Imposing restrictions on a windows machine.

Status
Not open for further replies.

digen

Youngling
I've quite a number of times seen threads which have screamed for help in this regard without a proper or a near solution.

With the advent of scumware increasing daily its a must to take preventive measures for certain conditions
a.They dont want anyone installing un-necessary things on their systems.
b.Its a school/college network which doesnt need a warez dowload on every system or virus infected apps all over the place.
c.A cyber cafe',this could lead to disaster with people installing stuff you cant know & track off.Formatting your systems has become a frequent activity.

So while wandering google I found Trust No Exe

Download [Documentation Included]

What is trust-no-exe?

Trust-no-exe is a executable file filter. It attaches to the operating system and filters all executable files, be it .exe .com .dll .drv .sys .dpl etc from all drives and all network shares against a list of files or paths, you, the administrator provide as trusted applications. If a prohibited executable (one not in the allow list or one explicitly defined in the deny list) is loaded, a popup box informs the user with an intelligent message that can be customised to your site.

As Trust-no-exe will only allow executables to load from your allow list, enabling execution from files in c:\winnt\ (or c:\windows on XP), and c:\program files\ and by using normal file permission to restrict the write-ability of these folders, you can very quickly obtain a system which only allows authorised programs which you have installed to be executed, while still allowing normal access (all but execution) to other files.

Contd..

I will add other means of imposing restrictions like through the registry,if possible through group policies blah blah.

Eventhough this is gonna be my compilation but just incase Source

EDIT: Update added some registry patches.
Registry patches from: Kelly's korner

1.Disable registry tools: *www.kellys-korner-xp.com/regs_edits/disableregistrytools.reg

2.Disable the Floppy drive: *www.kellys-korner-xp.com/regs_edits/noadrive.reg

3.Disable cmd: *www.kellys-korner-xp.com/regs_edits/cmd.reg

4.Disable view of c:drive: *www.kellys-korner-xp.com/regs_edits/noviewondrive.reg
 

swatkat

Technomancer
good one again by digen... :)

i thought this image (from developer website), would help...

*img186.exs.cx/img186/6224/accessdenied9mh.jpg
The Trust-No-Exe Dialog showing path, executable and switches. The text in the bottom line can be customised
Thanks to Imageshack!
 
Status
Not open for further replies.
Top Bottom