• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 159
  • Last Modified:

How to prevent users from saying "yes" to "Are you sure want to open this?" popup?

Is there an easy configuration step I can make on a Windows XP machine to prevent it from executing downloaded or emailed files?

Specifically, with SP2 installed the user gets a "This file could contain viruses, are you sure you want to open it?" message. Is there a way to make it so, say, the user would need to enter a password in order to click "Yes"?

Note that it is not possible to run these users on "Limited User" accounts becuase of incompatible applications. I really just want a way to stop them from saying "Yes" to the warning pop-up.

Thanks!


0
bigjosh2
Asked:
bigjosh2
4 Solutions
 
SunBowCommented:
>  the user would need to enter a password in order to click "Yes"?

No. That is a different form of program. Your user has already logged in and has autenticated with a password.

> I really just want a way to stop them from saying "Yes" to the warning pop-up.

Train them. Ensure corp policy says they are not supposed to do it. Any who subsequently refuse to abide by a corp policy are indicating they do not agree to work for the company any longer

OTOH, MS is too frequently constrained to having that popup on nearly everything. Nearly all cases I want to run it, it is a word document I want or something similar. The popup itself is annoying enough. To add another level of password to that is certainly not going to win you any more friends at work.

This is pre-SP2 btw, nothing much new about viruses, except there are fewer being developed and emailed for MS Word anyway.

If you get a rash of evil attachments, block them at router, server or relay, don' leave them all to each individual.
0
 
SunBowCommented:
An alternative is to either deny them email or deny them any capability to process attachements. There are alternative methods to move files around
0
 
bigjosh2Author Commented:
Sorry, I'm really looking for a technological solution to an admittadly social problem.

Again, I feel like there must be a way to prevent users from downloading certian file types. I know that in OE you can block users from opening certain file types.

Thanks.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
bhanukir7Commented:
hi there

i hope this link would be helpful as this would let u customize

http://office.microsoft.com/en-us/assistance/HA011524811033.aspx

bhanu
0
 
PowerITCommented:
Sunbow: the solution to human error or negligence does not need to be technical. Certainly not for your own people.
Because when you solve this, they will find other ways to shoot themselves in the foot.

The solution really is a solid security policy combined with procedures, guidelines and security awareness training.
Have the policy signed by the users. And make sure it contains appropriate disciplinary actions.
Of course, before all else and starting a security policy: have management support.
If your management doesn't support security then forget about it. I'm not kidding.
Once you have the above, you can start thinking about logical countermeasures. In you case: a good antivirus on the clients and a decent firewall preferably with integrated antivirus, intrusion prevention, etc ...
Sometimes called: Unified Threat Management. Such a firewall can be configured not to allow certain file types to be downloaded and a lot more then that.

J.
0
 
Rich RumbleSecurity SamuraiCommented:
If you have Exchange, and or Active Directory you can in fact block certain file attachments:
http://support.microsoft.com/kb/837388#E0EC0ADAAA
http://www.google.com/search?hl=en&q=site%3Amicrosoft.com+exchange+block+file+attachment+types&btnG=Google+Search
http://www.microsoft.com/technet/technetmag/issues/2005/05/GroupPolicy/default.aspx
found using the search: http://www.google.com/search?hl=en&lr=&q=site%3Amicrosoft.com++block+file+attachment+types+%22group+policy%22&btnG=Search

Basically the search in google is:  Site:site_name.com terms_to_search_for
site:microsoft.com outlook block attachements "group policy"

Typically your antivirus solution for Exchange will also allow you to dictate the attachments you can and can't send/recieve. If you don't have AV on the PC's you should at the very leaste have them on the Email server!

As far as removing Admin rights from users, it's always the best practice to do day-to-day operations as the lowest privileged user possible. Have a look at these pages for some ideas on how you may be able to better protect your users in this way: http://xinn.org/win_bestpractices.html   http://www.xinn.org/RunasVBS.html
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp
http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx
http://sourceforge.net/projects/runasadmin
-rich
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now