Solved

How can i block portable file

Posted on 2009-04-01
10
1,917 Views
Last Modified: 2013-11-30
Dears;
In my company network, users have limited privileges because they are in Domain Users group.
one day i found most of them they have a portable games files that have EXE and PPS extensions. Those files are not need to make installations gust copy it from cd,flopy,email,....etc ,and play it
So how can I block these files from running?
0
Comment
Question by:Samizaghloul
  • 5
  • 4
10 Comments
 
LVL 5

Expert Comment

by:theoaks
ID: 24037942
using software restriction policies you can limit what executables can be run in on your workstations.

http://technet.microsoft.com/en-us/library/bb457006.aspx


0
 

Author Comment

by:Samizaghloul
ID: 24047303
Ok, this is a very good informations which i learned from your link.
I found the following part on your link that is said:
***************************************
To Make Policy for Managing all Software on a Machine
      -Default Security Level: Disallowed
      -Apply software restriction policies to the following users:
               All users except administrators.
      -Unrestricted Path Rules %WINDIR%
      -Unrestricted Path Rules %PROGRAMFILES%
***************************************
I did not test it yet.
BUT this is will not block the games scripts runing iside Exel and PowerPont file ,and surly will block exe files that runing i any boths that are not mentioned before..... is it right??

Regards

0
 
LVL 5

Expert Comment

by:theoaks
ID: 24048999
you can disable the apps inside excel by decreasing the security levels to not allow vba content, but this would stop the users who are legitimately using excel macros.

as for the policy, that seems fine, alothough using hash method is far more secure.


0
 
LVL 6

Expert Comment

by:jimmmg
ID: 24057949
here is a tool that can block certain fles from running, take a look here and u can have a free trial if interested:
www.employee-monitoring.net 
0
 

Author Comment

by:Samizaghloul
ID: 24066178
Dear jimmmg: This a monitoring software .I'm looking for restriction policies to prevent runnig all types of games either running through PowerPoint or excel or portable exe files.

Dear theoaks:Thanks for your help but still I need more restriction tools, because I don't know the name of games files and the user can changing these names.So i can't trace all names.

any help?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 5

Expert Comment

by:theoaks
ID: 24066526
if you use a hash policy, it doesn't matter what they name the file or game. you need to get a list of all allowed applications, and create an allow policy for these applications.

From the article i sent you:

"If an administrator knows all of the software that should run, then a software restriction policy can be applied to control execution to only this list of trusted applications.

Hash Rules

A hash rule is a cryptographic fingerprint that uniquely identifies a file regardless of where it is accessed or what it is named. An administrator may not want users to run a particular version of a program. This may be the case if the program has security or privacy bugs, or compromises system stability. With a hash rule, software can be renamed or moved into another location on a disk, but it will still match the hash rule because the rule is based on a cryptographic calculation involving file contents."

this means when a user tries to run an application that isnt apporved by your policy, it gets blocked, regardless of its name etc...

this is extremely affective technique and it is free on a windows network. by deploying through GPO.

0
 

Author Comment

by:Samizaghloul
ID: 24070984
thanks, but there is another way?
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24071203
other than paying for software, no.

not sure why you wouldn't want to use the supplied method.

it there, its free, it works. whether they rename or not.

if you want to pay for something, try this

http://www.browsecontrol.com/application.htm




0
 

Author Comment

by:Samizaghloul
ID: 24074861
Dear theoaks: To implement a Hash Method (Rule) ,Should I have the file itself to fetch out  the fingerprint for that file ,but in my case I don't know\have a list of files and every day I seeing new games with my users.
So, in this case I have to implement a path method (rule), but even this rule when I implemented it doesn't work.
One more thing I have to prevent games that are designed to be played inside PowerPoint and Excel
0
 
LVL 5

Accepted Solution

by:
theoaks earned 125 total points
ID: 24074883
you are not making a hash rule to block game files. you are making a hash rule to ALLOW specific files like ones your company uses. EVERYTHING else will be blocked.

i have explained how to block the excel files. by blocking vba from runnning in excel. thats the only way short of stopping them access to excel completely.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now