RE: services running in windows domain (winXP clients)

Though some may think it overkill, I audit the logs of Spybot Search &
Destroy, and if there is a new application that I have not yet restricted I
get that by looking at the running applications listing. Then I simply put
out a policy to restrict that one and if there is any other information
about the installation methods and executables that I can find with some
more research used I restrict them also...

-----Original Message-----
From: Mike Lyman [mailto:mikelyman-security@comcast.net] 
Sent: Friday, December 17, 2004 8:30 AM
To: focus-ms@securityfocus.com
Subject: Re: services running in windows domain (winXP clients)

Christos Triantafyllidis wrote:

> Is there any way to allow only specific services to run at win XP 
> clients through domain group policy?

I would think software restrinction polices would be able to help here. 
It would probably be a royal pain to configure but you are supposed to be
able either block specific applications and allow all others to run or allow
only specific ones to run and block all others. If nothing else it ought to
block the installation program from installing the rogue service.

-- 

Mike Lyman CISSP*
*mikelyman-security@comcast.net

/"You can't take the sky from me"/



---------------------------------------------------------------------------
---------------------------------------------------------------------------

smime.p7s
Description: S/MIME cryptographic signature