Running shortcuts via IE

[KarlGoddard]

Recently had a yr11 lad show us how he could get to a command prompt while running as a pupil user and I'm a bit stumped how to block it...

he's creating a new shortcut on the desktop pointing to command.com. If he runs that from the desktop he gets blocked through a SR policy.

If he drags the shortcut into IE the shortcut runs OK and he gets a dos window.

I could block command.com but I'd like to know how to stop shortcuts running this way.

I initially thought it was somehow running from his temp internet files, so I ran filemon to see what was running and from where but couldn't see anything out of the ordinary.

TIA

[SYNACK]

Internet Explorer Advanced settings
Advanced Tab: Security: Allow active content to be run in files on my computer?

You could also try the group policy setting:

User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Zone -> Local Machine Zone : Allow drag and drop or copy and paste files

[KarlGoddard]

thanks.. I'll give it a go tomorrow

[Brpilot99]

How about locking down the desktop so he can't make any shortcuts
Desklock 1.2 will do this for you ... cant remember the url but if you are interested and cant find it I'll research tommorrow ... cheers