Computer Performance, Windows Server 2003

Guy recommends:
A free trial of
WebHelpDesk

Solarwinds Free WebHelpDesk

Install a ticket-based help desk system from SolarWinds. Download your free trial

Group Policy Software Restrictions

Group Policy Security Settings - Software Restrictions

Here was a setting that I thought did not exist!  I once undertook a project to prevent 95% of .vbs script files from running in a customer's domain.  These would be the 'bad guys', viruses or rogue scripts.  Disabling the 'bad guys' was the easy part.  However, being positive and allowing the 'good guy's, required major exploration of Group Policies.  What the customer wanted was to allow only logon scripts and maintenance .vbs scripts to execute, all other .vbs files must be stopped from running on his Windows Server 2003.

Once I was convinced that Software Restrictions could be controlled by a Group Policy, my next problem was finding it amongst the myriad of settings.  Well, a picture is worth a thousand words, so here is where I ran down the Software Restriction Policy.

Computer Configuration

  Windows Settings

      Security Settings

          Software Restrictions

Creating the Software Restrictions Group Policy

Path or Hash?

If you take the trouble to get a hash value for the program you want to prevent, then savvy users cannot simply copy and paste the application to a new location.  The trouble with the path is that it just restricts the program from running from one location, whereas the hash rule prevents any program with that hash value running from anywhere on the machine.

Software Restrictions Group Policy.  Setting a path

Beware that this Restriction affects administrators, so it's probably a Group Policy to apply to workstations or laptops rather than servers.

If you did want a path restrictions, then once you reach the Software Restrictions folder, drill down to 'Additional Rules', then right-click, and select ... New Path Rule.

The final part is logical and transparent, just select the path where the 'good guys' hang out.  For example, where the logon scripts resided on a DC, or where the malignance scripts are to be found on an XP machine.  Do double check your logic, do want this path allowed or disallowed?  Only you know the answer to that question.

Guy Recommends:  SolarWinds' Log & Event Management ToolSolarwinds Log and Event Management Tool

LEM will alert you to problems such as when a key application on a particular server is unavailable.  It can also detect when services have stopped, or if there is a network latency problem.  Perhaps this log and event management tool's most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.

Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA.  LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches - give LEM a whirl.

Download your FREE trial of SolarWinds Log & Event Management tool.

Summary Software Restrictions Group Policy

If you need to control .vbs files running on your Windows Server 2003, then this Software restriction technique is the Group Policy for you.


Group Policy ebook Windows 2003 Download my 'Master Group Policies' ebook only $6.25

The extra features you get in your eBook include: Spreadsheet with over 850 policies.  Printer friendly version over Word A4 pages in Word.


See more security Group Policies

Group Policies   • Troubleshooting Group Policies   • Group Policy Tactics

   • Group Policy Security   • Audit Logon Events   • Security Event Log   • Security Options

Security System Services   • Security System  • Security User Rights   • Security Software

If you like this page then please share it with your friends

 


 *


Custom Search

Site Home

Guy Recommends: SolarWinds' NPM - Review of Orion NPM
Network Performance Monitor

SolarWinds' performance monitor is designed for detecting network outages, making it easy to see what's working, and what needs your attention.

This utility guides you through creating network maps; it also helps identifying whether the root cause is faulty equipment, or resource overload. Give NPM a try.

Download a free trial of Network Performance Monitor

Author: Guy Thomas Copyright © 1999-2017 Computer Performance LTD All rights reserved.

Please report a broken link, or an error to: