Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how to deny running portable softwares?

Posted on 2011-02-21
4
Medium Priority
?
1,751 Views
Last Modified: 2012-06-27
how to deny running portable softwares?
0
Comment
Question by:Mirceyhun
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 34941322
Is using external software an option, or do you want to do this using AD ?

If AD - you have two options 1) disable USB drives using GPO or 2) specifically allow all applications that you want to allow - anything not mentioned (i.e usb etc) will be blocked.
0
 
LVL 20

Accepted Solution

by:
woolnoir earned 2000 total points
ID: 34941365
or


To do this you need to modify the Local Security Settings.

1. From the start menu, go to the RUN command window and enter secpol.msc
2. In the Local Security Settings window, select Software Restrictions Policies, you'll notice on the right pane that there are no policies defined.
3. To create a policy, select Action from the toolbar, then select Create New Policies.
4. Once a policy is created, you'll notice 5 new objects in the right pane.
5. Select the Additional Rules Folder, right click and select New Path Rule.
6. A New Path Rule window appears. Here enter the path of the drive or folder you'd like to enforce restrictions on. After entering a path, make sure the Security level option is set to disallow.
7. Do this on all drives you wish to prevent this type of action on. For example A:\ D:\ E:\ F:\
8.Create a rule to prevent the user running executables in their home drive or the desktop. (We provide students with a mapped network drive H:\ Where they can be monitored from. They can run what they want from this drive.)
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34941373
You can also do the above from a GPO.
0
 

Author Closing Comment

by:Mirceyhun
ID: 34941435
thanks
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question