Solved

How can i block portable file

Posted on 2009-04-01
10
1,923 Views
Last Modified: 2013-11-30
Dears;
In my company network, users have limited privileges because they are in Domain Users group.
one day i found most of them they have a portable games files that have EXE and PPS extensions. Those files are not need to make installations gust copy it from cd,flopy,email,....etc ,and play it
So how can I block these files from running?
0
Comment
Question by:Samizaghloul
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 5

Expert Comment

by:theoaks
ID: 24037942
using software restriction policies you can limit what executables can be run in on your workstations.

http://technet.microsoft.com/en-us/library/bb457006.aspx


0
 

Author Comment

by:Samizaghloul
ID: 24047303
Ok, this is a very good informations which i learned from your link.
I found the following part on your link that is said:
***************************************
To Make Policy for Managing all Software on a Machine
      -Default Security Level: Disallowed
      -Apply software restriction policies to the following users:
               All users except administrators.
      -Unrestricted Path Rules %WINDIR%
      -Unrestricted Path Rules %PROGRAMFILES%
***************************************
I did not test it yet.
BUT this is will not block the games scripts runing iside Exel and PowerPont file ,and surly will block exe files that runing i any boths that are not mentioned before..... is it right??

Regards

0
 
LVL 5

Expert Comment

by:theoaks
ID: 24048999
you can disable the apps inside excel by decreasing the security levels to not allow vba content, but this would stop the users who are legitimately using excel macros.

as for the policy, that seems fine, alothough using hash method is far more secure.


0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 6

Expert Comment

by:jimmmg
ID: 24057949
here is a tool that can block certain fles from running, take a look here and u can have a free trial if interested:
www.employee-monitoring.net 
0
 

Author Comment

by:Samizaghloul
ID: 24066178
Dear jimmmg: This a monitoring software .I'm looking for restriction policies to prevent runnig all types of games either running through PowerPoint or excel or portable exe files.

Dear theoaks:Thanks for your help but still I need more restriction tools, because I don't know the name of games files and the user can changing these names.So i can't trace all names.

any help?
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24066526
if you use a hash policy, it doesn't matter what they name the file or game. you need to get a list of all allowed applications, and create an allow policy for these applications.

From the article i sent you:

"If an administrator knows all of the software that should run, then a software restriction policy can be applied to control execution to only this list of trusted applications.

Hash Rules

A hash rule is a cryptographic fingerprint that uniquely identifies a file regardless of where it is accessed or what it is named. An administrator may not want users to run a particular version of a program. This may be the case if the program has security or privacy bugs, or compromises system stability. With a hash rule, software can be renamed or moved into another location on a disk, but it will still match the hash rule because the rule is based on a cryptographic calculation involving file contents."

this means when a user tries to run an application that isnt apporved by your policy, it gets blocked, regardless of its name etc...

this is extremely affective technique and it is free on a windows network. by deploying through GPO.

0
 

Author Comment

by:Samizaghloul
ID: 24070984
thanks, but there is another way?
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24071203
other than paying for software, no.

not sure why you wouldn't want to use the supplied method.

it there, its free, it works. whether they rename or not.

if you want to pay for something, try this

http://www.browsecontrol.com/application.htm




0
 

Author Comment

by:Samizaghloul
ID: 24074861
Dear theoaks: To implement a Hash Method (Rule) ,Should I have the file itself to fetch out  the fingerprint for that file ,but in my case I don't know\have a list of files and every day I seeing new games with my users.
So, in this case I have to implement a path method (rule), but even this rule when I implemented it doesn't work.
One more thing I have to prevent games that are designed to be played inside PowerPoint and Excel
0
 
LVL 5

Accepted Solution

by:
theoaks earned 125 total points
ID: 24074883
you are not making a hash rule to block game files. you are making a hash rule to ALLOW specific files like ones your company uses. EVERYTHING else will be blocked.

i have explained how to block the excel files. by blocking vba from runnning in excel. thats the only way short of stopping them access to excel completely.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question