+ Post New Thread
Results 1 to 4 of 4
Windows Server 2008 Thread, Block users running a batch file to run command.com? in Technical; Forgive me if I sound ignorant here but I have just moved from CC3 to a vanilla Windows 2008 environment. ...
  1. #1
    reggiep's Avatar
    Join Date
    Apr 2008
    Location
    In the vast area of space and time
    Posts
    1,550
    Thank Post
    518
    Thanked 56 Times in 50 Posts
    Rep Power
    30

    Block users running a batch file to run command.com?

    Forgive me if I sound ignorant here but I have just moved from CC3 to a vanilla Windows 2008 environment.
    One thing that a friendly work experience guy has pointed out is that if he creates a batch file with command.com inside it he can run it and then have the command prompt.
    Is file screening the way to go with this or is there a better solution?
    I have read that with file screening the users could just rename the extension and then use it whenever!

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    deny users access to command.com by setting the ntfs permissions

  3. Thanks to CyberNerd from:

    reggiep (1st August 2009)

  4. #3

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,068
    Thank Post
    210
    Thanked 430 Times in 310 Posts
    Rep Power
    144
    Software restriction policies is the way forward here, you can deny access to specific programs by using a hash of them (so even if they renamed it it still wouldn't run) as well as stopping batch files being run from their home areas by denying executables on anything except the C:\

    There is also a GPO 'deny access to command prompt' which if set should stop it being run as well.

    Mike.

  5. Thanks to maniac from:

    reggiep (1st August 2009)

  6. #4
    reggiep's Avatar
    Join Date
    Apr 2008
    Location
    In the vast area of space and time
    Posts
    1,550
    Thank Post
    518
    Thanked 56 Times in 50 Posts
    Rep Power
    30
    Cheers Guys, I'll take a look on Monday.

SHARE:
+ Post New Thread

Similar Threads

  1. [Arch] Run a command on the host
    By Arcath in forum *nix
    Replies: 1
    Last Post: 6th July 2009, 11:43 AM
  2. Running commands on a batch of computers
    By srochford in forum *nix
    Replies: 6
    Last Post: 27th April 2009, 04:32 PM
  3. run a batch file on logon with a CC3 Network
    By new-2-this in forum How do you do....it?
    Replies: 5
    Last Post: 17th July 2008, 07:57 PM
  4. executing a random command in a batch file
    By Halfmad in forum Scripts
    Replies: 12
    Last Post: 6th November 2007, 09:25 PM
  5. Running batch files in vista
    By Kained in forum Windows Vista
    Replies: 6
    Last Post: 4th September 2007, 02:25 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •