+ Post New Thread
Results 1 to 8 of 8
Windows Thread, BAT & VBS in Technical; How do you prevent users from executing BAT files from shared network drives? At the moment none of them can ...
  1. #1

    Join Date
    Jun 2008
    Posts
    701
    Thank Post
    118
    Thanked 58 Times in 48 Posts
    Rep Power
    25

    BAT & VBS

    How do you prevent users from executing BAT files from shared network drives? At the moment none of them can execute the cmd.exe or .bat files from their own user area.

    Currently under User configuration --> software restrictions.. we have %HOMESHARE%\*.bat which does the trick.

    But how would I exactly implement this for the share network drives?

    I thought P:\*.bat would do it but it doesn't. I thought I was then being clever by simply putting *.bat and this literally blocked everything from working, i.e. logon scripts, so I had to undo that.

    Please can you help?

  2. #2
    elloyd69's Avatar
    Join Date
    Mar 2009
    Location
    Worcestershire
    Posts
    88
    Thank Post
    24
    Thanked 2 Times in 2 Posts
    Rep Power
    11
    Unfortunately I don't have the answer but if anyone does I would be eternally grateful!!


  3. #3
    Bezwick's Avatar
    Join Date
    Feb 2008
    Location
    Nottinghamshire
    Posts
    346
    Thank Post
    84
    Thanked 53 Times in 40 Posts
    Rep Power
    24
    If you have Windows Server 2003 R2 or later you could use File Server Resource Manager to create a File Screen which bans them from creating batch files on the network shares you want.
    If its that you dont want them executing *.bat files that are already created tag them as hidden files.
    Note sure if thats what you wanted, but hope it helps.

    Cheers

  4. #4
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    39
    %SystemRoot%\System32\cmd.exe in software restrictions stops any bat file from any location. We set this in our pupil GPO so all pupils cannot run bat files.

  5. #5
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,466
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    51
    HI

    I have had to put a load of path rules into gpo. So for this example h = home drive

    h:\*.exe
    h:\*\*.exe
    h:\*\*\*.exe

    You get the idea put in as many layers as the staff and kids are using.

    Richard

  6. #6

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,192
    Thank Post
    53
    Thanked 270 Times in 178 Posts
    Rep Power
    131
    Don't forget command.com too!

  7. #7

    Join Date
    Jun 2008
    Posts
    701
    Thank Post
    118
    Thanked 58 Times in 48 Posts
    Rep Power
    25
    I've figured it out.

    In order to block BAT files from network drives, you have to put in the UNC path in the software restriction policy.

    Rather than P:\*.bat
    It'd be \\servername\sharename\*.bat

  8. #8

    Join Date
    Nov 2007
    Location
    Rotherham
    Posts
    1,666
    Thank Post
    119
    Thanked 126 Times in 102 Posts
    Rep Power
    45
    I use McAfees Virus Scan with EPO server. Set up some userdefined rules and not only does it stop them it also handilly logs everything to a central location so I can see who has been trying to do things.

SHARE:
+ Post New Thread

Similar Threads

  1. Bat calling VBS problem
    By MK-2 in forum Scripts
    Replies: 5
    Last Post: 15th December 2008, 11:08 PM
  2. Covert CMD/BAT files to vbs help
    By tosca925 in forum Scripts
    Replies: 12
    Last Post: 8th November 2007, 02:58 PM
  3. .vbs .bat error in sysvol
    By alonebfg in forum Windows
    Replies: 7
    Last Post: 16th July 2007, 07:57 PM
  4. bat versus vbs
    By Uraken in forum Scripts
    Replies: 8
    Last Post: 30th January 2007, 10:41 PM
  5. Detect Ctitrix session from within bat/vbs?
    By Geoff in forum Thin Client and Virtual Machines
    Replies: 9
    Last Post: 19th July 2006, 11:24 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •