Re: File Level Blocking
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 16 May 2006 13:54:21 -0500
The closest you probably could come within the native operating system is to
use Software Restriction Policies that is available in XP Pro and Windows
2003 where you can use path, hash and certificate rules and also modify the
designated file types list. The link below explains how to use and deploy
Software Restriction Policies. FYI and user that is a local administrator
can bypass SRP by booting the computer into Safe Mode. SRP should not be
implemented however without extensive testing to make sure they work as
planned and do not overly restrict the user. Also desktop shortcuts [.lnk
files] by default are included in the designated file types. When tweaking
SRP it will help to check the application log for SRP events if problems
arise and also use the free filemon tool from SysInternals to see what files
are accessed/executed when a user tries to run an application. --- Steve
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
--- Software Restriction Policies
"Alex" <x929@xxxxxxxxxxxxx> wrote in message
news:OMft%23WReGHA.380@xxxxxxxxxxxxxxxxxxxxxxx
Is there a way to lock down all file types with the exception of a
"whitelist" on a Windows Server?
I want to actually specify what file extentions are allowed to execute on
a server. I.E. .exe, .doc, .xls but I want to block everything else.
TIA
Alex
.
- Follow-Ups:
- Re: File Level Blocking
- From: Alex
- Re: File Level Blocking
- References:
- File Level Blocking
- From: Alex
- File Level Blocking
- Prev by Date: Re: Right to add computers to a domain
- Next by Date: Re: File Level Blocking
- Previous by thread: File Level Blocking
- Next by thread: Re: File Level Blocking
- Index(es):
Relevant Pages
|
