RE: Software Restrictions - Certificate rules do not work
From: Kenny Wood (Kenwood_at_online.microsoft.com)
Date: 07/26/04
- Next message: Kenny Wood: "RE: Browsing problem Help please"
- Previous message: Kenny Wood: "RE: Problems enabling smart card login on windows 2000"
- In reply to: klose: "Software Restrictions - Certificate rules do not work"
- Next in thread: klose: "Re: Software Restrictions - Certificate rules do not work"
- Reply: klose: "Re: Software Restrictions - Certificate rules do not work"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 Jul 2004 02:05:34 GMT
Hello,
Have you walked through the KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324036
Note that there is a prerequisite to use Certificate based rules;
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifie
\AuthenticodeEnabled must equal 1.
Thank you for your post.
Kenny Wood
CISSP, MCSE (+S, +M)
PSS Security
Microsoft Corporation
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- | From: "klose" <norepl@noreply.com> | Subject: Software Restrictions - Certificate rules do not work | Date: Fri, 23 Jul 2004 16:41:02 -0400 | Lines: 32 | X-Priority: 3 | X-MSMail-Priority: Normal | X-Newsreader: Microsoft Outlook Express 6.00.2800.1437 | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 | Message-ID: <#dNIhVPcEHA.3944@tk2msftngp13.phx.gbl> | Newsgroups: microsoft.public.win2000.security | NNTP-Posting-Host: deputy.jvc.com 207.10.33.107 | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl! tk2msftngp13.phx.gbl | Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.security:29980 | X-Tomcat-NG: microsoft.public.win2000.security | | I am trying to create a GP certificate rule for to prevent a software | package from being installed. | | I tried the HASH method, which does not work on all digitally signed | programs. | | Senerio: | Block install of Norton SS V7.0 (2004) exceutable is signed by Symantec | Corporation. | SYMSETUP.EXE | | I imported the cer into my test machine, then exported in all three formats. | The software restriction cert rule was pointed to each of these at one test | or another. | Each was tried but the install still worked. | | I noticed an article by | http://www.rtfm-ed.co.uk/microsoft/tips/windows/win2003.htm | that mentions the software rest cert rules don't work unless you enable | Computer Config\windows settings\security settings\local policies\security | options\system settings: Use Certificate Rules on Windows Exec for Sofware | Restrictio polices and enable this policy. | | I do not see this option any place. | | Has any done this successfully yet? | | Tom | | | | |
- Next message: Kenny Wood: "RE: Browsing problem Help please"
- Previous message: Kenny Wood: "RE: Problems enabling smart card login on windows 2000"
- In reply to: klose: "Software Restrictions - Certificate rules do not work"
- Next in thread: klose: "Re: Software Restrictions - Certificate rules do not work"
- Reply: klose: "Re: Software Restrictions - Certificate rules do not work"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
