Re: Software Restriction Policies

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/01/04 

Date: Mon, 01 Mar 2004 21:23:25 GMT

There is no work around. You can however use Software Restriction Policies on XP Pro
computers in a W2K domain by managing the policy from a XP Pro domain member. For W2K
you will have to rely on ntfs permissions [which is hard as users can usually
copy/execute some programs from their user profile]and populating the disallowed
Windows Program list [or only run allowed programs, that can take quite a bit
tweaking and read the details list for both settings]. You can see these settings
under user configuration/administrative templates/system. This is not foolproof as if
a user is able to change a files name they may still be able to execute it. While
there you should also consider disabling the command prompt and adding command.com to
the disallowed list. Another possibility is to use ipsec filtering policy, which is
machine configuration, to block access to telnet, etc from all but allowed IP
addresses. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;323525

"Matt Ball" <matt_ball@landon.net> wrote in message
news:ur$T%2346$DHA.3352@TK2MSFTNGP09.phx.gbl...
> I am running Windows 2000 Advanced Server (SP4) and Windows 2000 Pro (SP4)
> clients. I would like to restrict certain programs (i.e. telnet) for one of
> my Global Groups.
>
> I undertand that in Windows 2003 Server there is a Global Policy setting
> (http://support.microsoft.com/default.aspx?kbid=324036) where you can enter
> the path of any application you want blocked from use. But that setting is
> not in Advanced Server 2000. Does anyone know of a workaround for this?
> Can I block an executable for a group somehow?
>
>

Relevant Pages

  • Re: Software Restriction Policies
    ... on XP Pro ... > tweaking and read the details list for both settings]. ... Another possibility is to use ipsec filtering policy, ... >> my Global Groups. ...
    (microsoft.public.win2000.group_policy)
  • Re: How to create an Account that cannot have anything installed ?
    ... XP Pro you can configure Software Restriction Policies in Local Security ... It might be necessary to configure the user Policy. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: scripted logon
    ... Why can't you launch all the scripts from a Group Policy based Logon script. ... Here's the policy settings (I sure hope word wrap doesn't mess it up too ... Windows Components/Windows Installer ...
    (microsoft.public.windows.terminal_services)
  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... Server Security and Auditing Policy ... This list only includes links in the domain of the GPO. ... The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.win2000.group_policy)
  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... > Server Security and Auditing Policy ... > This list only includes links in the domain of the GPO. ... > The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.win2000.group_policy)