Re: Prevent users running executables from pen drives

From: andy smart (anonymus_at_discussions.microsoft.com)
Date: 09/23/04 

Date: Thu, 23 Sep 2004 07:41:48 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks Steve

We are using XP pro on our 2003 domain so this looks like a winner to
be, apart from the fact that we do need the users to have either 'power
user' rights on our XP boxes because of what we might term 'legacy'
software. But we lock down the desktops so they can't access control
panel so it might prove to be an effective solution!

Steven L Umbach wrote:
| The best solution I know of would be to use XP Pro computers and
Software Restriction
| Policies. SRP can be configured to allow users to run only authorized
applications
| via certificate, hash, or path rules. If a user had a default
disallowed policy and
| paths to say only specific program files folder for allowed
applications, and the
| associated shortcuts in the all users profiles they would not be able
to execute a
| file on a USB drive or copied to their profile folders. If SRP are
applied under
| computer configuration they can also apply to local administrators if
need be by
| configuring the enforcement rule. XP Pro computers can have their
Group Policy
| features applied in a W2K domain. I don't know of a good solution in
W2K. About the
| best you can do is to make sure users are not local administrators and
try modifying
| the Windows Applications policy settings under user
configuration/system to populate
| the allowed only or disallowed list. --- Steve
|
|
| "andy smart" <anonymus@discussions.microsoft.com> wrote in message
| news:cis296$7as$1@newsfeed.th.ifl.net...
|
| Hi
|
| I've seen lots of postings from people who want to prevent users writing
| to their usb pen drives, we want our users to read and right - but not
| run programs. Does anybody have any solutions for this (being in the
| educational sector 'free' would be nice)
|
| thanks
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBUnAsqmlxlf41jHgRAq5eAKDlsq8F8pxMT1YfbZ91Zw9A9n0iBACeLUVq
LNJt8ikRThgHTX96XpZlr4c=
=eIhr
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: user32.dll - error and then Blues Screen c0000135 user32.dll
    ... Looks like when I let the XP Pro disk begin start up.. ... Will Last Known Good Configuration work? ... work - i.e. bring me to anything tha tlooked like a restore menu .. ...
    (microsoft.public.windowsxp.general)
  • FW: [SLE] DHCP & Networking - HTH
    ... I use 8.2 Pro, and I'm ... Under Network Card configuration it reads 'Available are other (not ... I connect to the internet using a cable modem and my ...
    (SuSE)
  • Re: Yanks support and condone terrorists
    ... Take a look at the postings pro US agression, ... How many regular posters do you suppose there are on MS including ... Besides which Steve ... isn't perhaps it's a matter of "why argue with someone whose mind is ...
    (misc.survivalism)
  • Re: Has Vista slipped....again?
    ... Steve de Mena wrote: ... Then nothing is behind schedule and no features are apparently dropped to make a release date. ... Apple is NOT developing any new operating systems, iPods, Intel Macs, iTV, iPhone, QuickTime, .Mac, iLife applications, iTunes, Final Cut Pro, Soundtrack Pro, Logic Pro, Motion2, Shake, DVD Studio Pro, iWork Suite, WebObjects, AppleWorks, FileMaker, Aperture, etc... ...
    (comp.sys.mac.advocacy)
  • Re: Security privelege(s) missing!
    ... Computer Configuration, Administrative Templates, System, System Restore. ... it disables the Policy that turns System Restore off. ... Per user Group Policy Restrictions for XP Home and XP Pro ...
    (microsoft.public.windowsxp.security_admin)