+ Post New Thread
Results 1 to 8 of 8
How do you do....it? Thread, Program security. in Technical; Hi. Can anyone tell me of a method i can use that'll stop the users running any *.exe, *.bat, *.cmd, ...
  1. #1

    Join Date
    Nov 2007
    Posts
    554
    Thank Post
    3
    Thanked 3 Times in 3 Posts
    Rep Power
    16

    Program security.

    Hi.
    Can anyone tell me of a method i can use that'll stop the users running any *.exe, *.bat, *.cmd, etc; files that run from specific places?

    For example, i'd like to stop them running things off their home directory, flash drives, physical optical drives (not virtual ones though).

    Any ideas?

    Thanks in advance all. .

  2. #2

    Join Date
    Feb 2006
    Location
    Derbyshire
    Posts
    1,381
    Thank Post
    181
    Thanked 211 Times in 171 Posts
    Rep Power
    65
    TrustNoExe should do the trick...

    http://beyondlogic.org/solutions/tru...ust-no-exe.htm

  3. #3

    Join Date
    Nov 2007
    Posts
    554
    Thank Post
    3
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Quote Originally Posted by OutToLunch View Post
    Interesting app that looks ideal.
    Questions i couldnt gather from the manual though:
    1 - How can this be rolled out to every computer on the network without inputting the names of every computer?
    2 - Is the app itself invisible to the user? As the manual mentions an applet that can be viewed in CP. Asuming CP access is disabled via GPO, i asume that the app doesnt appear anywhere else?

    Thanks. .
    Last edited by boomam; 23rd January 2008 at 01:08 PM.

  4. #4

    Join Date
    Nov 2007
    Posts
    554
    Thank Post
    3
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Right.
    Ive had a play, program seems alright, but any changes i make i need to wack everything out manually.
    Plus, every computer has different drive setups, some labs have card readers for example, and all have virtual CD roms, so banning 'h:' for example will mess up some programs.

    Is there a way/another app, to do this via GP? So that its only applied to the kids/staff and not admins too?

    We do have NSS, which can do 90% of what we want to do, but it cant stop users running programs off their home drive unfortunatelly.
    And while im happy keeping it running 24/7, its not the most stable of programs for me unfortunatelly.

    Thanks. .
    Last edited by boomam; 23rd January 2008 at 03:02 PM.

  5. #5
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    29
    You can do this with 2003 R2 servers and GP... at least.... I did

    Can't remember off hand what or where it is, but at least as far as the 2003 R2 servers go if they are the file server, its in File Restrictions or something similar in the Administrative Tools.

    Don't happen to have 2003 R2 installed with it here so cant be specific but its a option to investigate possibly.

    Certainly good for stopping .exe's and setups being run from a users home drive

    Nath

  6. #6
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,985
    Thank Post
    268
    Thanked 52 Times in 46 Posts
    Blog Entries
    2
    Rep Power
    47
    There a lot of threads on software restriction policies/ SRP's.

    Try this one: http://www.edugeek.net/forums/showthread.php?t=11315

    I found trustnoexe to be buggy - caused lots of errors on my PCs. Although looks excellent, couldn't recommend it.

  7. #7
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34
    Quote Originally Posted by boomam View Post
    Right.
    Ive had a play, program seems alright, but any changes i make i need to wack everything out manually.
    Plus, every computer has different drive setups, some labs have card readers for example, and all have virtual CD roms, so banning 'h:' for example will mess up some programs.

    Is there a way/another app, to do this via GP? So that its only applied to the kids/staff and not admins too?
    If you search the forums for Software Restriction policies you will find a lot of advice on how to do that sort of thing via GP. You can set it up to deny by default or allow, and then set up exceptions. We have it set to deny be default - after a couple of weeks we'd found all the wacky locations the legitimate software had installed to.

    The policy is set per user, so it gets around the problem of admins being blocked, but also presents you with a potential problem if your drive letters are not consistent throughout. What you can do is push out USBDLM (again via a GPO IIRC) which will let you set specific letters for USB drives to use.

    EDIT: It's always dangerous posting at 4pm - everyone else posts the same thing directly before you, making you look a bit simple.

  8. #8

    Join Date
    Nov 2007
    Posts
    554
    Thank Post
    3
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Just looking at USBDLM now.

    Is it possible to use a software restriction policy to block the drive letters that i set for usage for USB drives by default? Or is it more of a global thing?

SHARE:
+ Post New Thread

Similar Threads

  1. AUP logon acceptance program
    By mark in forum Downloads
    Replies: 10
    Last Post: 12th May 2010, 08:15 PM
  2. Free Database Program
    By SimpleSi in forum General Chat
    Replies: 4
    Last Post: 5th November 2007, 10:34 AM
  3. Replies: 6
    Last Post: 4th October 2007, 07:31 PM
  4. Open a program up on display 2
    By Jackd in forum Windows
    Replies: 3
    Last Post: 25th September 2007, 07:48 PM
  5. cli consul program needed
    By edie209 in forum Wireless Networks
    Replies: 3
    Last Post: 26th July 2006, 05:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •