+ Post New Thread
Results 1 to 9 of 9
Network and Classroom Management Thread, CC3 Software Restriction Policy in Technical; We run a vanilla 2003 / XP setup and have recently started to look at using software restriction policy. I'm ...
  1. #1
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75

    CC3 Software Restriction Policy

    We run a vanilla 2003 / XP setup and have recently started to look at using software restriction policy.
    I'm wondering if RM enable this as a black or white list and if it's configured as a whitelist how hard it is to manage and configure?

    We currently have a students GPO with desktop settings and software restrictions configured as a blacklist, the restrictions are all listed in this one policy is that the standard RM/Windows way or should multiple GPO's be used?

    Any input welcome.

    Thanks.

  2. #2
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    890
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32

    Re: CC3 Software Restriction Policy

    Disallowed is the security level used in one GPO. There are then path rules to unrestrict execution on the systemdrive, then variour rules to disallow and unrestrict as required.

  3. #3
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75

    Re: CC3 Software Restriction Policy

    Thanks for the reply

    Are these all set in the user policy or can restrictions be applied to computers as well? If both which would you recommend in a typical education setup with very specific groups/GPOs like teacher/student.

    Cheers.

  4. #4
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    890
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32

    Re: CC3 Software Restriction Policy

    Software restriction policies are computer only settings.

  5. #5
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75

    Re: CC3 Software Restriction Policy

    No i don't think so i have them working just fine in user policy this has the benefit that i can ban applications for students but not for teachers.

  6. #6
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    890
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32

    Re: CC3 Software Restriction Policy

    Ah yes, apologies. I think it used to be the case, but may have changed since 2003 or an SP?

  7. #7
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75

    Re: CC3 Software Restriction Policy

    Does CC3 allow .exes to be run from the users local temp folder?

    C:\Documents and Settings\%username%\Local Settings\Temp

    I've noticed that when xp unzips an exe it sends it to a temp folder and executes it from there which gets around R2's file screen and path rules. I've created an exe restriction policy on this folderwhich works but i'm wondering what impact this might have on applications.

  8. #8
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    890
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32

    Re: CC3 Software Restriction Policy

    Afaik, it's the same on C3 as it is on vanilla. You need to add the path rule to prevent users executing from this temp location.

    Applications shouldn't be executing from there. I've only seen it negatively effect one bad application, which would extract itself and it's files at runtime to this location then execute it. An unrestricted hash rule resolved this though.

  9. #9
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75

    Re: CC3 Software Restriction Policy

    That was my thinking as well so i'll see how it goes.

    Cheers.

SHARE:
+ Post New Thread

Similar Threads

  1. Software restriction policy, half working?
    By FN-GM in forum Windows
    Replies: 13
    Last Post: 10th December 2007, 12:22 PM
  2. Software Restriction Policy
    By cookie_monster in forum Windows
    Replies: 2
    Last Post: 27th November 2007, 12:54 PM
  3. Software Restriction Policy (w2k3) - path question
    By indiegirl in forum How do you do....it?
    Replies: 5
    Last Post: 19th October 2006, 05:05 PM
  4. Software Restriction Policy (w2k3) - path question
    By indiegirl in forum How do you do....it?
    Replies: 0
    Last Post: 19th October 2006, 10:11 AM
  5. GPo - Software Restriction Policy
    By Gatt in forum Wireless Networks
    Replies: 26
    Last Post: 23rd January 2006, 01:53 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •