+ Post New Thread
Results 1 to 12 of 12
Windows Thread, Group Policy editor in Technical; Hello, I am trying to edit group policy on a windows 2003 server. How can I set it, so that ...
  1. #1
    flashsnaps's Avatar
    Join Date
    Jan 2008
    Location
    Brighton, East Sussex
    Posts
    442
    Thank Post
    12
    Thanked 16 Times in 14 Posts
    Rep Power
    15

    Group Policy editor

    Hello,

    I am trying to edit group policy on a windows 2003 server.

    How can I set it, so that students cannot download and install firefox because it bypasses our proxy filter - which works on Internet explorer?

    Many thanks

  2. #2
    ajs
    ajs is offline

    Join Date
    Jun 2008
    Location
    Wigton, Cumbria
    Posts
    224
    Thank Post
    2
    Thanked 35 Times in 35 Posts
    Rep Power
    22
    You could add the Firefox setup executable and the Firefox executable itself into the list of programs that cannot be run:

    User Configuration -> Administrative Templates -> System -> Don't run specified Windows applications.

    However, this wouldn't stop anyone from bringing in a renamed copy of the setup or running Firefox portable and renaming the executable.

    What sort of proxy filtering do you have?

  3. #3
    flashsnaps's Avatar
    Join Date
    Jan 2008
    Location
    Brighton, East Sussex
    Posts
    442
    Thank Post
    12
    Thanked 16 Times in 14 Posts
    Rep Power
    15
    It was already in place when I got here.
    It's by a company called Bloxx. Doesn't appear to be that good. I have disabled exe files in it, and it doesn't seem to do a good job on that either.
    Would disabling EXE files from running in group policy be a wise move?

  4. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,943
    Thank Post
    232
    Thanked 1,512 Times in 1,206 Posts
    Rep Power
    328
    You'd be better off blocking mozilla.com and other file sharing sites where FireFox might be hosted, rather than .exe's altogether.

  5. #5

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,022
    Thank Post
    212
    Thanked 1,166 Times in 759 Posts
    Blog Entries
    4
    Rep Power
    485
    stopping the kids downloading it wouldn't stop them brining it in on cd or usb stick though.

    Stopping it running in GP would be a good move - also stopping the kids being able to install apps.

    Maybe also change your default gateway to be the bloxx system, thereby stopping un-proxied access to the web.

  6. #6
    flashsnaps's Avatar
    Join Date
    Jan 2008
    Location
    Brighton, East Sussex
    Posts
    442
    Thank Post
    12
    Thanked 16 Times in 14 Posts
    Rep Power
    15
    Quote Originally Posted by Domino View Post
    stopping the kids downloading it wouldn't stop them brining it in on cd or usb stick though.

    Stopping it running in GP would be a good move - also stopping the kids being able to install apps.

    Maybe also change your default gateway to be the bloxx system, thereby stopping un-proxied access to the web.
    Domino can you advise me on disabling users from installing apps

  7. #7

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,022
    Thank Post
    212
    Thanked 1,166 Times in 759 Posts
    Blog Entries
    4
    Rep Power
    485
    you can disable the windows installer with group policy http://www.microsoft.com/technet/pro....mspx?mfr=true

    but this could cause issues depending on your setup.

    A better, but much more involved/difficult way is to use software restriction policies - although this will take some doing

    a quick forum/wiki search should bring up the right info

  8. #8
    flashsnaps's Avatar
    Join Date
    Jan 2008
    Location
    Brighton, East Sussex
    Posts
    442
    Thank Post
    12
    Thanked 16 Times in 14 Posts
    Rep Power
    15
    Ok Thanks for your help guys

  9. #9
    Galway's Avatar
    Join Date
    Jun 2007
    Location
    West Yorkshire
    Posts
    1,015
    Thank Post
    6
    Thanked 215 Times in 153 Posts
    Rep Power
    61
    It might be worth noting that the Dida/Cida course says students must provide evedance of work in multiple browsers. I have the USB version of firefox setup on a network share so allow this to be achieved.

    If the students are abusing this then this is a teaching / supervision issue and should be refered to the teaching staff.

    Try setting up a Software restriction policy. I found it very easy to block students access to executables, and is the best way to stop students from hacking the network and use only the software provided.

    If you need help then PM me and I can try to arange a time where I can show you how I achieved it.

  10. #10

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,855
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    181
    Much better would be to deny outbound traffic except which has been through your proxy, then it doesn't matter what browser is in use. You don't have to spend time running around trying to work out what's being used and how to block it, because the kids will almost always be one step ahead of you

  11. #11
    Roger's Avatar
    Join Date
    Jul 2005
    Location
    Work: Lancaster Home: Bamber Bridge
    Posts
    65
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    FSRM (File Server Resource Manager) or Sophos App. Control

    You can use either of the above, FSRM is part of Server2003 R2, Sophos`s Application Control is part of Sophos Enterprise Console.

    We find Sophos Application Control very easy to use, you can selected applications by name\type.
    Roger

  12. #12
    ChrisP's Avatar
    Join Date
    Apr 2007
    Location
    norfolk
    Posts
    150
    Thank Post
    4
    Thanked 8 Times in 8 Posts
    Rep Power
    16
    Easy to achive this with IMPERO.

    I would then present the kid to their head of house as i presume this breakes your IT AUP by attemting to bypass school internet filtering.

SHARE:
+ Post New Thread

Similar Threads

  1. Group Policy
    By Neville in forum Windows
    Replies: 2
    Last Post: 6th May 2008, 12:17 PM
  2. Group policy
    By ricki in forum Wireless Networks
    Replies: 5
    Last Post: 29th February 2008, 01:40 PM
  3. Group policy
    By pedster666 in forum Hardware
    Replies: 5
    Last Post: 27th February 2008, 10:03 AM
  4. server Group Policy editor Problem
    By DaveP in forum Windows
    Replies: 3
    Last Post: 13th December 2007, 09:17 PM
  5. group policy
    By kevin_lane in forum How do you do....it?
    Replies: 2
    Last Post: 27th July 2007, 12:17 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •