Question

Locked

Software Restriction Policies in Windows Server 2003 based Domain

By ajithrajendran ·
I am working with a Visual Effects / Animation training organisation in India and my job is to provide all kind of technical support. Since some days, some of the trainees brought some network games and started to play in an unethical manner. It is already restricted the users to run any softwares, but these games doesn't need any administrative privileges so it became quite a nuisance for us.

We've tried a minimum level restriction through GPEDIT.MSC -> USER CONFIGURATION -> ADMINISTRATIVE TEMPLATES -> SYSTEM -> "DONT RUN SPECIFIED WINDOWS APPLICATION".

By this way, we were almost achieved our aim, but the students kept bringing some more games and these wont come inside the policy as we've not enforced restriction policies for new new programs.

After that we've decided to block all other programs and allow only specified programs through GPEDIT.MSC -> USER CONFIGURATION -> ADMINISTRATIVE TEMPLATES -> SYSTEM -> "RUN ONLY ALLOWED SPECIFIED WINDOWS APPLICATION"

This almost solved our head ache, but again some crooked minded guys found a loop hole in that policy - we've allowed an executable file through the policy, which is our main software - "maya.exe".
The folks did the same, they've renamed the game exe to "maya.exe" and it worked fine. We've got stunned!!!

So we've searched out for other best options and get to know about Software restriction Policies.. I referred some tutorials and got some idea and approached, what i've tried is as i've told earlier - to block all other programs and allow a few which is in our whitelist. But whenever we tried the same, even the users try to open programs in the whitelist, is returning the error, like this program comes under software restriction policies.. so couldnt open..

suggest me a good resolution please.

mail id is ajith@clusters.in

Any help is greatly appreciated!!!!

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Youre close..try using a hash

by rjluvkc In reply to Software Restriction Poli ...

http://support.microsoft.com/kb/324036
http://technet.microsoft.com/en-us/library/bb457006.aspx
Pretty simple to setup.
This will still work even if they rename the executable or try to move it...but try adding the hash to certain directories where you think they might move the file and or files to.
What you do, is install any application you dont want running and then create the hash from it and apply to GPO. Hope this helps.

Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums