+ Post New Thread
Results 1 to 9 of 9
Windows Server 2000/2003 Thread, Restricting executables on a mapped drive in Technical; Hi, I am aware of how to restrict specific executables from being run using group policy but is there a ...
  1. #1

    Join Date
    Feb 2009
    Location
    UK
    Posts
    125
    Thank Post
    8
    Thanked 4 Times in 3 Posts
    Rep Power
    11

    Restricting executables on a mapped drive

    Hi,

    I am aware of how to restrict specific executables from being run using group policy but is there a way to blanket block all executables from running on a certain drive?

    For example I have users with mapped drive F:\. I don't want them to be able to run any executable files at all from this drive.

    Any help would be appreciated,

    Cheers.

  2. #2

    Join Date
    Jan 2008
    Posts
    37
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Thumbs up

    Hi, It's been a while since i have done this but i am sure you can specify a new path rule to disalow exe files via group policy also, be sure to include shortcuts also, if you do not do this the exe will still run regardles of what you policy says.

  3. #3

    Join Date
    Feb 2009
    Location
    UK
    Posts
    125
    Thank Post
    8
    Thanked 4 Times in 3 Posts
    Rep Power
    11
    Hi,

    Well, the path rule thing was what I was talking about, I've tried using wildcards for example F:\*.exe and that doesn't work. Specifying full file names does work but I want to stop any exe running on the F:\ drive, I don't want to have to keep adding new files as we find them.

  4. #4

    Join Date
    Sep 2008
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Files Screens

    Quote Originally Posted by speckled View Post
    Hi, It's been a while since i have done this but i am sure you can specify a new path rule to disalow exe files via group policy also, be sure to include shortcuts also, if you do not do this the exe will still run regardles of what you policy says.
    Hi 2003 RC2 has file screens that does this, I think!

  5. #5
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    871
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    35
    Yes, of course. You can do this via a particular GPO.

    Says if you had a student GPO, which has the logon script to pull down the mapped drives etc. In User Configuration -> Windows Settings -> Security Settings -> Software Restriction Policies. If you haven't already, create a policy (literally a couple of simple clicks, if i remember?). Then click Additional Rules.

    Right Click -> New Path Rule. Then, enter in a path (says you wanted to block them on the H drive, try H:\*.exe), make sure security level is "disallowed", click OK and head out of the gpo editor window.

    I hope that's right, lol!

  6. #6
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    37
    You need to install file server resource manager on your windows 2003 R2 / windows 2008 box. There you can config file screening.

    bio..

  7. #7
    artsaudi's Avatar
    Join Date
    Jan 2009
    Location
    Jeddah, Saudi Arabia
    Posts
    28
    Thank Post
    6
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by richardharris View Post
    Yes, of course. You can do this via a particular GPO.

    Says if you had a student GPO, which has the logon script to pull down the mapped drives etc. In User Configuration -> Windows Settings -> Security Settings -> Software Restriction Policies. If you haven't already, create a policy (literally a couple of simple clicks, if i remember?). Then click Additional Rules.

    Right Click -> New Path Rule. Then, enter in a path (says you wanted to block them on the H drive, try H:\*.exe), make sure security level is "disallowed", click OK and head out of the gpo editor window.

    Can this be applied on any USB drive?

    Thanks.

  8. #8
    TheScarfedOne's Avatar
    Join Date
    Apr 2007
    Location
    Plymouth, Devon
    Posts
    1,130
    Thank Post
    543
    Thanked 152 Times in 138 Posts
    Blog Entries
    78
    Rep Power
    79
    Yes it sure can - if you use a program like USB Drive Letter Manager. This ensures that USB sticks always go on the same drive letter, and you can therefore specify them as disallow. Best way tho is to use disallow overall - with specific allows. You need to do your homework on anything that requires write access first before changing this main setting. I sense a blog post coming up.....! It mite be on the WIKI already tho so worth takin a look there.

  9. #9
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    357
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    23
    i did this through the group policy software restrictions

    basically set the Software Restriction Policies/Security Levels
    Default Security Level Disallowed

    so that all exes and things like VBS are disabled
    And then under

    Software Restriction Policies/Additional Rules
    Path Rules

    setup rules that allow things through

    c:\Program files (x86)
    Security Level Unrestricted

    Also include all you logon server shares etc.. (so that VBS and CMD scripts can run)
    the windows directory!

SHARE:
+ Post New Thread

Similar Threads

  1. web link to a mapped drive
    By RabbieBurns in forum Web Development
    Replies: 7
    Last Post: 19th January 2009, 02:21 PM
  2. No access to mapped drive ??
    By theeldergeek in forum Wireless Networks
    Replies: 0
    Last Post: 2nd June 2008, 02:21 PM
  3. Mapped drive dropping
    By d4476m in forum Windows
    Replies: 12
    Last Post: 11th February 2008, 01:03 PM
  4. Quota on mapped drive?
    By ozydave in forum Network and Classroom Management
    Replies: 2
    Last Post: 13th June 2007, 02:13 PM
  5. Share a mapped drive
    By Samson in forum Wireless Networks
    Replies: 4
    Last Post: 3rd May 2007, 02:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •