Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

how to deny running portable softwares?

Posted on 2011-02-21
4
Medium Priority
?
1,759 Views
Last Modified: 2012-06-27
how to deny running portable softwares?
0
Comment
Question by:Mirceyhun
  • 3
4 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 34941322
Is using external software an option, or do you want to do this using AD ?

If AD - you have two options 1) disable USB drives using GPO or 2) specifically allow all applications that you want to allow - anything not mentioned (i.e usb etc) will be blocked.
0
 
LVL 20

Accepted Solution

by:
woolnoir earned 2000 total points
ID: 34941365
or


To do this you need to modify the Local Security Settings.

1. From the start menu, go to the RUN command window and enter secpol.msc
2. In the Local Security Settings window, select Software Restrictions Policies, you'll notice on the right pane that there are no policies defined.
3. To create a policy, select Action from the toolbar, then select Create New Policies.
4. Once a policy is created, you'll notice 5 new objects in the right pane.
5. Select the Additional Rules Folder, right click and select New Path Rule.
6. A New Path Rule window appears. Here enter the path of the drive or folder you'd like to enforce restrictions on. After entering a path, make sure the Security level option is set to disallow.
7. Do this on all drives you wish to prevent this type of action on. For example A:\ D:\ E:\ F:\
8.Create a rule to prevent the user running executables in their home drive or the desktop. (We provide students with a mapped network drive H:\ Where they can be monitored from. They can run what they want from this drive.)
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34941373
You can also do the above from a GPO.
0
 

Author Closing Comment

by:Mirceyhun
ID: 34941435
thanks
0

Featured Post

[Webinar] Cloud Security

In this webinar you will learn:

-Why existing firewall and DMZ architectures are not suited for securing cloud applications
-How to make your enterprise “Cloud Ready”, and fix your aging DMZ architecture
-How to transform your enterprise and become a Cloud Enabler

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question