Portable Apps!

[Zoom7000]

These are fast becoming a huge nightmare! I'm trying as much as I can to grab them off student USB flash drives and apply hash blocks in Active Directory and apply block policies using AB Tutor. However, there are newer versions coming out all the time. Also, some stuff you can't apply AB Tutor policies to. E.g. Microsoft Office Word 2007 in the title bar just appears as Microsoft Word. Can't block that because we want them to run Word, just not off their pen drive!

Other interesting stuff I found was:
UltraSurf - Gets the current proxy address settings on the PC. Tries to bypass
WLM Lite - Portable Windows Live Messenger.
Deskspace - Really cool application that allows you to have 4 independant desktops. You can switch desktops by a custom key press in a cube like effect and the open windows from the other desktops disappear until you activate them again. Actually really cool! lol

Then the usual suspects - Portable Kaspersky, Portable Adobe CS3, Portable Nero, Portable LimeWire, Portable utorrent, the list goes on!

I even found a portable version of AB Tutor. I've emailed that off to Andy at AB Consulting for further investigation.

I have USBDLM assigning Flash Drives as K: L: and M: repectively, can I block all .exe, .bat .cmd .vbs etc running at all from flash drives?

[powdarrmonkey]

Yes, with path rules. Details have been posted before.

[j17sparky]

I have USBDLM assigning Flash Drives as K: L: and M: repectively, can I block all .exe, .bat .cmd .vbs etc running at all from flash drives?

Yes, do a search its been covered many a time

[KarlGoddard]

Software restriction policies are your friend!

We started using them around 18 months ago and noticed the difference almost immediately.

We had one or two minor problems with the odd 'legit' app that got blocked but a quick tweak here and there and it worked like a dream ever since

http://technet.microsoft.com/en-us/l.../bb457006.aspx

http://support.microsoft.com/kb/324036

HTH

[projector1]

is it my machine or is the "thanks" link missing from this thread?

[dhicks]

WLM Lite - Portable Windows Live Messenger

I've bet one of our prep school pupils she can't get this working in the prep school IT room. She seemed quite enthusiastic about the challenge. I don't think she quite appreciates that our prep IT room runs Edubuntu-based thin clients, but I figure she will by the time she's finished...

--
David Hicks

[Zoom7000]

I've had a search and found the technique of using software restriction, in my case...

K:\*.exe
K:\*\*.exe
K:\*\*\*.exe

However, the K:*.exe won't work, so I have to keep doing the \*\*\*.exe technique, but this is not fool proof.

Is there a way to block it on all subfolders too?

[TechMonkey]

I've had a search and found the technique of using software restriction, in my case...

K:\*.exe
K:\*\*.exe
K:\*\*\*.exe

However, the K:*.exe won't work, so I have to keep doing the \*\*\*.exe technique, but this is not fool proof.

Is there a way to block it on all subfolders too?

Can you not just ban K:\* ?

[MarkB]

We block everything by default and only allow programs to run from known locations (Program Files, windows folder, etc).

[ajbritton]

Agree with Mark B. Best bet is to start with a blanket ban on everything and just allow what you need. On the basis that PCs are locked down, it is safe to allow execution from Windows and Program Files. If necessary add rules to allow execution from network locations.

[FN-GM]

We don't tend to have this problem, we get alot of flash games in excel files.

[KarlGoddard]

We don't tend to have this problem, we get alot of flash games in excel files.

use strings.exe from sysinternals to search within *.xls for '.swf'

this finds any embedded swf's quite nicely!

[Zoom7000]

We block everything by default and only allow programs to run from known locations (Program Files, windows folder, etc).

Sorry to bring this thread back from the depths of thread doom, however, I was trying this method of blocking *.exe files with the default settings of Program Files, SystemDrive, SystemRoot etc being unrestricted. But, disabling *.exe seems to overide the unrestricted settings. So, is there any simple way of blocking .exe files from anywhere other than those locations?

[User3204]

We have blocks for everything except, stuff like:
c:\program files\*\*
c:\windows\*
\\server\netlogon\*
\\server\applics\*\*
g:\*\* [mapped to \\server\applics\]

&c &c, I have done the c:\folder1\*\* as I understood this to mean I can allow to run from c:\folder1\folder2\file.exe, but not from c:\folder1\file.exe, but I'm not completely positive this works.

[Zoom7000]

We have blocks for everything except, stuff like:
c:\program files\*\*
c:\windows\*
\\server\netlogon\*
\\server\applics\*\*
g:\*\* [mapped to \\server\applics\]

&c &c, I have done the c:\folder1\*\* as I understood this to mean I can allow to run from c:\folder1\folder2\file.exe, but not from c:\folder1\file.exe, but I'm not completely positive this works.

I tried %ProgramFiles%\* however, when I log in and try to run programs (e.g. Word) it still says the program is restricted by software restriction policy.

What method can I use to run ALL files from %ProgramFiles% not just ones specified in a folder structure.