Re: Prevent users running executables from pen drives
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/23/04
- Next message: Steven L Umbach: "Re: Rights to view event log."
- Previous message: Steven L Umbach: "Re: ftp server"
- In reply to: andy smart: "Prevent users running executables from pen drives"
- Next in thread: andy smart: "Re: Prevent users running executables from pen drives"
- Reply: andy smart: "Re: Prevent users running executables from pen drives"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Sep 2004 03:03:04 GMT
The best solution I know of would be to use XP Pro computers and Software Restriction
Policies. SRP can be configured to allow users to run only authorized applications
via certificate, hash, or path rules. If a user had a default disallowed policy and
paths to say only specific program files folder for allowed applications, and the
associated shortcuts in the all users profiles they would not be able to execute a
file on a USB drive or copied to their profile folders. If SRP are applied under
computer configuration they can also apply to local administrators if need be by
configuring the enforcement rule. XP Pro computers can have their Group Policy
features applied in a W2K domain. I don't know of a good solution in W2K. About the
best you can do is to make sure users are not local administrators and try modifying
the Windows Applications policy settings under user configuration/system to populate
the allowed only or disallowed list. --- Steve
"andy smart" <anonymus@discussions.microsoft.com> wrote in message
news:cis296$7as$1@newsfeed.th.ifl.net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi
>
> I've seen lots of postings from people who want to prevent users writing
> to their usb pen drives, we want our users to read and right - but not
> run programs. Does anybody have any solutions for this (being in the
> educational sector 'free' would be nice)
>
> thanks
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBUYxmqmlxlf41jHgRAjmYAKDd1Dc7IE3BwL91Dv8KJD1OtiApZACfeZsP
> gUuUuYxrlCDY0m4u5NyLI3w=
> =U1bv
> -----END PGP SIGNATURE-----
- Next message: Steven L Umbach: "Re: Rights to view event log."
- Previous message: Steven L Umbach: "Re: ftp server"
- In reply to: andy smart: "Prevent users running executables from pen drives"
- Next in thread: andy smart: "Re: Prevent users running executables from pen drives"
- Reply: andy smart: "Re: Prevent users running executables from pen drives"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
