RE: Re: Example Black Lists for Windows?

["Scott Ramsdell" <Scott.Ramsdell () cellnet com>]

Hello,

Group Policy doesn't do a real good job of preventing executables from
running.  The reason is that the GPO setting for this is user only,
there isn't a corresponding computer setting, so it will only stop
executables that launch as the AD user.  Many executables of course
configure themselves to launch as local system, or with another local
account.  AD will only stop AD accounts from launching exes.

You might want to explore your commercial options.

There's quite a bit included in Windows, but this little oversight
seemed to slip through.  (Maybe this has changed with an extension to
the adminpak.exe now that Vista is out, I'm not a Windows admin anymore
and can't check.)

Kind Regards,
 
Scott Ramsdell
CISSP, CCNA, MCSE
Security Network Engineer

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of maps1 () btinternet com
Sent: Monday, April 16, 2007 2:57 AM
To: security-basics () securityfocus com
Subject: Re: Re: Example Black Lists for Windows?


Many thanks to everyone for the advice! 

I absolutely agree that a whitelist would be a much better idea in most
cases, but unfortunately, politics within my company has led to a
"blacklist the worst only" approach from above my head. 

I'll google group policy blacklists, thanks for the idea!