Dont allow users to run exe's from their home folders

Posted on 2005-04-26
Last Modified: 2010-04-11
I ma running windows 2003 server with xp clients.

I want to stop my users from running exe's from thier home folder.

Hope someone can help its driving me mad


Phil Millward
ICT Manager
The Byrchall High School
Question by:phillipmillward
    LVL 9

    Expert Comment

    I would do this in group policy.  There is an option to only allow then to run certain applications.  
    [User Configuration\Administrative Templates\System]
    -Run only allowed Windows applications


    Author Comment

    i work in a school so would that solution not stop all other department specific software from working???
    LVL 4

    Accepted Solution

    No. If you set the group policy for the student accounts, it wont interfear with the normal admin account. You can also set the installer not to install any programs, or block the registery so that they cant make chances to it. those 3 together have a pretty high succes rate of blocking installs. But keep in mind, nothing is unblockable, you can only make it so hard its not worthwhile/hard to break for normal users
    LVL 3

    Expert Comment

    I've heared of this issue, with people installing things into their home directory, one thing you can do is go into the advanced security permissions and turn off 'Tranvers Folders/Execute File' to stop people downloading exe's and then installing them.

    However if they have CD-ROM access etc this will not solve the problem, - it will stop them from starting the application though after installing to their home directory, which would probs put them off in the future even installing rouge software.

    LVL 4

    Expert Comment

    Thanks for the points. Even trough, i still have some more advice im gonna write down. The issue you have, is EXACTLY the same as the institute i work at. They also had some problems with students installing illegal software. They had a good program to solve it trough.

    At first, they decided to give NOONE except the admins acces to the c or d harddisk. they simply made it invisible in explorer, and disabled write acces. (this can be done trough the admin accounts special tabs. they can specify what users have write/read acces). The disk can be made invisible trough the XP hidden flags. (iff you cant acces them manually, try this    program: To let the users still save their documents and such, each user got 10mb of disk space on the network, which also had the nice effect that they can work on every computer, without having to worry about their memory sticks, or about lost file searching.

    The second thing they did, was disabling the download of .exe .zip and .rar (and .7zip and other compressors) trough the browser. Since students only very rarely need .exe or so files, its safe to disable the downloading of it. say for yourself, why would a student need a program?

    Third problem was virusses, mallware and such, since some students visited somewhat... less trustable sites. Just install norton corporate edition, and a good antispyware scanner, and most things are solved. As a further measure they ghosted all PCs, and reset them every 2-4 weeks. This WONT whipe out the student files, since they are on the network. it just whipes out the illegal downloads and windows modifications. Of course, the server pc doesnt get such a whipeout.

    For the student with not so legal sites, there was a good, trough expensive solution. they simply hires 3 system admins to keep an eye on the server computers all day, + someone to watch the computer rooms. If this would cost to much, simply keep logs of every user, and when it seems to go wrong, just look at the logs to see who caused the problem. last you should give every user a seperate account, so that they can be IDed.

    Hope you can do something with this guide, GL,

    Featured Post

    Gigs: Get Your Project Delivered by an Expert

    Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

    Join & Write a Comment

    Suggested Solutions

    Email attacks are the most efficient and effective way for cyber criminals and hackers to compromise a computer or network. We often find our-self second guessing the authenticity of an email message, for such instances we can follow practical princ…
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now