Windows Thread, BAT & VBS in Technical; How do you prevent users from executing BAT files from shared network drives? At the moment none of them can ...
29th April 2009, 10:01 AM #1
BAT & VBS
How do you prevent users from executing BAT files from shared network drives? At the moment none of them can execute the cmd.exe or .bat files from their own user area.
Currently under User configuration --> software restrictions.. we have %HOMESHARE%\*.bat which does the trick.
But how would I exactly implement this for the share network drives?
I thought P:\*.bat would do it but it doesn't. I thought I was then being clever by simply putting *.bat and this literally blocked everything from working, i.e. logon scripts, so I had to undo that.
Please can you help?
IDG Tech News
29th April 2009, 10:10 AM #2
Unfortunately I don't have the answer but if anyone does I would be eternally grateful!!
29th April 2009, 10:27 AM #3
If you have Windows Server 2003 R2 or later you could use File Server Resource Manager to create a File Screen which bans them from creating batch files on the network shares you want.
If its that you dont want them executing *.bat files that are already created tag them as hidden files.
Note sure if thats what you wanted, but hope it helps.
29th April 2009, 10:29 AM #4
%SystemRoot%\System32\cmd.exe in software restrictions stops any bat file from any location. We set this in our pupil GPO so all pupils cannot run bat files.
29th April 2009, 10:32 AM #5
I have had to put a load of path rules into gpo. So for this example h = home drive
You get the idea put in as many layers as the staff and kids are using.
29th April 2009, 01:02 PM #6
Don't forget command.com too!
29th April 2009, 02:49 PM #7
I've figured it out.
In order to block BAT files from network drives, you have to put in the UNC path in the software restriction policy.
Rather than P:\*.bat
It'd be \\servername\sharename\*.bat
30th April 2009, 01:15 PM #8
I use McAfees Virus Scan with EPO server. Set up some userdefined rules and not only does it stop them it also handilly logs everything to a central location so I can see who has been trying to do things.
Last Post: 16th December 2008, 12:08 AM
By tosca925 in forum Scripts
Last Post: 8th November 2007, 03:58 PM
By alonebfg in forum Windows
Last Post: 16th July 2007, 08:57 PM
By Uraken in forum Scripts
Last Post: 30th January 2007, 11:41 PM
By Geoff in forum Thin Client and Virtual Machines
Last Post: 19th July 2006, 12:24 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)