-04
Hey Hey,

i have Question , may some expert answer this ? this Article is right or false, but with explanation ?!


You can bypass GPEdit very easy.

You must search in taskmgr for Current User programs, like:
ypager.exe or iexplorer.exe

You must rename your file to ypager.exe or iexplorer.exe, after do this, your program run very easy.

If you write a trojan and you want execute binded file or other things, you must use from WinExec command, This command can execute all programs without any locks.
Some cafenets and other places by change gpedit settings can lock exe in windows, and you can't run your execute files.

When you want lock a exe file by gpedit, you need only process name without any path and address. (this is gpedit bug)

You can change your new files to ypager.exe,iexplorer.exe and other files in tasklist (current user).

When your file name changed to ypager.exe or other names, your file can be run.

but guys, i need Security Explanation, thanks
Question by:tourajam

    Author Comment

    there is no person to answer this question ? ???????????
    LVL 51

    Accepted Solution

    Its an interesting point and yes, if the administrator of your system has allowed you read/write access to these areas (where the executables reside) it is obviously possible.

    It is no different, in part, to the fact that even with a locked down system, a user can install a 16-bit application on to his PC as it will likely use an .ini file as a control rather than make alterations to your registry.

    The bottom line is that group policies do not work in isolation; you have to use them as part of your security strategy. Your example is a perfect case in point. there is no use in locking down users to using iexplorer.exe in the group policy if you have not locked down permissions on the executable itself at the same time.

    Although it is a little simplistic, I run a check at logon for a number of executables that just checks date time stamps. if they are wrong, the app is copied down from the source location on my servers and overwrites the incorrect file. Dirty but effective.

    At my work, we use the security permissions so that the user cannot get write access to the apps and dll's nor can they update the computer-element of the registry. This process negates the article you have highlighted.


    Author Comment

    LVL 51

    Expert Comment

    by:Keith Alabaster
    thanks :)

    Author Comment

    if someone have any idea !
    can send here :

    hope adiministrator of expert exchange not remove this link.

    This article also writed by Mehrdad admin of

    Featured Post

    Scale it in WD Gold

    With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

    Join & Write a Comment

    The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    This video discusses moving either the default database or any database to a new volume.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now