Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Need to block downloads & installs from internet

Posted on 2005-03-14
2
Medium Priority
?
283 Views
Last Modified: 2013-12-04
We're running Windows 2000 Server, clients are all XP or 2000.  Some users are downloading games, screensavers, etc from internet, even ones who are in the restricted users group, and their IE settings are at highest security level.  We're moving users from IE to Firefox to try to control popups and malware.
(1)How do I set the domain policy so that only users with domain admin or power user rights can download files from internet and install them?  
(2)Will this stop spyware and other stuff from installing itself in the background?

Thanks
0
Comment
Question by:maharlika
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 440 total points
ID: 13536647
If the users are in the "users group" on their local machines, they cannot install (or shouldn't be able to) programs. But that only holds true for programs that want/need to access the registry for additions or modifications and or register plugins or dlls with the OS. Programs that are standalone, and require no real modification to the os, or do not require files to "be installed" in the normal sense we think of when we say "install".  If they are able to do this, the perhaps they are listed in the power user's group, or admins' as well of thier local machines. This can also happen if you've upgraded the OS from let's say win2k to xp, and they were admin's previously on their machines.

Here is how to set an AD policy to deny them the ability to download certain file extensions.
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/ierk/appxa_d.asp
http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/xpsgch06.mspx
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/w2k3tr_gpsrp_what.asp
http://support.microsoft.com/?kbid=271135 (just in case)

basically- open group policy manager
expand computer configuration >> windows settings >>
security settings >> software restrictions

If your users are able to install software that modifies the registry, and or add's program files outside their profile... then they have something giving them this right...

users in the "users group" should have less spy-ware, but it's not much. FireFox is a good choice to help. be sure they know why your moving to firefox, and what to do if a page doesn't render properly. We like to use a vbe file (an encoded vbs file) to launch IE as the local guest user (actually is a user in the guest's group)

Read this site for the vbs file and how to convert it to vbe.

http://xinn.org/RunasVBS.html
-rich








0
 
LVL 24

Assisted Solution

by:SunBow
SunBow earned 440 total points
ID: 13538753
a) make a rule, no downloading
b) anyone who demonstrates desires to break rules cna be released to go practise where it is more acceptable

>  only users with domain admin
ok.
Don't let others write to the disk either, or the registry.

> )Will this stop spyware and other stuff from installing itself

Nope. Why do you think they proliferate so much when we (most of us) really do not want them?  
Many use stolen credit card info to reimburse their sites, so a good idea to deter them is to enforce privacy, do not let otheres make private information available, and warn users about the misuses that others may seek when simply sneeking to see their internet identity or ID to proliferate malware.  Users who download can esily become zombies, unless they already are zombies.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses
Course of the Month11 days, 17 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question