Computer Performance, Windows Server 2003

3CX Phone System for Windows - VOIP IP PBX

3CX Phone System for Windows -
VOIP IP PBX

Get your 5 free applications now

Application Publishing with 2X ApplicationServer

Group Policy Security Settings  - Software Restrictions

Guy RecommendsGFi Events Manager

A solution to monitor, manage and archive thousands of events that are generated by devices across the entire network. 
Download FREE trial

Guy's Top 10 Free Tools

1) FreePing
2) Network Monitor
3) Xobni
4) PuTTY (UNIX)
5) IP SLA Monitor
6) BgInfo
7) Net-SNMP
8) CatTools 
9) Exchange Monitor
10) WinDiff

Group Policy Security Settings - Software Restrictions

Here was a setting that I thought did not exist!  I once undertook a project to prevent 95% of .vbs script files from running in a customer's domain.  These would be the 'bad guys', viruses or rogue scripts.  Disabling the 'bad guys' was the easy part.  However, being positive and allowing the 'good guy's, required major exploration of Group Policies.  What the customer wanted was to allow only logon scripts and maintenance .vbs scripts to execute, all other .vbs files must be stopped from running on his Windows Server 2003.

Once I was convinced that Software Restrictions could be controlled by a Group Policy, my next problem was finding it amongst the myriad of settings.  Well, a picture is worth a thousand words, so here is where I ran down the Software Restriction Policy.  (Please note that the diagram opposite is a thumbnail of the main picture.)Software Restrictions Group Policy. Setting a path

Computer Configuration

  Windows Settings

      Security Settings

          Software Restrictions

Creating the Software Restrictions Policy

Path or Hash?

If you take the trouble to get a hash value for the program you want to prevent, then savvy users cannot simply copy and paste the application to a new location.  The trouble with the path is that it just restricts the program from running from one location, whereas the hash rule prevents any program with that hash value running from anywhere on the machine.

Beware that this Restriction affects administrators, so it's probably a Group Policy to apply to workstations or laptops rather than servers.

If you did want a path restrictions, then once you reach the Software Restrictions folder, drill down to 'Additional Rules', then right click, and select ... New Path Rule.

The final part is logical and transparent, just select the path where the 'good guys' hang out.  For example, where the logon scripts resided on a DC, or where the malignance scripts are to be found on an XP machine.  Do double check your logic, do want this path allowed or disallowed?  Only you know the answer to that question.

Summary Software Restrictions Group Policy

If you need to control .vbs files running on your Windows Server 2003, then this is the Group Policy for your. 

TrainSignal - Recommended Training VideosTroubleshooting Group Policies is tricky

As an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training.  In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material.  You can either take one module, for example Group Policy or go for a combination of modules.  See more about Group Policy training here

 

Next: Administrative Templates


Group Policy ebook Windows 2003 Download my 'Master Group Policies' ebook only $6.25

The extra features you get in your eBook include: Spreadsheet with over 850 policies.  Printer friendly version over Word A4 pages in Word.

 *

Google

Web  This website

Review of Orion NPMGuy Recommends: Orion's Network Performance Monitor (NPM)

Orion NPM is designed for detecting network outages.

Network-centric views (screenshot) make it easy to see what's working, and what needs your attention.

Download your free trial of Orion's network performance monitor

 

Home Copyright © 1999-2009 Computer Performance LTD All rights reserved

Please report a broken link, or an error.