phillipmillward
asked on
Dont allow users to run exe's from their home folders
I ma running windows 2003 server with xp clients.
I want to stop my users from running exe's from thier home folder.
Hope someone can help its driving me mad
Thanks
Phil Millward
ICT Manager
The Byrchall High School
I want to stop my users from running exe's from thier home folder.
Hope someone can help its driving me mad
Thanks
Phil Millward
ICT Manager
The Byrchall High School
ASKER
i work in a school so would that solution not stop all other department specific software from working???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I've heared of this issue, with people installing things into their home directory, one thing you can do is go into the advanced security permissions and turn off 'Tranvers Folders/Execute File' to stop people downloading exe's and then installing them.
However if they have CD-ROM access etc this will not solve the problem, - it will stop them from starting the application though after installing to their home directory, which would probs put them off in the future even installing rouge software.
However if they have CD-ROM access etc this will not solve the problem, - it will stop them from starting the application though after installing to their home directory, which would probs put them off in the future even installing rouge software.
Thanks for the points. Even trough, i still have some more advice im gonna write down. The issue you have, is EXACTLY the same as the institute i work at. They also had some problems with students installing illegal software. They had a good program to solve it trough.
At first, they decided to give NOONE except the admins acces to the c or d harddisk. they simply made it invisible in explorer, and disabled write acces. (this can be done trough the admin accounts special tabs. they can specify what users have write/read acces). The disk can be made invisible trough the XP hidden flags. (iff you cant acces them manually, try this program:http://www.snapfiles.com/get/freshui.html). To let the users still save their documents and such, each user got 10mb of disk space on the network, which also had the nice effect that they can work on every computer, without having to worry about their memory sticks, or about lost file searching.
The second thing they did, was disabling the download of .exe .zip and .rar (and .7zip and other compressors) trough the browser. Since students only very rarely need .exe or so files, its safe to disable the downloading of it. say for yourself, why would a student need a program?
Third problem was virusses, mallware and such, since some students visited somewhat... less trustable sites. Just install norton corporate edition, and a good antispyware scanner, and most things are solved. As a further measure they ghosted all PCs, and reset them every 2-4 weeks. This WONT whipe out the student files, since they are on the network. it just whipes out the illegal downloads and windows modifications. Of course, the server pc doesnt get such a whipeout.
For the student with not so legal sites, there was a good, trough expensive solution. they simply hires 3 system admins to keep an eye on the server computers all day, + someone to watch the computer rooms. If this would cost to much, simply keep logs of every user, and when it seems to go wrong, just look at the logs to see who caused the problem. last you should give every user a seperate account, so that they can be IDed.
Hope you can do something with this guide, GL,
FalconHawk
At first, they decided to give NOONE except the admins acces to the c or d harddisk. they simply made it invisible in explorer, and disabled write acces. (this can be done trough the admin accounts special tabs. they can specify what users have write/read acces). The disk can be made invisible trough the XP hidden flags. (iff you cant acces them manually, try this program:http://www.snapfiles.com/get/freshui.html). To let the users still save their documents and such, each user got 10mb of disk space on the network, which also had the nice effect that they can work on every computer, without having to worry about their memory sticks, or about lost file searching.
The second thing they did, was disabling the download of .exe .zip and .rar (and .7zip and other compressors) trough the browser. Since students only very rarely need .exe or so files, its safe to disable the downloading of it. say for yourself, why would a student need a program?
Third problem was virusses, mallware and such, since some students visited somewhat... less trustable sites. Just install norton corporate edition, and a good antispyware scanner, and most things are solved. As a further measure they ghosted all PCs, and reset them every 2-4 weeks. This WONT whipe out the student files, since they are on the network. it just whipes out the illegal downloads and windows modifications. Of course, the server pc doesnt get such a whipeout.
For the student with not so legal sites, there was a good, trough expensive solution. they simply hires 3 system admins to keep an eye on the server computers all day, + someone to watch the computer rooms. If this would cost to much, simply keep logs of every user, and when it seems to go wrong, just look at the logs to see who caused the problem. last you should give every user a seperate account, so that they can be IDed.
Hope you can do something with this guide, GL,
FalconHawk
[User Configuration\Administrati
-Run only allowed Windows applications