Solved

How can i block portable file

Posted on 2009-04-01
10
1,916 Views
Last Modified: 2013-11-30
Dears;
In my company network, users have limited privileges because they are in Domain Users group.
one day i found most of them they have a portable games files that have EXE and PPS extensions. Those files are not need to make installations gust copy it from cd,flopy,email,....etc ,and play it
So how can I block these files from running?
0
Comment
Question by:Samizaghloul
  • 5
  • 4
10 Comments
 
LVL 5

Expert Comment

by:theoaks
ID: 24037942
using software restriction policies you can limit what executables can be run in on your workstations.

http://technet.microsoft.com/en-us/library/bb457006.aspx


0
 

Author Comment

by:Samizaghloul
ID: 24047303
Ok, this is a very good informations which i learned from your link.
I found the following part on your link that is said:
***************************************
To Make Policy for Managing all Software on a Machine
      -Default Security Level: Disallowed
      -Apply software restriction policies to the following users:
               All users except administrators.
      -Unrestricted Path Rules %WINDIR%
      -Unrestricted Path Rules %PROGRAMFILES%
***************************************
I did not test it yet.
BUT this is will not block the games scripts runing iside Exel and PowerPont file ,and surly will block exe files that runing i any boths that are not mentioned before..... is it right??

Regards

0
 
LVL 5

Expert Comment

by:theoaks
ID: 24048999
you can disable the apps inside excel by decreasing the security levels to not allow vba content, but this would stop the users who are legitimately using excel macros.

as for the policy, that seems fine, alothough using hash method is far more secure.


0
 
LVL 6

Expert Comment

by:jimmmg
ID: 24057949
here is a tool that can block certain fles from running, take a look here and u can have a free trial if interested:
www.employee-monitoring.net
0
 

Author Comment

by:Samizaghloul
ID: 24066178
Dear jimmmg: This a monitoring software .I'm looking for restriction policies to prevent runnig all types of games either running through PowerPoint or excel or portable exe files.

Dear theoaks:Thanks for your help but still I need more restriction tools, because I don't know the name of games files and the user can changing these names.So i can't trace all names.

any help?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 5

Expert Comment

by:theoaks
ID: 24066526
if you use a hash policy, it doesn't matter what they name the file or game. you need to get a list of all allowed applications, and create an allow policy for these applications.

From the article i sent you:

"If an administrator knows all of the software that should run, then a software restriction policy can be applied to control execution to only this list of trusted applications.

Hash Rules

A hash rule is a cryptographic fingerprint that uniquely identifies a file regardless of where it is accessed or what it is named. An administrator may not want users to run a particular version of a program. This may be the case if the program has security or privacy bugs, or compromises system stability. With a hash rule, software can be renamed or moved into another location on a disk, but it will still match the hash rule because the rule is based on a cryptographic calculation involving file contents."

this means when a user tries to run an application that isnt apporved by your policy, it gets blocked, regardless of its name etc...

this is extremely affective technique and it is free on a windows network. by deploying through GPO.

0
 

Author Comment

by:Samizaghloul
ID: 24070984
thanks, but there is another way?
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24071203
other than paying for software, no.

not sure why you wouldn't want to use the supplied method.

it there, its free, it works. whether they rename or not.

if you want to pay for something, try this

http://www.browsecontrol.com/application.htm




0
 

Author Comment

by:Samizaghloul
ID: 24074861
Dear theoaks: To implement a Hash Method (Rule) ,Should I have the file itself to fetch out  the fingerprint for that file ,but in my case I don't know\have a list of files and every day I seeing new games with my users.
So, in this case I have to implement a path method (rule), but even this rule when I implemented it doesn't work.
One more thing I have to prevent games that are designed to be played inside PowerPoint and Excel
0
 
LVL 5

Accepted Solution

by:
theoaks earned 125 total points
ID: 24074883
you are not making a hash rule to block game files. you are making a hash rule to ALLOW specific files like ones your company uses. EVERYTHING else will be blocked.

i have explained how to block the excel files. by blocking vba from runnning in excel. thats the only way short of stopping them access to excel completely.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Printer Settings 3 64
Cisco VSS or VCP on GNS3 or IOU 3 33
svg file 10 39
EIGRP on point-to-point vlan 14 24
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now