Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How can i block portable file

Posted on 2009-04-01
10
Medium Priority
?
1,928 Views
Last Modified: 2013-11-30
Dears;
In my company network, users have limited privileges because they are in Domain Users group.
one day i found most of them they have a portable games files that have EXE and PPS extensions. Those files are not need to make installations gust copy it from cd,flopy,email,....etc ,and play it
So how can I block these files from running?
0
Comment
Question by:Samizaghloul
  • 5
  • 4
10 Comments
 
LVL 5

Expert Comment

by:theoaks
ID: 24037942
using software restriction policies you can limit what executables can be run in on your workstations.

http://technet.microsoft.com/en-us/library/bb457006.aspx


0
 

Author Comment

by:Samizaghloul
ID: 24047303
Ok, this is a very good informations which i learned from your link.
I found the following part on your link that is said:
***************************************
To Make Policy for Managing all Software on a Machine
      -Default Security Level: Disallowed
      -Apply software restriction policies to the following users:
               All users except administrators.
      -Unrestricted Path Rules %WINDIR%
      -Unrestricted Path Rules %PROGRAMFILES%
***************************************
I did not test it yet.
BUT this is will not block the games scripts runing iside Exel and PowerPont file ,and surly will block exe files that runing i any boths that are not mentioned before..... is it right??

Regards

0
 
LVL 5

Expert Comment

by:theoaks
ID: 24048999
you can disable the apps inside excel by decreasing the security levels to not allow vba content, but this would stop the users who are legitimately using excel macros.

as for the policy, that seems fine, alothough using hash method is far more secure.


0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 6

Expert Comment

by:jimmmg
ID: 24057949
here is a tool that can block certain fles from running, take a look here and u can have a free trial if interested:
www.employee-monitoring.net 
0
 

Author Comment

by:Samizaghloul
ID: 24066178
Dear jimmmg: This a monitoring software .I'm looking for restriction policies to prevent runnig all types of games either running through PowerPoint or excel or portable exe files.

Dear theoaks:Thanks for your help but still I need more restriction tools, because I don't know the name of games files and the user can changing these names.So i can't trace all names.

any help?
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24066526
if you use a hash policy, it doesn't matter what they name the file or game. you need to get a list of all allowed applications, and create an allow policy for these applications.

From the article i sent you:

"If an administrator knows all of the software that should run, then a software restriction policy can be applied to control execution to only this list of trusted applications.

Hash Rules

A hash rule is a cryptographic fingerprint that uniquely identifies a file regardless of where it is accessed or what it is named. An administrator may not want users to run a particular version of a program. This may be the case if the program has security or privacy bugs, or compromises system stability. With a hash rule, software can be renamed or moved into another location on a disk, but it will still match the hash rule because the rule is based on a cryptographic calculation involving file contents."

this means when a user tries to run an application that isnt apporved by your policy, it gets blocked, regardless of its name etc...

this is extremely affective technique and it is free on a windows network. by deploying through GPO.

0
 

Author Comment

by:Samizaghloul
ID: 24070984
thanks, but there is another way?
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24071203
other than paying for software, no.

not sure why you wouldn't want to use the supplied method.

it there, its free, it works. whether they rename or not.

if you want to pay for something, try this

http://www.browsecontrol.com/application.htm




0
 

Author Comment

by:Samizaghloul
ID: 24074861
Dear theoaks: To implement a Hash Method (Rule) ,Should I have the file itself to fetch out  the fingerprint for that file ,but in my case I don't know\have a list of files and every day I seeing new games with my users.
So, in this case I have to implement a path method (rule), but even this rule when I implemented it doesn't work.
One more thing I have to prevent games that are designed to be played inside PowerPoint and Excel
0
 
LVL 5

Accepted Solution

by:
theoaks earned 375 total points
ID: 24074883
you are not making a hash rule to block game files. you are making a hash rule to ALLOW specific files like ones your company uses. EVERYTHING else will be blocked.

i have explained how to block the excel files. by blocking vba from runnning in excel. thats the only way short of stopping them access to excel completely.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question