Solved

how to deny running portable softwares?

Posted on 2011-02-21
4
1,742 Views
Last Modified: 2012-06-27
how to deny running portable softwares?
0
Comment
Question by:Mirceyhun
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 34941322
Is using external software an option, or do you want to do this using AD ?

If AD - you have two options 1) disable USB drives using GPO or 2) specifically allow all applications that you want to allow - anything not mentioned (i.e usb etc) will be blocked.
0
 
LVL 20

Accepted Solution

by:
woolnoir earned 500 total points
ID: 34941365
or


To do this you need to modify the Local Security Settings.

1. From the start menu, go to the RUN command window and enter secpol.msc
2. In the Local Security Settings window, select Software Restrictions Policies, you'll notice on the right pane that there are no policies defined.
3. To create a policy, select Action from the toolbar, then select Create New Policies.
4. Once a policy is created, you'll notice 5 new objects in the right pane.
5. Select the Additional Rules Folder, right click and select New Path Rule.
6. A New Path Rule window appears. Here enter the path of the drive or folder you'd like to enforce restrictions on. After entering a path, make sure the Security level option is set to disallow.
7. Do this on all drives you wish to prevent this type of action on. For example A:\ D:\ E:\ F:\
8.Create a rule to prevent the user running executables in their home drive or the desktop. (We provide students with a mapped network drive H:\ Where they can be monitored from. They can run what they want from this drive.)
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34941373
You can also do the above from a GPO.
0
 

Author Closing Comment

by:Mirceyhun
ID: 34941435
thanks
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Here's a look at newsworthy articles and community happenings during the last month.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question