FW: Restrict running applications from usb key

From: Beauford, Jason (jbeauford_at_EightInOnePet.com)
Date: 03/03/05

  • Next message: Mark Teicher: "Re: Disabling USB mass storage"
    Date: Thu, 3 Mar 2005 16:47:41 -0500
    To: <focus-ms@securityfocus.com>
    
    

    Quote from
    http://www.awprofessional.com/articles/article.asp?p=366893&seqNum=7 :

    "The "Run only allowed Windows Applications" group policy object. This
    GPO allows you to manage a list of allowed Windows applications that can
    be executed by users affected by the policy. Usually the policy is
    applied to all non-administrative users logged on to a Terminal Server.
    The one limitation of this policy is that it does not track applications
    based on their full path, only their application name. This creates the
    situation where a user could execute any desired application, simply by
    changing the application's name to be the same as an application that is
    authorized to run."

    May or may not be ideal based on your risk assessment.

    jmb

    -----Original Message-----
    From: Beauford, Jason
    Sent: Thursday, March 03, 2005 4:43 PM
    To: 'Chris Burkey'; focus-ms@securityfocus.com
    Subject: RE: Restrict running applications from usb key

    You can use GPO's to specificy which Applications your users are allowed
    to run. You'll have to list them all out explicitly. Then when the
    user runs some foreign app, it should fail.

    Domain Policy => User Configuration => System => Run only allowed
    Windows applications.

    I have never tried it myself.

    -jmb

    -----Original Message-----
    From: Chris Burkey [mailto:burkeyc@cliu.org]
    Sent: Thursday, March 03, 2005 2:51 PM
    To: focus-ms@securityfocus.com
    Subject: Restrict running applications from usb key

    Does anyone know if there is a way to restrict a user from running
    applications from a usb key. The user needs to be able to save data to
    the key and retrieve a document from the key but not run an application
    from it. Thanks.

    Christopher Burkey

    Sr. Network Administrator

    Carbon Lehigh Intermediate Unit #21

    Phone: (610)-769-1010

    burkeyc@cliu.org

    Weboffice address: http://weboffice.cliu.org:2200/burkeyc@cliu.org

     

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Mark Teicher: "Re: Disabling USB mass storage"

    Relevant Pages

    • Re: event id 1085 problem
      ... The new Windows Group Policy Guide from Microsoft Press!!! ... > The following applications were found in policy GPO. ... > Assigned application FPP Dashboard. ... > Software installation extension returning with final error code 1612. ...
      (microsoft.public.windows.group_policy)
    • Re: event id 1085 problem
      ... The new Windows Group Policy Guide from Microsoft Press!!! ... >>> policy refresh. ... >>> Enumerating applications in the Active Directory for computer VIJAYPC ... >>> Software installation extension returning with final error code 1612. ...
      (microsoft.public.windows.group_policy)
    • Re: Tightening the default CAS policy
      ... They could fulltrust applications to bypass ACLs ... and allow malware to modify program files, ... modifying the security policy. ...
      (microsoft.public.dotnet.security)
    • Re: Software Restrictions
      ... When I denied Project Users Read & Apply Policy, ... user could not access any of the restricted applications to include Project. ... >>I want to implement 2 GPOs to restrict certain software. ... >> be applied to the Domain Users security group. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Software Restrictions
      ... > my test user could access all restricted applications to include Project. ... > It seems as though the first policy took affect and skipped the second ... >>>I want to implement 2 GPOs to restrict certain software. ...
      (microsoft.public.windows.server.active_directory)