+ Post New Thread
Results 1 to 4 of 4
Windows Server 2000/2003 Thread, Software Restriction Setup in Technical; hi guys coming from a RM back ground were all the software restrictions are setup for you, we now are ...
  1. #1
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    580
    Thank Post
    113
    Thanked 25 Times in 22 Posts
    Rep Power
    19

    Software Restriction Setup

    hi guys

    coming from a RM back ground were all the software restrictions are setup for you, we now are moving away from RM and we have got to setup software restrictions on a 2008 server xp client setup

    i was woundering what people do as a default when setting up software restrictions policys. I want one just to cover all pc's and laptops.

    what do you allow to run by default and block by default?

    thanks

    mark

  2. #2

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,087
    Thank Post
    210
    Thanked 432 Times in 312 Posts
    Rep Power
    145
    I've just written my software restriction policy and did the following.

    Disallow everything by default, then created a rule which allows everything on the C:\ this stops anything from memorysticks etc. being run.

    I then added in specific deny rules for certain programs like regedit, windows messenger, microsoft help and support centre, command prompt, mmc and a few others to stop those being run (although our GPO should stop most of them anyway)

    I find this is the easiest way to set it up so it works reliably. Ideally what you should do is deny everything then allow the programs you want one by one, but we run so much different software allowing the C:\ as a whole entity is a much easier option and it still stops execution of programs from memorysticks which is the main idea of the policy in the first place for us.

    One big tip if you do it this way is to make sure you stop the execution of programs from the Temporary files directory, as there's a loop hole that will allow programs to be run if they're in a ZIP file and double clicked, as it extracts by default to the TEMP folder.

    Mike.
    Last edited by maniac; 30th July 2009 at 03:08 AM.

  3. Thanks to maniac from:

    rh91uk (18th August 2009)

  4. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,374
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    We do the exact same as manic

  5. #4
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    877
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    36
    Thanks maniac ... i'm just setting up our R2 software restriction policies now and that was very very useful!



SHARE:
+ Post New Thread

Similar Threads

  1. Software Restriction Policies - Allow ONLY certain software
    By link470 in forum Wireless Networks
    Replies: 28
    Last Post: 9th July 2010, 05:29 PM
  2. Software Restriction
    By Chuckster in forum Windows
    Replies: 7
    Last Post: 18th June 2009, 01:51 PM
  3. Software restriction policies
    By DMcCoy in forum Windows
    Replies: 0
    Last Post: 2nd November 2008, 09:38 PM
  4. Software Restriction Policies... AGAIN
    By azrael78 in forum Windows
    Replies: 9
    Last Post: 6th August 2008, 10:51 AM
  5. Software Restriction Policies
    By wesleyw in forum Windows
    Replies: 14
    Last Post: 12th December 2006, 12:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •