Quote from
http://www.awprofessional.com/articles/article.asp?p=366893&seqNum=7 :
"The "Run only allowed Windows Applications" group policy object. This
GPO allows you to manage a list of allowed Windows applications that can
be executed by users affected by the policy. Usually the policy is
applied to all non-administrative users logged on to a Terminal Server.
The one limitation of this policy is that it does not track applications
based on their full path, only their application name. This creates the
situation where a user could execute any desired application, simply by
changing the application's name to be the same as an application that is
authorized to run."
May or may not be ideal based on your risk assessment.
jmb
-----Original Message-----
From: Beauford, Jason
Sent: Thursday, March 03, 2005 4:43 PM
To: 'Chris Burkey'; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Restrict running applications from usb key
You can use GPO's to specificy which Applications your users are allowed
to run. You'll have to list them all out explicitly. Then when the
user runs some foreign app, it should fail.
Domain Policy => User Configuration => System => Run only allowed
Windows applications.
I have never tried it myself.
-jmb
-----Original Message-----
From: Chris Burkey [mailto:burkeyc (at) cliu (dot) org [email concealed]]
Sent: Thursday, March 03, 2005 2:51 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Restrict running applications from usb key
Does anyone know if there is a way to restrict a user from running
applications from a usb key. The user needs to be able to save data to
the key and retrieve a document from the key but not run an application
from it. Thanks.
http://www.awprofessional.com/articles/article.asp?p=366893&seqNum=7 :
"The "Run only allowed Windows Applications" group policy object. This
GPO allows you to manage a list of allowed Windows applications that can
be executed by users affected by the policy. Usually the policy is
applied to all non-administrative users logged on to a Terminal Server.
The one limitation of this policy is that it does not track applications
based on their full path, only their application name. This creates the
situation where a user could execute any desired application, simply by
changing the application's name to be the same as an application that is
authorized to run."
May or may not be ideal based on your risk assessment.
jmb
-----Original Message-----
From: Beauford, Jason
Sent: Thursday, March 03, 2005 4:43 PM
To: 'Chris Burkey'; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Restrict running applications from usb key
You can use GPO's to specificy which Applications your users are allowed
to run. You'll have to list them all out explicitly. Then when the
user runs some foreign app, it should fail.
Domain Policy => User Configuration => System => Run only allowed
Windows applications.
I have never tried it myself.
-jmb
-----Original Message-----
From: Chris Burkey [mailto:burkeyc (at) cliu (dot) org [email concealed]]
Sent: Thursday, March 03, 2005 2:51 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Restrict running applications from usb key
Does anyone know if there is a way to restrict a user from running
applications from a usb key. The user needs to be able to save data to
the key and retrieve a document from the key but not run an application
from it. Thanks.
Christopher Burkey
Sr. Network Administrator
Carbon Lehigh Intermediate Unit #21
Phone: (610)-769-1010
burkeyc (at) cliu (dot) org [email concealed]
Weboffice address: http://weboffice.cliu.org:2200/burkeyc (at) cliu (dot) org [email concealed]
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]