While your reply actually seems to be in response to something other than the
message to which it is attached, I did want to comment on a couple of items.
First, implementing software restriction policies does not require one to
repackage all applications into signed .msi packages- it depends on which of
the four methods of restriction you implement. Second, you are only mentioning
one way to implement software restriction policies- there are numerous ways of
going about it. It's not quite as facile as the description below indicates.
Laura
From: Joshua Feek <jfeek@yahoo.com.au>
Date: 2004/10/18 Mon PM 09:13:01 EDT
To: Laura Robinson <larobins@verizon.net>, Paul Aviles
<paviles@adjoined.com>,
Harlan Carvey <keydet89@yahoo.com>, focus-ms@securityfocus.com
CC: chang zhu <cyz2000@yahoo.com>
Subject: Re: RE: Can we really block users from installing applications
through Group policy?
Of course you can though it requires you to package
all applications into MSI format and certify using a
PKI cert. You then config a GPO to only allow apps
that are certified by your cert to be installed. This
will stop dead every other application installation.
You can of course include other certs from verdors to
minimise this repackage requirement
--- Laura Robinson <larobins@verizon.net> wrote:
Um, I don't recall Harlan saying that the policy had
to be applied to *everyone*.
Laura
___________________________________________________________ALL-NEW Yahoo!
Messenger - all new features - even more fun! http://uk.messenger.yahoo.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
