That's why you link to the download page, rather than the download ;)Quote:
Originally Posted by tarquel
Printable View
That's why you link to the download page, rather than the download ;)Quote:
Originally Posted by tarquel
Indeed :P
Pease let me know via PM if any of the links change, so I can update them :)
Ta,
N.
Hi Folks, anyone tell me were in office2003 template this setting is, I have not been able to find anything??
Ta, Roger
I KNOW IT NOT STRICTLY WHAT YOU WERE TALKING ABOUT BUT
you should also be careful because a student could easily enough create a new shortcut alter the extension and hey presto instant internet access or worse cmd maybe.
I have a looked at the Office XP ADM files, but can't find this setting to stop UNC paths, can anyone point me in the right direction?
Thanks.
Anyone?
If you've dissabled access to the command prompt in your Group Policy, even if the users finds cmd.exe it still wont let them execute it.Quote:
Originally Posted by Bouncer
Our students can do this too, but can only browse to shares that they have access to. IIRC, it's the IPC$ share that they view when they do \\server\. Perhaps you could modify the NTFS/share permissions to reflect what you want the pupils to be able to do.
With that setting enabled tho' students can still execute commands with batch files etc. Need to deny access to those extensions.Quote:
Originally Posted by indie
Don't batch files run via cmd.exe though?
Not if you select the optional "Disable the command prompt script processing also?" section of the "Prevent access to the command prompt" object.Quote:
Originally Posted by mark
Another way, for 'room' printers, is to change the security on the printer.
By adding PC_NAME$ instead of usernames, anyone logged into the specified machines can use the printer.
EG
Room T9 -> T9_Laser -> Properties -> Security:
Domain Admins full control
T9_01$ print only
T9_02$ print only
..
T9_30$ print only
T9_TUTOR$ print only
No student/pupil groups or usernames listed. Anyone typing \\PRINTSPOOL\T9_Laser from other machines (G3_07 for example) would get access denied.
@indie - You can package command.com into ms word and still get a command prompt even if you disable cmd from Group Policy - I used to do this when I was at school :)
Very true, at very least command.com should be on the list of banned applications also.Quote:
Originally Posted by Frazer
I know kids can just rename command.com before they add it to the word file, but this should stop all but the most determined of children.
The other way round this, like what we do is run Windows XP x64 edition, command.com is a 16bit app that simply won't run no matter what you name it on 64bit systems. cmd.exe which is 32bit won't run whatever it is called as long as the group policy is set up.
not sure if this would work.....
you could add a explicit deny 'traverse folder / execute' permission to the <student users> group on files you dont want them executing.
I think that should work, deploying the permision should be possible via AD or a script.
I always had all the user home drives / my document redirections configured in this way - it stopped them executing batch files, because the only place they could save stuff, they couldn't execute from.
If you want to take it a step further you have to prevent them using removal media, because they can just execute stuff from there. Also possible with policies.
There's always ways round ofc.
Wont that just stop them executing files saved in their user areas?
What about files embedded into word documends like command.com?