how to deny running portable softwares?

Posted on 2011-02-21
Medium Priority
Last Modified: 2012-06-27
how to deny running portable softwares?
Question by:Mirceyhun
  • 3
LVL 20

Expert Comment

ID: 34941322
Is using external software an option, or do you want to do this using AD ?

If AD - you have two options 1) disable USB drives using GPO or 2) specifically allow all applications that you want to allow - anything not mentioned (i.e usb etc) will be blocked.
LVL 20

Accepted Solution

woolnoir earned 2000 total points
ID: 34941365

To do this you need to modify the Local Security Settings.

1. From the start menu, go to the RUN command window and enter secpol.msc
2. In the Local Security Settings window, select Software Restrictions Policies, you'll notice on the right pane that there are no policies defined.
3. To create a policy, select Action from the toolbar, then select Create New Policies.
4. Once a policy is created, you'll notice 5 new objects in the right pane.
5. Select the Additional Rules Folder, right click and select New Path Rule.
6. A New Path Rule window appears. Here enter the path of the drive or folder you'd like to enforce restrictions on. After entering a path, make sure the Security level option is set to disallow.
7. Do this on all drives you wish to prevent this type of action on. For example A:\ D:\ E:\ F:\
8.Create a rule to prevent the user running executables in their home drive or the desktop. (We provide students with a mapped network drive H:\ Where they can be monitored from. They can run what they want from this drive.)
LVL 20

Expert Comment

ID: 34941373
You can also do the above from a GPO.

Author Closing Comment

ID: 34941435

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Seizing the Operation Master Roles in Windows Server 2016 in case of FSMO holder failure.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question