TrustNoExe should do the trick...
Can anyone tell me of a method i can use that'll stop the users running any *.exe, *.bat, *.cmd, etc; files that run from specific places?
For example, i'd like to stop them running things off their home directory, flash drives, physical optical drives (not virtual ones though).
Thanks in advance all. .
Questions i couldnt gather from the manual though:
1 - How can this be rolled out to every computer on the network without inputting the names of every computer?
2 - Is the app itself invisible to the user? As the manual mentions an applet that can be viewed in CP. Asuming CP access is disabled via GPO, i asume that the app doesnt appear anywhere else?
Last edited by boomam; 23rd January 2008 at 02:08 PM.
Ive had a play, program seems alright, but any changes i make i need to wack everything out manually.
Plus, every computer has different drive setups, some labs have card readers for example, and all have virtual CD roms, so banning 'h:' for example will mess up some programs.
Is there a way/another app, to do this via GP? So that its only applied to the kids/staff and not admins too?
We do have NSS, which can do 90% of what we want to do, but it cant stop users running programs off their home drive unfortunatelly.
And while im happy keeping it running 24/7, its not the most stable of programs for me unfortunatelly.
Last edited by boomam; 23rd January 2008 at 04:02 PM.
You can do this with 2003 R2 servers and GP... at least.... I did
Can't remember off hand what or where it is, but at least as far as the 2003 R2 servers go if they are the file server, its in File Restrictions or something similar in the Administrative Tools.
Don't happen to have 2003 R2 installed with it here so cant be specific but its a option to investigate possibly.
Certainly good for stopping .exe's and setups being run from a users home drive
There a lot of threads on software restriction policies/ SRP's.
Try this one: http://www.edugeek.net/forums/showthread.php?t=11315
I found trustnoexe to be buggy - caused lots of errors on my PCs. Although looks excellent, couldn't recommend it.
The policy is set per user, so it gets around the problem of admins being blocked, but also presents you with a potential problem if your drive letters are not consistent throughout. What you can do is push out USBDLM (again via a GPO IIRC) which will let you set specific letters for USB drives to use.
EDIT: It's always dangerous posting at 4pm - everyone else posts the same thing directly before you, making you look a bit simple.
Just looking at USBDLM now.
Is it possible to use a software restriction policy to block the drive letters that i set for usage for USB drives by default? Or is it more of a global thing?
There are currently 1 users browsing this thread. (0 members and 1 guests)