Solved

Executble acess on a blocked machine

Posted on 2013-05-23
3
209 Views
Last Modified: 2013-06-01
Hi ,

i need to block on a windows 7 machine all usb & media devices ,
and creat an exeption for a specific executable to run from a DiskOnKey device.
is there any way using GPO on this scenario ?
or any other way of getting the job done from the OS.


Thanks,
0
Comment
Question by:yeroslav
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 39193063
blocking is done at the device level. perhaps if you have the pci_env value for the device you may be able to allow it. The problem is that the DISKONKEY device is simply a USB drive and if you allow read/execution from a USB drive then ANY software on a Diskonkey drive will work. Can you not run this software from the network?
0
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 39193087
Possibly block specific vendor and product id and can check out this article belwo using usbdeview to surface more specific device info to help blocking or allowing. On top of that I was also thinking of applocker to allow execution of specific exe either through publisher or signature hash. ..

http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices
0
 

Author Closing Comment

by:yeroslav
ID: 39213909
Thanks.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about why it is more lucrative for an IT company to participate in government projects.
Postmortem reporting allow us to examine mistakes in a way that focuses on the situational aspects of a failure’s mechanism and the decision-making process of individuals proximate to the failure. Read our guide on how to handle IT post-mortem repor…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question