I have a dilema. I need to intentionally mess up a OS.
I need to push a policy in McAfee ePO to disable a XP machine on the Down Low. I need to do this so that the Remote person using the Laptop/Desktop will call Support and support will then have them send in there equipment. We need this done so that we can perform forensics on the Drive and then send it back out to the person without them knowing that we ( security Team ) looked over there drive. Yes the equipment belongs to us. ( The Company)
What i have tried so far.
I created a policy that said ntldr and ntdetect were unwanted programs and to delete them. Well it did delete them but they came right back. Im assuming that is because they are protected files within windows.
I tried the same with explorer.exe but that didnt work at all.
I then tried blocking read/write access to the c:\Documents and Settings\userprofile
this worked sorta, it basically removed the start button and the start menu was blank all together when you hit the Windows Key on the Keyboard, this could work.
Im looking for other ideas of files that may not be protected that can be deleted that will render the computer useless to the user but also easily fixable one here at support.
I am using the McAfee e Policy Orchestrator 4.5 to push down these policies.
I am open to any and all suggestions.
Force Patch 3 on to the system AND
This will possibly stop Explorer from running after the next reboot.
Mcafee has released a KB for this = > KB68448
Explorer.exe fails to load after installing Patch 3 for VirusScan Enterprise 8.7i