Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1158
  • Last Modified:

Blocking Google Chrome from Environment

Does anyone know a way of blocking the use of Google chrome on a network via GPO. User are running xp in a 2k3 environment. I have added group policy blocking the .exe name but this is easily gotten around by changing the name of the file and running it from my docs where they have full access.
I know with Windows 7, applicatons can be blocked via signature. Is there anything similar available to me?
0
wolvesnj
Asked:
wolvesnj
  • 3
  • 2
  • 2
  • +1
1 Solution
 
David_HagermanCommented:
you are always going to have these sort of problems. I would suggest stopping them from installing

Check out this link

How to Stop Users From Installing Google Chrome
http://www.windowsitpro.com/article/installation2/how-to-stop-users-from-installing-google-chrome.aspx
Create a software restriction policy for your Windows Vista or Windows XP machines
0
 
wolvesnjAuthor Commented:
Thanks for the response so far guys.
@jimsweb: the first link applies to only Windows 7. It is something like this I need for XP.
@David: I can try this but I don't believe there is anything stopping a user from moving the install file to another location and renaming it.

Is there any other way of blocking other than by filename?
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
torimarCommented:
You could create a hash rule and block the executable's hash as well.

Please check this knowledge base article: http://support.microsoft.com/kb/324036
(How To use Software Restriction Policies in Windows Server 2003)

Scroll down for the chapter "How to create a Hash Rule".
0
 
David_HagermanCommented:
here is another way that might work

Computer Configuration > Security Settings > Software Restriction Policy ('New Software restriction policy')

Go to 'Additional Rules' and add in a rule to block this app. From the sounds of it you will want a Hash rule. This will identify a specific application, regardless of it's location when executed. Have the file to hand when you create the rule and browse to it. This will create a hash which is unique to just that specific executable. Set the security level for this rule to 'Disallowed'. Apply this GPO to all machines in question.

(bear in mind that a hash rule only identifies that specific executable. If a new version of the app is released you will have to create a new hash rule)

let me know
0
 
David_HagermanCommented:
you might have a problem with the hash file so maybe check that the exe is exactly the same , version etc
0
 
wolvesnjAuthor Commented:
Thanks David. That works perfectly
0
 
torimarCommented:
That was the exact same solution I proposed one comment before David Hagerman, with the exception that I referred you to an official document instead of describing the method with my own words.

I am disappointed that you did not at least take my suggestion into account.
Here's what the official Experts-Exchange help files have to say about skipping solutions and similar solutions posted at roughly the same time:
http://www.experts-exchange.com/help.jsp#hs=23&hi=20

If you should want to correct your decision, simply click the 'Request Attention' link in your first post and ask a moderator to reopen this thread.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now