Solved

Active Directory

Posted on 2004-03-21
4
696 Views
Last Modified: 2012-05-04
Hello all,

I have a problem where children are creating a batch file and then running it. I cant stop the messenger service because of software running that uses it, also i cant stop the command prompt for script processing.  I have found an ADM file to stop VBScript, can anyone help me change or even  add to it the command prompt.

PS all i want to do really is change the default action for the file types CMD and BAT to open in notepad and not run.



CLASS MACHINE
   CATEGORY "Script_blocking"
      CATEGORY "VBSFile"
         POLICY "CScript_blocking"
                  KEYNAME !!C_VBS
             ACTIONLISTON
               VALUENAME ""
               VALUE !!CScript_cmd
             END ACTIONLISTON
                   ACTIONLISTOFF
               VALUENAME ""
               VALUE !!CScript_cmd_def
             END ACTIONLISTOFF
         END POLICY ;CScript_blocking
             POLICY "WScript_blocking"
                 KEYNAME !!W_VBS
             ACTIONLISTON
               VALUENAME ""
               VALUE !!WScript_cmd
             END ACTIONLISTON
                   ACTIONLISTOFF
               VALUENAME ""
               VALUE !!WScript_cmd_def
             END ACTIONLISTOFF
         END POLICY ;WScript_blocking
      END CATEGORY ; VBSFile

        CATEGORY "jsfile"
           POLICY "CScript_blocking"
                  KEYNAME !!C_js
             ACTIONLISTON
               VALUENAME ""
               VALUE !!CScript_cmd
             END ACTIONLISTON
                   ACTIONLISTOFF
               VALUENAME ""
               VALUE !!CScript_cmd_def
             END ACTIONLISTOFF
         END POLICY ;CScript_blocking
             POLICY "WScript_blocking"
                 KEYNAME !!W_js
             ACTIONLISTON
               VALUENAME ""
               VALUE !!WScript_cmd
             END ACTIONLISTON
                   ACTIONLISTOFF
               VALUENAME ""
               VALUE !!WScript_cmd_def
             END ACTIONLISTOFF
         END POLICY ;WScript_blocking
      END CATEGORY ; jsfile

        CATEGORY "WSHFile"
           POLICY "CScript_blocking"
                  KEYNAME !!C_WSH
             ACTIONLISTON
               VALUENAME ""
               VALUE !!CScript_cmd
             END ACTIONLISTON
                   ACTIONLISTOFF
               VALUENAME ""
               VALUE !!CScript_cmd_def
             END ACTIONLISTOFF
         END POLICY ;CScript_blocking
             POLICY "WScript_blocking"
                 KEYNAME !!W_WSH
             ACTIONLISTON
               VALUENAME ""
               VALUE !!WScript_cmd
             END ACTIONLISTON
                   ACTIONLISTOFF
               VALUENAME ""
               VALUE !!WScript_cmd_def
             END ACTIONLISTOFF
         END POLICY ;WScript_blocking
      END CATEGORY ; WSHFile

   END CATEGORY ; "Script_blocking"


[STRINGS]
CScript_cmd="%SystemRoot%\system32\NOTEPAD.EXE "%1" "
WScript_cmd="%SystemRoot%\system32\NOTEPAD.EXE "%1" "

CScript_cmd_def="%SystemRoot%\System32\CScript.exe "%1" %*"
WScript_cmd_def="%SystemRoot%\System32\WScript.exe "%1" %*"


C_VBS="SOFTWARE\Classes\VBSFile\Shell\Open2\Command"
W_VBS="SOFTWARE\Classes\VBSFile\Shell\Open\Command"

C_js="SOFTWARE\Classes\jsfile\Shell\Open2\Command"
W_js="SOFTWARE\Classes\jsfile\Shell\Open\Command"

C_WSH="SOFTWARE\Classes\WSHFile\Shell\Open2\Command"
W_WSH="SOFTWARE\Classes\WSHFile\Shell\Open\Command"
0
Comment
Question by:D_baker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 10643903
You can import the ADM file into your local system policy:

From the command prompt run MMC.EXE
From the file menu select "add/remove snapin" and then press add
Add the snapin "group Policy" and select it for the local machine

Navigate to the Administrative templates section for either the user or computer configuration

From the action menu select "add/remove templates"
The new ADM file setting will appear in the container and you will be able to configure the settings from there.

Beware that these settings will apply to everyone if configured from the computer configuration so do't disable something you may want to use later

HTH Cheers

JamesDS
0
 

Author Comment

by:D_baker
ID: 10645166
Thanks i know all about polcies and active directory but i want to know how to stop cmd and bat files from running without stopping complete script processing
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 10647150
sorry, lets try that again

You need to create a new category and insert it above the end category command:

I have no way of testing this here so expect to do a little debugging :)

       CATEGORY "CMDFile"
          POLICY "CMDScript_blocking"
               KEYNAME !!C_CMD
             ACTIONLISTON
               VALUENAME ""
               VALUE !!CMDScript_cmd
             END ACTIONLISTON
                ACTIONLISTOFF
               VALUENAME ""
               VALUE !!CMDScript_cmd_def
             END ACTIONLISTOFF
         END POLICY ;CMDScript_blocking
      END CATEGORY ; CMDFile


Add these strings:

CMDScript_cmd="%SystemRoot%\system32\NOTEPAD.EXE "%1" "

C_CMD="SOFTWARE\Classes\CMDFile\Shell\Open\Command"

CMDScript_cmd_def="%SystemRoot%\System32\CMD.exe "%1" %*"


That should get you started on .CMD files, follow my workings to do the .BAT files.

Cheers

JamesDS
0
 

Author Comment

by:D_baker
ID: 10648014
Many Thanks
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn about cloud computing and its benefits for small business owners.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question