PaulDotCom mailing list archives
Blocking Unwanted programing from installing
From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Sun, 4 Apr 2010 21:38:47 -0400
I also agree 100% that it is best to run users as standard users. It will probably prevent them from installing about 90% of the programs out there. Just keep in mind that this will not prevent the user from installing programs that installs itself in file directories and registry sections that the user has write access to (home directory, etc). As an aside, some virus writers are getting smarter about bypassing standard user restrictions . I recently had a user that got infected by one of those nasty fake antivirus viruses. The user was running as a standard user on a Vista machine (and no this user was not running as a faux standard user with the option of elevating at a click of a button. This was a true standard user account where the user could not elevate themselves). The virus installed itself in the users directory and had access to everything on the local machine that the user had access to. That being said, since the user was not running as a local admin, it limited the damage the virus could make to the local system and made it a lot easier to isolate and remove the virus so I still whole heartily recommend running users under a standard user account. If down the road you upgrade to SBS 2008/Windows 7, you may want to give App Locker a look. -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Bugbear Sent: Sunday, April 04, 2010 5:25 PM To: PaulDotCom Security Weekly Mailing List; infolookup at gmail.com Subject: Re: [Pauldotcom] Blocking Unwanted programing from installing Agree 100% On 4/4/10, Butturini, Russell <Russell.Butturini at healthways.com> wrote:
In 2003 environments you can set group policy to disable the windows installer on workstations. However this won't knock out third party installation packagers. The best thing to do is strip local admin rights from the users and prevent them from writing files to key directories (program files, system32, etc.) ----- Original Message ----- From: Sherwyn <infolookup at gmail.com> To: Butturini, Russell; 'pauldotcom at mail.pauldotcom.com' <pauldotcom at mail.pauldotcom.com> Sent: Sun Apr 04 12:15:19 2010 Subject: Re: [Pauldotcom] Blocking Unwanted programing from installing The are running 2003. Thanks. Infolookup www.infolookup.blogspot.com www.twitter.com/infolookup -----Original Message----- From: "Butturini, Russell" <Russell.Butturini at Healthways.com> Date: Sun, 4 Apr 2010 10:57:15 To: 'infolookup at gmail.com'<infolookup at gmail.com>; 'pauldotcom at mail.pauldotcom.com'<pauldotcom at mail.pauldotcom.com> Subject: Re: [Pauldotcom] Blocking Unwanted programing from installing What version of SBS are you dealing with? 2003 or 2008? You have some more capabilities in 2008 than 2003 for this sort of thing, ----- Original Message ----- From: pauldotcom-bounces at mail.pauldotcom.com <pauldotcom-bounces at mail.pauldotcom.com> To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Sent: Sat Apr 03 20:34:27 2010 Subject: [Pauldotcom] Blocking Unwanted programing from installing Hello PDC Guru's, I am task with locking down a Microsoft SBS environment. The goal is to allow all currently installed application to be able to run but stop the installation of any new application (limewire, AOL messenger
etc).
I am aware that I can use a Run only list or software restriction "path rule", but since both of these can be very time consuming if the users has lots of application installed. Is there anyway to just allow all currently installed aops run access but block installation of new apps for a set of users? Thank you in advance. Infolookup www.infolookup.blogspot.com www.twitter.com/infolookup _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com ********************************************************************** ******** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. ********************************************************************** ******** ********************************************************************** ******** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. ********************************************************************** ******** _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Sent from my mobile device _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Blocking Unwanted programing from installing Sherwyn (Apr 03)
- Blocking Unwanted programing from installing Butturini, Russell (Apr 04)
- Blocking Unwanted programing from installing Sherwyn (Apr 04)
- Blocking Unwanted programing from installing Butturini, Russell (Apr 04)
- Blocking Unwanted programing from installing Bugbear (Apr 04)
- Blocking Unwanted programing from installing Sherwyn (Apr 04)
- Blocking Unwanted programing from installing Butturini, Russell (Apr 05)
- Blocking Unwanted programing from installing Francois Lachance (Apr 05)
- Blocking Unwanted programing from installing Sherwyn (Apr 05)
- Blocking Unwanted programing from installing Sherwyn (Apr 04)
- Blocking Unwanted programing from installing Butturini, Russell (Apr 04)
- Blocking Unwanted programing from installing Jody & Jennifer McCluggage (Apr 04)
- Blocking Unwanted programing from installing Aaron Moss (Apr 04)