The way I understand it, software restriction policies only work for
applications that are called by the Windows explorer process. If they
are called by any other process, then the restriction policy does not
work.
-----Original Message-----
From: Frank Knobbe [mailto:frank (at) knobbe (dot) us [email concealed]]
Sent: Monday, December 27, 2004 10:35 AM
To: Mike Lyman
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: services running in windows domain (winXP clients)
On Wed, 2004-12-22 at 14:12 -0600, Mike Lyman wrote:
> Software restriction policies work both in the "allow all but..." and
> "allow none but..." The allow all should be the easier to test and
> configure but the other approach should work since only those things
you
> allowed will run.
Are these restrictions limited to "applications" you run from Explorer,
or does it include any ".exe/.com/.dll" or otherwise executable files?
If enabled, do all required/desired services (like W32Time) have to be
explicitly listed as "allowed to execute" or is there some assumption
Windows makes about services and runs them by default? In that case,
software restrictions wouldn't be of help.
I agree with Christos that a Policy setting that says "All Services,
except the list below, are to be stopped/disabled" would be very useful
(just from a logic point of view).
applications that are called by the Windows explorer process. If they
are called by any other process, then the restriction policy does not
work.
-----Original Message-----
From: Frank Knobbe [mailto:frank (at) knobbe (dot) us [email concealed]]
Sent: Monday, December 27, 2004 10:35 AM
To: Mike Lyman
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: services running in windows domain (winXP clients)
On Wed, 2004-12-22 at 14:12 -0600, Mike Lyman wrote:
> Software restriction policies work both in the "allow all but..." and
> "allow none but..." The allow all should be the easier to test and
> configure but the other approach should work since only those things
you
> allowed will run.
Are these restrictions limited to "applications" you run from Explorer,
or does it include any ".exe/.com/.dll" or otherwise executable files?
If enabled, do all required/desired services (like W32Time) have to be
explicitly listed as "allowed to execute" or is there some assumption
Windows makes about services and runs them by default? In that case,
software restrictions wouldn't be of help.
I agree with Christos that a Policy setting that says "All Services,
except the list below, are to be stopped/disabled" would be very useful
(just from a logic point of view).
Regards,
Frank
Email Disclaimer: http://www.co.marin.ca.us/nav/misc/EmailDisclaimer.cfm
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]