Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: bcalder01 on February 17, 2009, 11:33:23 AM
-
Hi all, I hope this is an appropriate place to post this.
I have a user or two who have been running programs from their H: (home) drives. I am looking for a way to prevent ANY .exe's from executing from H:. We are using Kaspersky Workspace Security & perhaps that is where I should be concentrating my attention, but I think I'm probably not the first SME admin to come up against this.
Is there a way to prevent users from storing .exe's on their home drives, for instance? Maybe that's the way to do it, but it's not very flexible.
-
Try Trust No Exe (http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm).
-
Thanks much for the link, David. I'll look at it ASAP. It looks like it can be distributed to workstations instead of installing individually, so that's great.
-
@bcalder01
It will be useful to some of us if you would please post your results here.
Regards,
-
Moving this topic to the General Discussion forum, it is more appropriate there. Thanks!
-
I will do ... it may be some days before I get back to it (lots of fires to put out).
-
It looks like it's going to work well (still testing with a small group), and best of all, the "Multiple Computers" function works great!
I've got it so that netlogon.bat executes on startup by adding \\<fileserver netbios name>\netlogon\netlogon.bat, but I am prevented from rerunnin gnetlogon.bat after logon, even though I've specified H:\netlogon.bat. I've attached a screengrab - does anyone see anything illogical in it? The first line in the allow list was an attempt to have Trustnoexe to recognize the logged-in user, but doesn't work.
This is merely a small inconvenience - thank you David for pointing me to this app!!
-
Perhaps you need to specify the root netlogon as well - \\servername\netlogon\netlogon.bat.
There's no screen grab attached though.
-
Doh! Adding the image file didn't work, so here is what I have, by hand. Note that the app lowercases all entries:
Access list:
<file server netbios name>\%user%\netlogon.bat
<file server netbios name>\netlogon\netlogon.bat
c:\archiv~1
c:\archivos de programa
c:\progra~1
c:\program files
c:\windows
h:\netlogon.bat
Deny list:
h:\
-
Just use ImageShack (http://www.imageshack.us/).
-
Right!!
(http://img6.imageshack.us/img6/1173/trustnoexe.th.jpg) (http://img6.imageshack.us/my.php?image=trustnoexe.jpg)
-
I imagine that your issue is that the application becomes confused when you explicitly deny H: but at the same time explicitly allow H:\netlogon.bat.
Try removing H: from your custom deny list. Applications are blocked by default AFAIK, so there should theoretically be no need for this rule.
-
I removed H:\, but the issue still exists.
I can explicitly deny .exe's in an allowed path (as stated in the manual), so if I can do that, I'm pretty happy. I'm remapping network drives, so it's only a minor inconvenience that I have to log out & log back in to see the remapped shares, instead of just rerunning netlogon.bat.