Being the Evil Administrator that I am

By Jarrett_Faulk ·
I want to stop my users from using Firefox entirely. I know its better than IE but thats another discussion.

i've created a GPO to block firefox under the computer config but my coworker found that if you rename the .exe it works.

2 questions -

1. Is there a way to use wildcards in the Path to stop all .exe's from running? I tried the old *.exe and if I force an update on a client and rename firefox.exe to fire_fox.exe it works.

2. We also found that if we don't rename the .exe but rename the folder Mozilla Firefox to MozillaFirefox the GPO no longer applies. How do we stop that while were at it.

Any assistance would be awesome.

TY all.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Block program installation

by jgirizarry In reply to Being the Evil Administra ...

I don't know your network but I would block the installation of all programs on the clients. Assign user privileges instead of admin to all users.

Collapse -

I was thinking of that but.

by Jarrett_Faulk In reply to Block program installatio ...

Quick run down of the network. 80+ server sites, 1600 users 1/2 are not in any office.

What has happened is that they are getting firefox installed somehow and our systems don't work well with firefox. I've got the install blocked I think but i need to stop them from using firefox and i need to make sure that they cannot rename the folder or .exe to let it run anyhow.

so i have to reiteriate my above questions. Can I use wildcards in the GPO to block any possible renamed .exe from running and can i do the same think with the Mozilla Firefox folder?

Collapse -

This might help

by jgirizarry In reply to I was thinking of that bu ...

Check this information. In the path rules section, talks about the use of wildcards.

Collapse -

How Firefox is installed

by lgarbarini In reply to I was thinking of that bu ...

The thing about firefox is it can be installed into a directory without any registry installation and no application data directory. This is why it is such a flash drive friendly application. One way to prevent it from happening is to look at some of the .ddl's or other files that CANNOT be renamed and block or delete those(as long as they are not used by other applications).

Collapse -

Have you tried

by santeewelding In reply to Being the Evil Administra ...

Informing your users that if they do, they get taken out back and shot?

Collapse -

That's what I was thinking

by Slayer_ In reply to Have you tried

Simply inform their manager that they are tampering with company computers. If your users are intent on breaking the system, it's not really your job to try and stop them, its obvious they are not doing their work. It's up to their managers to find out whats going on.

Have you tried telling these users that they cannot use firefox? I am sure not all users must be trying to circumvent your security. Surely you have some way of sending out a global email to all users telling them to not install software or use the firefox browser.

Collapse -

Could be, also

by santeewelding In reply to That's what I was thinkin ...

They are not "his" users. He lacks, but wishes in what he says, the authority to do squat.

Collapse -

try this here, or fix your own systems

by SPC_TCOL In reply to Being the Evil Administra ...

Ok here are two possibilities, but in my personal opinion it would be better to make that your systems work with firefox.

You can turn of the Application Manager, in this case the user will not be able to install any programs. They still could use Firefox for the Flash Drive, but they are not able to install it.
Or, you can tell them, that every time you find firefox, your system has to reimage there drive without warning. The most users will lose data, when you do so.

But like I said, it would be way better to fix your systems, so they run with firefox.

Collapse -

Prevent executables from running

by raymosely In reply to Being the Evil Administra ...

1. I don't know if a wildcard will work.
2. I don't know how to apply a GPO regardless of folder name.
3. You can prevent Firefox from running by creating a hash rule. See:
4. Sorry I couldn't answer your questions, but I hope this helps.
5. For those who don't know, a hash is a (almost) unique number generated for a file regardless of its name. You would need to generat a hash for each version of Firefox that is vexing you, then create a hash rule for each hash.

Collapse -


by rebelxhardcore In reply to Being the Evil Administra ...

Related Discussions

Related Forums