Group Policy Software Restrictions
Group Policy Security Settings - Software Restrictions
Here was a setting that I thought did not exist! I once undertook a project to prevent 95% of .vbs script files from running in a customer's domain. These would be the 'bad guys', viruses or rogue scripts. Disabling the 'bad guys' was the easy part. However, being positive and allowing the 'good guy's, required major exploration of Group Policies. What the customer wanted was to allow only logon scripts and maintenance .vbs scripts to execute, all other .vbs files must be stopped from running on his Windows Server 2003.
Once I was convinced that Software Restrictions could be controlled by a Group Policy, my next problem was finding it amongst the myriad of settings. Well, a picture is worth a thousand words, so here is where I ran down the Software Restriction Policy.
Creating the Software Restrictions Group Policy
Path or Hash?
If you take the trouble to get a hash value for the program you want to prevent, then savvy users cannot simply copy and paste the application to a new location. The trouble with the path is that it just restricts the program from running from one location, whereas the hash rule prevents any program with that hash value running from anywhere on the machine.
Beware that this Restriction affects administrators, so it's probably a Group Policy to apply to workstations or laptops rather than servers.
If you did want a path restrictions, then once you reach the Software Restrictions folder, drill down to 'Additional Rules', then right-click, and select ... New Path Rule.
The final part is logical and transparent, just select the path where the 'good guys' hang out. For example, where the logon scripts resided on a DC, or where the malignance scripts are to be found on an XP machine. Do double check your logic, do want this path allowed or disallowed? Only you know the answer to that question.
LEM will alert you to problems such as when a key application on a particular server is unavailable. It can also detect when services have stopped, or if there is a network latency problem. Perhaps this log and event management tool's most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA. LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches - give LEM a whirl.
If you need to control .vbs files running on your Windows Server 2003, then this Software restriction technique is the Group Policy for you.
See more security Group Policies
If you like this page then please share it with your friends