Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 157
  • Last Modified:

How to prevent users from saying "yes" to "Are you sure want to open this?" popup?

Is there an easy configuration step I can make on a Windows XP machine to prevent it from executing downloaded or emailed files?

Specifically, with SP2 installed the user gets a "This file could contain viruses, are you sure you want to open it?" message. Is there a way to make it so, say, the user would need to enter a password in order to click "Yes"?

Note that it is not possible to run these users on "Limited User" accounts becuase of incompatible applications. I really just want a way to stop them from saying "Yes" to the warning pop-up.

Thanks!


0
bigjosh2
Asked:
bigjosh2
4 Solutions
 
SunBowCommented:
>  the user would need to enter a password in order to click "Yes"?

No. That is a different form of program. Your user has already logged in and has autenticated with a password.

> I really just want a way to stop them from saying "Yes" to the warning pop-up.

Train them. Ensure corp policy says they are not supposed to do it. Any who subsequently refuse to abide by a corp policy are indicating they do not agree to work for the company any longer

OTOH, MS is too frequently constrained to having that popup on nearly everything. Nearly all cases I want to run it, it is a word document I want or something similar. The popup itself is annoying enough. To add another level of password to that is certainly not going to win you any more friends at work.

This is pre-SP2 btw, nothing much new about viruses, except there are fewer being developed and emailed for MS Word anyway.

If you get a rash of evil attachments, block them at router, server or relay, don' leave them all to each individual.
0
 
SunBowCommented:
An alternative is to either deny them email or deny them any capability to process attachements. There are alternative methods to move files around
0
 
bigjosh2Author Commented:
Sorry, I'm really looking for a technological solution to an admittadly social problem.

Again, I feel like there must be a way to prevent users from downloading certian file types. I know that in OE you can block users from opening certain file types.

Thanks.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
bhanukir7Commented:
hi there

i hope this link would be helpful as this would let u customize

http://office.microsoft.com/en-us/assistance/HA011524811033.aspx

bhanu
0
 
PowerITCommented:
Sunbow: the solution to human error or negligence does not need to be technical. Certainly not for your own people.
Because when you solve this, they will find other ways to shoot themselves in the foot.

The solution really is a solid security policy combined with procedures, guidelines and security awareness training.
Have the policy signed by the users. And make sure it contains appropriate disciplinary actions.
Of course, before all else and starting a security policy: have management support.
If your management doesn't support security then forget about it. I'm not kidding.
Once you have the above, you can start thinking about logical countermeasures. In you case: a good antivirus on the clients and a decent firewall preferably with integrated antivirus, intrusion prevention, etc ...
Sometimes called: Unified Threat Management. Such a firewall can be configured not to allow certain file types to be downloaded and a lot more then that.

J.
0
 
Rich RumbleSecurity SamuraiCommented:
If you have Exchange, and or Active Directory you can in fact block certain file attachments:
http://support.microsoft.com/kb/837388#E0EC0ADAAA
http://www.google.com/search?hl=en&q=site%3Amicrosoft.com+exchange+block+file+attachment+types&btnG=Google+Search
http://www.microsoft.com/technet/technetmag/issues/2005/05/GroupPolicy/default.aspx
found using the search: http://www.google.com/search?hl=en&lr=&q=site%3Amicrosoft.com++block+file+attachment+types+%22group+policy%22&btnG=Search

Basically the search in google is:  Site:site_name.com terms_to_search_for
site:microsoft.com outlook block attachements "group policy"

Typically your antivirus solution for Exchange will also allow you to dictate the attachments you can and can't send/recieve. If you don't have AV on the PC's you should at the very leaste have them on the Email server!

As far as removing Admin rights from users, it's always the best practice to do day-to-day operations as the lowest privileged user possible. Have a look at these pages for some ideas on how you may be able to better protect your users in this way: http://xinn.org/win_bestpractices.html   http://www.xinn.org/RunasVBS.html
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp
http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx
http://sourceforge.net/projects/runasadmin
-rich
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now