Solved

Blocking Google Chrome from Environment

Posted on 2011-02-22
8
1,127 Views
Last Modified: 2012-05-11
Does anyone know a way of blocking the use of Google chrome on a network via GPO. User are running xp in a 2k3 environment. I have added group policy blocking the .exe name but this is easily gotten around by changing the name of the file and running it from my docs where they have full access.
I know with Windows 7, applicatons can be blocked via signature. Is there anything similar available to me?
0
Comment
Question by:wolvesnj
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 8

Expert Comment

by:jimsweb
ID: 34950084
0
 
LVL 7

Expert Comment

by:David_Hagerman
ID: 34950105
you are always going to have these sort of problems. I would suggest stopping them from installing

Check out this link

How to Stop Users From Installing Google Chrome
http://www.windowsitpro.com/article/installation2/how-to-stop-users-from-installing-google-chrome.aspx
Create a software restriction policy for your Windows Vista or Windows XP machines
0
 

Author Comment

by:wolvesnj
ID: 34950279
Thanks for the response so far guys.
@jimsweb: the first link applies to only Windows 7. It is something like this I need for XP.
@David: I can try this but I don't believe there is anything stopping a user from moving the install file to another location and renaming it.

Is there any other way of blocking other than by filename?
0
 
LVL 35

Expert Comment

by:torimar
ID: 34950494
You could create a hash rule and block the executable's hash as well.

Please check this knowledge base article: http://support.microsoft.com/kb/324036
(How To use Software Restriction Policies in Windows Server 2003)

Scroll down for the chapter "How to create a Hash Rule".
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 7

Accepted Solution

by:
David_Hagerman earned 500 total points
ID: 34950498
here is another way that might work

Computer Configuration > Security Settings > Software Restriction Policy ('New Software restriction policy')

Go to 'Additional Rules' and add in a rule to block this app. From the sounds of it you will want a Hash rule. This will identify a specific application, regardless of it's location when executed. Have the file to hand when you create the rule and browse to it. This will create a hash which is unique to just that specific executable. Set the security level for this rule to 'Disallowed'. Apply this GPO to all machines in question.

(bear in mind that a hash rule only identifies that specific executable. If a new version of the app is released you will have to create a new hash rule)

let me know
0
 
LVL 7

Expert Comment

by:David_Hagerman
ID: 34950506
you might have a problem with the hash file so maybe check that the exe is exactly the same , version etc
0
 

Author Comment

by:wolvesnj
ID: 34997826
Thanks David. That works perfectly
0
 
LVL 35

Expert Comment

by:torimar
ID: 34998357
That was the exact same solution I proposed one comment before David Hagerman, with the exception that I referred you to an official document instead of describing the method with my own words.

I am disappointed that you did not at least take my suggestion into account.
Here's what the official Experts-Exchange help files have to say about skipping solutions and similar solutions posted at roughly the same time:
http://www.experts-exchange.com/help.jsp#hs=23&hi=20

If you should want to correct your decision, simply click the 'Request Attention' link in your first post and ask a moderator to reopen this thread.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently found myself in a Corporate Situation where the client had requested blocking access to any and all websites except his own Domain? Easy? I am sure this would be your answer but their requirement was, this has to be done without using…
Introduction If you're like most people, you have occasionally made a typographical error when you're entering information into an online form.  And to your consternation, the browser remembers the error, and offers to autocomplete your future entr…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now