While this may look like it's working, it shouldn't take long before a user
discovers that all he have to do to circumvent this measure is to rename
the .exe to something else than setup or install.
Although it won't block excutables at this time, the SIDTk module LogProc
was conceived exactly for this purpose. At this time, it will only detect,
and it is based on a time interval check, which means that this tool will
evolve in many ways in the near future, but the idea behind it is that you
define what is permitted to run on the system, hence anything that is not
part of the list gets flagged.
On the plans for future versions wil be trap monitoring for the launch of
executables, and the ability to prevent unwanted programs from executing.
This tool can be downloaded as part of the SIDTk at
http://securit.iquebec.com/.
Hope that helps.
Adam Richard
SécurIT Informatique Inc.
At 11:02 AM 08/10/2004, you wrote:
One way that we do this is to not allow programs like setup.exe and
install.exe to run. This is not a perfect solution but keeps 99% of our
users from installing stuff. To enable and list the programs you don't want
run go to User Configuration->Administrative Templates->System->Don't allow
specified Windows applications in group policy editor. I hope this helps.
Eddie
-----Original Message-----
From: chang zhu [mailto:cyz2000@yahoo.com]
Sent: Friday, October 08, 2004 8:46 AM
To: focus-ms@securityfocus.com
Subject: Can we really block users from installing applications through
Group policy?
Hi, all
The users are not local administrators. We configure
group policy to prevent user installs but it seems
that it blocks only .msi packages. Users still can
install applications through ex. setup.exe...Can we
really block users from installing applications
through Group policy?
Any idea or thoughts on this?
Plus, if we need to block users from saving .mp3 file
on their computers, can we do it through group policy?
we are on windows2000 and XP environment.
Thanks always,
Chang
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
______________________________________________________________________
This email transmission and any documents, files or previous email
messages attached to it may contain information that is confidential or
legally privileged. If you are not the intended recipient or a person
responsible for delivering this transmission to the intended recipient,
you are hereby notified that you must not read this transmission and
that any disclosure, copying, printing, distribution or use of this
transmission is strictly prohibited. If you have received this transmission
in error, please immediately notify the sender by telephone or return email
and delete the original transmission and its attachments without reading
or saving in any manner.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
_____________________________________________________________________
Un mot doux à envoyer? Une sortie ciné à organiser? Faites le en temps
réel avec MSN Messenger! C'est gratuit! http://ifrance.com/_reloc/m
---------------------------------------------------------------------------
---------------------------------------------------------------------------
