sunhux
asked on
If cmd & Powershell is blocked, can users still run tools from Taskmgr or other means
After blocking away cmd & PowerShell, what are the other ways users can still
run tools/utilities (which somehow they managed to save into their local HDD
via encrypted Outlook attachments or even via Wifi) ?
Possible to still run via Taskmgr or windows prompt ?
Taskrun.jpg
run tools/utilities (which somehow they managed to save into their local HDD
via encrypted Outlook attachments or even via Wifi) ?
Possible to still run via Taskmgr or windows prompt ?
Taskrun.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
McKnife
Windows has applocker for this. On other threats, you are writing that you already plan to use it but need to wait for approval, first. Then wait. Other methods cannot do the same as applocker.
Hi,
I second Applocker. Spinning the question around - what exactly do you want the 2 accounts (1 domain, 1 local) to be able to do?
It is important for YOU to answer that question to create the applocker rules. Tip: create as few rules as possible.
Also why does one person need a local account anyway? That sounds odd to me.
Mike
I second Applocker. Spinning the question around - what exactly do you want the 2 accounts (1 domain, 1 local) to be able to do?
It is important for YOU to answer that question to create the applocker rules. Tip: create as few rules as possible.
Also why does one person need a local account anyway? That sounds odd to me.
Mike
ASKER
>Also why does one person need a local account anyway? That sounds odd to me.
This apps team person needs to remote in via VPN & login to a local diagnostics account on
a server where he would launch a thick client app to do certain checks : we don't want him
to access anything more or go anywhere further because from that server, he could launch
certain apps (if he has the required privileges or access) to view "High Net Worth" clients
information
This apps team person needs to remote in via VPN & login to a local diagnostics account on
a server where he would launch a thick client app to do certain checks : we don't want him
to access anything more or go anywhere further because from that server, he could launch
certain apps (if he has the required privileges or access) to view "High Net Worth" clients
information
ASKER
He is required to remote in to restart the specific applications in the event that apps is not working:
currently still don't know the root cause of the apps issue, only know restart helps when he spotted
a certain log from the local account (ie the diagnostics account).
currently still don't know the root cause of the apps issue, only know restart helps when he spotted
a certain log from the local account (ie the diagnostics account).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just a note on Applocker on user group
You can't apply to Applocker rule to single local user account from domain based GPO
Your rule will be applied to all local users including administrator on specific group of machines (when you apply rule to everyone) and to domain users who will logon to those machines