+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 44 of 44
Windows Thread, Stopping .exe files from being run from a USB stick in Technical; Interesting there are several threads on here documenting that flaw and I observed it as well. Are you using a ...
  1. #31
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,203
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Interesting there are several threads on here documenting that flaw and I observed it as well. Are you using a whitelist rather than a blacklist so all exes are banned everywhere except where you specify or allowing them everywhere except where you specify they're banned.

    Thanks.

  2. #32

    Join Date
    Jun 2010
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    All I'm doing is using the software restriction policy and in the path typing somethng like E:\*.exe. I did the same for other extensions such as dll, bat, msi, etc.

    Don't forget to select "disallowed"

  3. #33
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,203
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Ah XP clients? I still get the issue here it's banned in the top three folders of the path any deeper and I can run an exe.

  4. #34

    Join Date
    Jun 2010
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Actually I have about 400 XP spk2 clients and the rest Win Vista. Started deploying Win 7 recently for a total of about 10 Win 7. It works in all of them. If you have any other question, let me know. Happy to help. I know how it feels!

  5. #35

    Join Date
    Mar 2011
    Location
    London
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    as you can see by my user name i am a kid you all are pretty good coders yet my firiend has a .bat file which can still operate with these scripts in place and with the settings applied

  6. #36

    Join Date
    Oct 2009
    Location
    gateshead Tyne and Wear
    Posts
    12
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi all

    We have got a number of netbooks for the kids starting in September some running XP home and some running Windows 7 starter. The netbooks will be standalone and wont be on the domain, the kids will logon with a standard (restricted) account is there anyway to stop the kids from running exe, bat, swf etc from usb and the homefolders. I have seen the various methods using GPO but the home versions dont have gpo support. I am at present running a Cyber-D's Autodelete on logon which remove exe's etc from the home folder.

    thanks

    Paul

  7. #37
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,014
    Thank Post
    198
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    IME the GPO methods don't fully work anyway. It would require a third-party paid-for solution.

    I've had a few suggestiions for Sophos, but it can only be made to scan additional filetypes for viruses. It won't block filetypes outright.

    Even Faronics don't have a product that can do this. I asked them at BETT last year.

    This should be really simple. Just deny access to files matching U:\*.swf with subfolders. How hard can that be?

    I've added a file screening policy to the Server 2008 file server, to block .swf and executables, which at least keeps them off the server and irritates the pupils.

  8. #38

    Join Date
    Oct 2009
    Location
    gateshead Tyne and Wear
    Posts
    12
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    HI

    I use sophos and Ranger on the network which seems to work more or less. its the standalone netbooks i have the problems with, they have no gpo support and standalone sophos which does not run policies. It looks like i am just going to have use the auto-delete which deletes from the homedrive / desktop etc not memory sticks unless they have them plugged in at logon, but does not stop them running them

    will keep looking

    thanks

    paul

  9. #39
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,828
    Thank Post
    914
    Thanked 421 Times in 354 Posts
    Blog Entries
    12
    Rep Power
    88
    Big thanks for this, I've just implemented it for the first time and its working great.

    All I did was

    - User configuration >> Windows Settings >> Security Settings >> Software restriction policies (right click >> New software restriction policy)
    - Under Additional rules (right click >> New path rule) Add

    %HOMEPATH%
    %HOMESHARE%
    U:\ (this is our mapped my documents drive)

    And thats it
    Last edited by zag; 19th July 2011 at 12:28 PM.

  10. Thanks to zag from:

    simpsonj (1st November 2011)

  11. #40

    Join Date
    Nov 2007
    Location
    Rotherham
    Posts
    1,678
    Thank Post
    122
    Thanked 126 Times in 102 Posts
    Rep Power
    45
    You can ofcourse use FSRM to do the job on the servers (usefull as it will then E-mail you to tell you who is attempting to do what).

    Apart from that another vote here for using USBDLM and windows group policy.

  12. #41

    Join Date
    Sep 2008
    Location
    London
    Posts
    15
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi,

    How do you do this on 2008 R2?

    Thanks

  13. #42

    Join Date
    Jun 2010
    Location
    England
    Posts
    735
    Thank Post
    89
    Thanked 52 Times in 46 Posts
    Rep Power
    35
    Quote Originally Posted by rsim8123 View Post
    Hi,

    How do you do this on 2008 R2?

    Thanks
    Not read whole thread - But you can use Group Policy software restriction policys to prevent certain file types such as .exe from running. As well as this you can setup FSRM on the file server to prevent these file types from being saved on the network.

    Here's a bit of guide I quickly found from google that might help setup
    The Basics of Windows Server 2008 FSRM (File Server Resource Manager) - Jose Barreto&#39s Blog - Site Home - TechNet Blogs
    Using Software Restriction Policies to Protect Against Unauthorized Software

  14. #43
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,014
    Thank Post
    198
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    I also use FRSM to prevent them saving executables and .swf files to the share. It's another deterrent for them and reduces storage space waste. If you use DFS, like I do, then you also have to set identical policies on each server that hosts the share.

    I've found another loophole the darlings are exploiting. They can embed .swf files in Office documents. Does anyone know of a way to stop this?

  15. #44

    Join Date
    Mar 2012
    Location
    Adelaide
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    As this is still one of the top google returns on this question I thought I'd post the information I found most helpful on this issue.
    Using the information from the TechNet article below I had success.
    Chapter 6: Software Restriction Policy for Windows XP Clients

    A mistake I was doing was typing in the file path and specifying the type of files.
    So, f:\*.exe simply blocked exe files from running in the root of the F drive.
    What I needed to do was to block exe files from running on the F drive completely, no mater what level of folder they were in.
    So, f:\ would achieve this, but it wasn't blocking anything.
    For that, I actually had to read the instruction properly, and take note of the sections titled "DLL checking" "Skip administrators" and "Defining executables". These sections are within "The File path rule"
    After doing that it worked.
    I'm also going to look at a couple of other possibilities that may assist people, but more when I know I've achieved what I want.
    Last edited by mstarczak; 8th September 2013 at 02:49 AM. Reason: fuller information

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. What's On Your Stick
    By russdev in forum General Chat
    Replies: 19
    Last Post: 23rd January 2008, 09:50 AM
  2. Who is stopping up then?
    By russdev in forum General Chat
    Replies: 13
    Last Post: 7th January 2008, 08:42 PM
  3. Moodle on a stick
    By beeswax in forum Virtual Learning Platforms
    Replies: 1
    Last Post: 23rd November 2007, 09:47 AM
  4. mem stick thats how they should be built
    By russdev in forum Hardware
    Replies: 7
    Last Post: 22nd December 2006, 09:01 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •