Prevent Download/Launch of Executables
We have a Windows 2008 R2 domain environment where we would like to prevent executables (.exe, .bat, .com, .scr etc) from websites from being downloaded/launched on their users local computers. The users in question do not have administrator-level accounts. Users currently have access to use various browsers including Internet Explorer, Edge, Chrome and Firefox. All users are using Windows 10.
Can this be achieved with group policy? Although not preferred, it would also be acceptable (but not preferable) if the users received a popup that at least prompted / warned them about launching the executable much like with UAC. If it's not possible at the point where a user clicks on the link to the download, then can we simply restrict the running of the program when it's launched?
Can this be achieved with group policy? Although not preferred, it would also be acceptable (but not preferable) if the users received a popup that at least prompted / warned them about launching the executable much like with UAC. If it's not possible at the point where a user clicks on the link to the download, then can we simply restrict the running of the program when it's launched?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As per my knowledge you many need to implement Endpoint security
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We are looking into this as i type..
The author should close this.
Prabhin MP, please acknowledge that there was more than one person helping. If experts extend your suggestion in a helpful way, they will usually expect to get a share of the points.
Prabhin MP, please acknowledge that there was more than one person helping. If experts extend your suggestion in a helpful way, they will usually expect to get a share of the points.
objecting as per stated above.
objecting because there is an obvious tendency.
objecting because i believe the accepted answer mildly qualifies.
objecting because there is an obvious tendency.
objecting because i believe the accepted answer mildly qualifies.
my vote is : Delete or Keep without accepting an answer
i'd additionally flag the author for not following up.
eagerly waiting for the new system to kick in so self complacent closures are finally done with. in this case the answer is relatively spot on. i mostly objected because i find the pattern annoying.
i'd additionally flag the author for not following up.
eagerly waiting for the new system to kick in so self complacent closures are finally done with. in this case the answer is relatively spot on. i mostly objected because i find the pattern annoying.
I recommend an even split between Prabhin MP, skullnobrains and me.
#a42556289
#a42556344
#a42561404
#a42556289
#a42556344
#a42561404
ASKER
If you block .exe or .com files for example, won't that block any legitimate program from running?