Solved

Prevent Applications from running from command prompt.

Posted on 2006-06-26
5
549 Views
Last Modified: 2012-06-21
I may just be spacing here, but I seem to recall a way that there was to prevent applications from being run from the command line.  Here's the situation.  I blocked access to the C: drive and to certain applications on the C: drive using group policy.  I knew that blocking certain applications in group policy would not work from the command prompt, which is why I prevented access to the C: drive.  When you go to start > Run then type c:\, it comes up properly and blocks the drive from coming up.  But when you run cmd.exe, then change drives, the drive is fully accessible.

I really thought there was a way to stop that....and I'm either wrong or I just cannot remember how to do it.  Can anyone offer a quick fix to this?  It seems stupid to block access to everything EXCEPT if you go into the command prompt.

FYI...I don't want to block access to the command prompt simply because the students need access to TCP/IP diagnostic tools for their networking classes.

Thanks in advance!

James
0
Comment
Question by:jamesreddy
  • 3
  • 2
5 Comments
 
LVL 30

Expert Comment

by:callrs
ID: 16989092
0
 
LVL 30

Expert Comment

by:callrs
ID: 16989115
0
 
LVL 30

Accepted Solution

by:
callrs earned 500 total points
ID: 16989133
The above may not block access to command.com, but this will:

http://www.experts-exchange.com/Operating_Systems/Q_21792248.html     Operating Systems: Disable access to command.com
--> http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html   "Using Software Restriction Policies To Keep Games Off Of Your Network"

This solution uses file hash, so that even renaming command.com or running it from a floppy won't work.
0
 
LVL 9

Author Comment

by:jamesreddy
ID: 16992016
Thanks for the suggestions folks, but notice the part of my question where I WANT them to have access to the command prompt, but NOT to the applications.  They need access to the command prompt for their classes.

In any event, I figured it out.  It was the software policy portion of group policy.  I created a path statement and a hash statement to be disallowed for the applications I do not want students to use.  They can now no longer execute the program from the command prompt.

James
0
 
LVL 9

Author Comment

by:jamesreddy
ID: 16992041
Since Callrs second link on software policies was the correct answer...I'm awarding him the points.  Thanks for everyone's input.

James
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Memory (kernel) dump BSOD's 2X per week: Why? 40 148
Functional Level 2012 R2 and XP 3 139
password expiry Windows 6 134
Lock down IT Intern accounts 4 104
We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now