scorcher89 (19th March 2012)
1) Create a new Group policy in the computer group.
2) Edit the policy and goto: Computer Config/Secuirty Settings/Software Restriction Policies,
3) right click and select "create new policy"
4) Leave everything default and click "Additional Rules"
5) enter: C:\Documents and Settings\%username%\Local Settings as a new rule with "Disallowed" as the security level.
Gpupdate force and your done
make sure that you leave the "unrestricted" as default in "security levels" or you will be blocking a whole load of stuff !
If there is anything i have overlooked please let me know..
Just also found out that kids are hiding files in the "shadow copies" not sure if these files would show up when scanning for a file type.
Last edited by burgemaster; 19th March 2008 at 01:01 PM.
This works well, there are a few points you might want to be aware of - particularly if you use any kind of compiled scripts.
By default they extract to the users %TEMP% directory which resides inside the Local Settings folder.
Typically these include the interpreters (WKIX32.exe and KIX32.exe if you use KIX).
By disallowing the EXE files here, you then stop these scripts from running.
So it may be worth including an allow rule for KIX32.exe and WKIX32.exe or whichever interpreter for the scripting language you are using.
We too have had bother with Ultra-surf being run from Zip files.
Will give this a go. Thanks guys.
Thanks a lot for this
There are currently 1 users browsing this thread. (0 members and 1 guests)