+ Post New Thread
Results 1 to 10 of 10
How do you do....it? Thread, Hiding executables in documents! in Technical; Ok, so we can prevent students running applications (you define what is considered an application) from their user areas/home drives/pen ...
  1. #1

    Join Date
    Apr 2008
    Posts
    64
    Thank Post
    10
    Thanked 2 Times in 2 Posts
    Rep Power
    13

    Hiding executables in documents!

    Ok, so we can prevent students running applications (you define what is considered an application) from their user areas/home drives/pen drives etc using a combination of Fileserver resource manager (2003 R2) and software restriction policies.

    But how do you guys stop students executing applications they've embedded in word (and potentially any office application or any other OLE capable app) documents?

    I figured the best way to do that was to identify where it launches from, and I find it points to docs & settings\username\local settings\temporary internet files\blah blah. So I figure I can use software restriction policies to restrict C:\Documents and Settings\.
    This works.... however... applications with shortcuts in docs and settings\all users\start menu or even desktop for that matter won't launch now... Alrighty, so now we'll create another software restriction policy, this time 'unrestricted' for docs and settings\all users - well, that's great... right?

    I admit I haven't tested many applications, however I do know of one application called InPage Urdu (some crazy app to type backards/in urdu) when launched appears to create/launch something in the users temp folder.

    So, what I'm interested in is have any of you guys got any suggestions/tips for how you stop students accessing executables?

  2. #2

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    I think you're going to find it very hard to do this :-(

    The other approach is to basically whitelist apps which you do want to run - you can create a hash rule for each app you want to allow; this basically checks any file being run and makes sure that it matches the files you want to allow.

    Downside of this is that it's hard work to set up - you have to create a hash for every executable (and I'm guessing that every time something get's patched that the rules need upating)

  3. #3

    Join Date
    Apr 2008
    Posts
    64
    Thank Post
    10
    Thanked 2 Times in 2 Posts
    Rep Power
    13
    Thanks but I think I have it working now, it was easier than I expected.
    I'm sure I will find out in the next few days if I've broken any other software with these policies. I have attached a screenie;
    Attached Images Attached Images

  4. #4

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,708
    Thank Post
    906
    Thanked 1,322 Times in 803 Posts
    Blog Entries
    1
    Rep Power
    445
    Can you just use GP to turn macro security up?
    Wouldnt that prevent it?

  5. #5
    PEO
    PEO is offline
    PEO's Avatar
    Join Date
    Oct 2007
    Posts
    2,093
    Thank Post
    457
    Thanked 150 Times in 95 Posts
    Rep Power
    72
    I'm supprised A-Virus desent pick the documents up as a potential virus.

    A diffrent approuch would be to target the people you know who are doing this and make an example out of them.

  6. #6

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    Quote Originally Posted by PEO View Post
    A diffrent approuch would be to target the people you know who are doing this and make an example out of them.
    I think this is always the best policy - you can spend your life trying to find technical solutions to what are actually people problems!

    One I can see with this is that if the kids work out what's going on, they'll just plug in a USB Hub with 4 USB memory sticks so that they get a "drive G:" etc. Not sure if this would be allowed (it's not explicitly blocked) but I *think* it is ...

  7. #7
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,201
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    I think you'll find banning the embedded flash very hard it's been discussed in a few threads and the only way that really works is turning off vb support which also stops macros running.

    http://www.edugeek.net/forums/ffs/12...-file-ffs.html

  8. #8

    Join Date
    Apr 2008
    Posts
    64
    Thank Post
    10
    Thanked 2 Times in 2 Posts
    Rep Power
    13
    I'm not too worried about embedded flash, they are taught to use flash unfortunately. Executables were all I was really worried about, it's something that's always bugged me tbh.

    Currently students cannot access any pen drives, but I'm trying to do all I can to protect things in preperation for enabling pen drives again.

  9. #9

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,235
    Thank Post
    55
    Thanked 278 Times in 186 Posts
    Rep Power
    134
    Quote Originally Posted by cookie_monster View Post
    I think you'll find banning the embedded flash very hard it's been discussed in a few threads and the only way that really works is turning off vb support which also stops macros running.

    http://www.edugeek.net/forums/ffs/12...-file-ffs.html
    One of my clever techs has written a nice little vb that loads automatically and scans through all the worksheets and deletes any flash games it finds - its not perfect, but its enough to stop most things.

  10. #10
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,201
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Ahem care to share it

SHARE:
+ Post New Thread

Similar Threads

  1. hiding the network option in the GO menu
    By goodhead in forum Mac
    Replies: 5
    Last Post: 12th July 2010, 11:36 AM
  2. Blocking ALL Executables in Students Home Directory
    By markwilliamson2001 in forum Windows
    Replies: 31
    Last Post: 9th March 2010, 08:51 AM
  3. Moodle - Hiding Courses
    By binky in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 29th April 2008, 09:05 PM
  4. hiding inte/ and nvidia grahics tray icons`
    By humpda in forum Windows
    Replies: 3
    Last Post: 23rd September 2007, 03:04 PM
  5. Pupil hiding files
    By Geoff in forum Windows
    Replies: 15
    Last Post: 11th May 2007, 02:29 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •