If you administer any significant number of Microsoft Windows-based machines, there might be applications you do not want your users to be able to run. Keeping these users from running certain apps (such as P2P apps, games, etc.) can keep users productive, but more importantly, can help you avoid possible lawsuits your company doesn’t need.
Making this task easier is most often the job of third-party software. And, although Process Blocker is still under development, it is already a very useful tool and will easily prevent your users from using applications they shouldn’t. However, since it is a development version there are a few gotchas.
One of those is that there are still some scripts that can slip through the blocking process. The reason for this is that processes get blocked by Process Blocker right after they are started, instead of being blocked outright. Because of this, processes that start up instantly might get past the blocker.
With that caveat out of the way, let’s take a look at how this tool can be used.
This blog post is also available in PDF format as a free TechRepublic download.
Getting and installing
Like all good Windows applications, Process Blocker is simple to install. Process Blocker will work with any Windows operating system greater than Windows 2000 (with the exception of Windows ME). Go to the Process Blocker download page and download the version for your architecture (32 or 64 bit). Once this file is downloaded (it is an .msi file), double-click it to start the installation procedure. You will not be asked anything out of the ordinary for a Windows application installation.
Upon completion of the installation there will be a new directory: Program Files\Process Blocker. Within this directory you will find four files:
- list.txt: This is the configuration file.
- Process Blocker: This is the application.
- processblocker.chm: This is a compiled html help file.
- Tray Informer: This is the applet that informs the user a process has been blocked.
Once the installation is finished, close the window and you’re ready to start configuring.
The configuration of Process Blocker is very easy. Open up the list.txt file and add entries, one entry per line, which you want to block. The easiest way to do this is to open Windows Explorer, navigate to the Program Files\Process Blocker directory, and double-click on list.txt.
NOTE: If you are using Windows Vista and have UAC turned on, it may be easier for you to move the list.txt file to your desktop, add your entries, and then move the file back to its proper place.
With the list.txt open in your default text editor, you will see the following contents:
As you can see, all you need to do is just start adding entries. Fortunately you do not have to enter the explicit path for each entry. But you do have to list the correct executable file name. Most of these (if not all of these) will have the .exe suffix at the end. Let’s use the Safari Web browser as an example. In the list.txt file, add safari.exe to the end of the file. You can safely remove the two sample entries.
Once you have added your entry (or entries), save and close the file (move it back if you have opted to go that route with Windows Vista). Now you need to restart the Process Blocker service in order for the changes to take effect.
In order to restart the service, right-click on the Computer entry in the Start Menu (in Vista) and select Manage. This will open the Computer Management console. From there, click on the Services entry under Services and Applications. This will open all running processes in the main pane (Figure A).
Depending upon how many processes you have running, you might have to scroll pretty far to find Process Blocker.
After you locate the Process Blocker entry, right-click the entry and select Restart. Process Blocker will quickly restart and you are ready to test.
Since we are trying to block Safari from opening, head over to the Start Menu and select the Safari entry. You will not see Safari start. Instead a warning will appear in the Notification area, indicating that Safari is blocked (Figure B).
The red circle with the “-” symbol is the Process Blocker icon.
That’s all there is to it.
Of course, users who know what they are doing they can get around this system. A user could effectively stop the Process Blocker process from the Computer Management Console. Or, if they have the skills, they could locate the list.txt file and remove entries for the applications they want to run. But for most situations, this should be a cost-effective, easy-to-deploy solution for a problem that haunts many an IT staffer.
Stay on top of the latest XP tips and tricks with TechRepublic’s Windows XP newsletter, delivered every Thursday. Automatically sign up today!