Re: Software Restriction Policies

From: Matt Ball (matt_ball_at_landon.net)
Date: 03/03/04

• Next message: Herb Kraft: "Re: AutoAdminLogon issues"
• Previous message: Matt Ball: "Re: Software Restriction Policies"
• In reply to: Steven L Umbach: "Re: Software Restriction Policies"
• Messages sorted by: [ date ] [ thread ]

Date: Wed, 3 Mar 2004 09:49:02 -0500

Thanks Steve!

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:hRN0c.96058$4o.118161@attbi_s52...
> There is no work around. You can however use Software Restriction Policies
on XP Pro
> computers in a W2K domain by managing the policy from a XP Pro domain
member. For W2K
> you will have to rely on ntfs permissions [which is hard as users can
usually
> copy/execute some programs from their user profile]and populating the
disallowed
> Windows Program list [or only run allowed programs, that can take quite a
bit
> tweaking and read the details list for both settings]. You can see these
settings
> under user configuration/administrative templates/system. This is not
foolproof as if
> a user is able to change a files name they may still be able to execute
it. While
> there you should also consider disabling the command prompt and adding
command.com to
> the disallowed list. Another possibility is to use ipsec filtering policy,
which is
> machine configuration, to block access to telnet, etc from all but allowed
IP
> addresses. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;323525
>
> "Matt Ball" <matt_ball@landon.net> wrote in message
> news:ur$T%2346$DHA.3352@TK2MSFTNGP09.phx.gbl...
> > I am running Windows 2000 Advanced Server (SP4) and Windows 2000 Pro
(SP4)
> > clients. I would like to restrict certain programs (i.e. telnet) for
one of
> > my Global Groups.
> >
> > I undertand that in Windows 2003 Server there is a Global Policy setting
> > (http://support.microsoft.com/default.aspx?kbid=324036) where you can
enter
> > the path of any application you want blocked from use. But that setting
is
> > not in Advanced Server 2000. Does anyone know of a workaround for
this?
> > Can I block an executable for a group somehow?
> >
> >
>
>

• Next message: Herb Kraft: "Re: AutoAdminLogon issues"
• Previous message: Matt Ball: "Re: Software Restriction Policies"
• In reply to: Steven L Umbach: "Re: Software Restriction Policies"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: Software Restriction Policies ... You can however use Software Restriction Policies on XP Pro ... tweaking and read the details list for both settings]. ... Another possibility is to use ipsec filtering policy, ... (microsoft.public.win2000.group_policy) Re: scripted logon ... Why can't you launch all the scripts from a Group Policy based Logon script. ... Here's the policy settings (I sure hope word wrap doesn't mess it up too ... Windows Components/Windows Installer ... (microsoft.public.windows.terminal_services) Re: GPO Update Problem (SYSVOL access via UNC) ... Server Security and Auditing Policy ... This list only includes links in the domain of the GPO. ... The settings in this GPO can only apply to the following groups, users, ... (microsoft.public.win2000.group_policy) Re: GPO Update Problem (SYSVOL access via UNC) ... > Server Security and Auditing Policy ... > This list only includes links in the domain of the GPO. ... > The settings in this GPO can only apply to the following groups, users, ... (microsoft.public.win2000.group_policy) Re: GPO Update Problem (SYSVOL access via UNC) ... >> Server Security and Auditing Policy ... >> The settings in this GPO can only apply to the following groups, users, ... >> Windows Firewall: Allow file and printer sharing exception Enabled ... (microsoft.public.win2000.group_policy)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint