Security: Defeating Device Lock

You know, I must admit a bit of shock at how easy this was. I had an issue come up where I needed to create an Emergency Repair Disk from a system I had cloned into a VMWare instance. The problem was that the partition didn’t clone 100 percent, and there were errors that kept it from booting. When I went back to the source system, DeviceLock was keeping me from creating the repair disk.

For those of you who don’t know, DeviceLock is an attempt to create a little bit of physical security on a system by denying access to local devices based on domain policy restrictions. In order to get access to a device, you must be on the White List. This includes CD-Rom drives, USB devices, and unfortunately, floppy drives. It is a very powerful little application since everything is managed at a domain level in the implementation rolled out locally, and uninstallation, service deactivation, and such is not possible unless you are on a list of Administrator users. If your at all concerned with users removing information via sneakernet, its not a bad solution. But all is not lost, for it is the ever possible realm of physical security that allowed me to circumvent this little application.

The chink in the armor here is the inability to prevent a user from booting from an alternative media, in this case, an external Windows Live CD I happen to have (I couldn’t possibly tell you which one it is unfortunately since I grabbed it from another individual, but I am under the assumption that it is BartPE, which would work well here). Once booted into the LiveCD, I simple “moved” the following 4 files:

C:\WinNt\System32\DLService.exe
C:\WinNt\System32\DlTray.exe
C:\WinNt\System32\DLTempAccess.dll
C:\WinNt\System32\DLService.rpt

That’s it. Once I rebooted, I had full access to my devices again. I still couldn’t uninstall, but oh well, for my purposes I was able to do what I needed.