Re: MSN Messenger Wont Restrict by GPO



I should have lsited it, but the hash and the test computer were taken from
the same program version. So, it must have to do with the program runing from
start up...

"Richard Sweetnam" wrote:

> It may be that the file you hashed is from MSN version 6.x and the desktop
> version is 6.y or 7.x or something like that. Each executable will have a
> unique hash.
>
> The following was taken from
> Restricting Software Access and Protecting Computers
> (http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/eca4c4cd-335a-4b33-8f1f-0f139e6024b2.mspx)
> note the final paragraph
> Hash rule
> A cryptographic fingerprint of the file, also called a message digest. When
> you create a hash rule for a program, Software Restriction Policies
> calculates a hash of the program, and then stores the hash securely. When a
> user tries to open a program, a hash of the program is compared to existing
> hash rules for Software Restriction Policies. The hash of a program is
> always the same, regardless of the location of the program on the user's
> computer. However, if a program is altered in any way (by applying a hotfix,
> for example), its hash also changes, and it no longer matches the hash in
> the Software Restriction Policies hash rule.
>
> For example, you can create a hash rule, and then set the security level to
> Disallowed to prevent users from running a certain file. A file can be
> renamed or moved to another folder and still result in the same hash.
> However, if any changes are made to the file itself, they also change its
> hash value and allow it to bypass restrictions
>
>
> HTH
> Richard
>
> "razor" <razor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:F36DA93D-0CA8-4355-96F5-62F89A8FDC0D@xxxxxxxxxxxxxxxx
> > Hello--
> >
> > I have taken my information on the setup of the Software Restrictions GPO
> > from MS TN article "Using Software Restriction Policies to Protect Against
> > Unauthorized Software" and the MCSE text book for exam 70-298.
> >
> > We are using the default unrestricted GPO for software restrictions and
> > then
> > the exceptions we need is to disallow MSN Messenger from running.
> >
> > I have created a hash of MSN Messenger, AND I have created paths to the
> > following folders: %PROGRAMFILES%\MESSENGER, %STARTMENU%\MESSENGER,
> > %START%\MESSENGER.
> >
> > But the program still runs at start up of the workstation and if launched
> > manually from the programs start menu. If I try to open the .exe file from
> > the host folder, it will be denied. If I try to open the program from the
> > start menu, it will run.
> >
> > Please help. What can I be doing wrong?
>
>
>
.



Relevant Pages

  • Re: MSN Messenger Wont Restrict by GPO
    ... unique hash. ... Restricting Software Access and Protecting Computers ... you create a hash rule for a program, Software Restriction Policies ...
    (microsoft.public.windows.group_policy)
  • Re: MSN Messenger Wont Restrict by GPO
    ... unique hash. ... Restricting Software Access and Protecting Computers ... you create a hash rule for a program, Software Restriction Policies ...
    (microsoft.public.windows.group_policy)
  • Re: I had high hopes for software restriction policy
    ... This could be due to the hash. ... I am having serious issues with software restriction policy... ... Created a Global Security Group "Restricted Applications Group" and Set ...
    (microsoft.public.windows.group_policy)
  • RE: Windows 2003 Server - MS Rulez?
    ... Attacking the hash is far more work than is required to "get around" a hash ... software restriction, as I mentioned in my other post. ... software restriction default policy as opposed to ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
    (Focus-Microsoft)
  • Re: services running in windows domain (winXP clients)
    ... Today it is trojan A tomorrow it may be ... > without even know their name or hash or anything about them. ... Software restriction policies work both in the "allow all but..." ...
    (Focus-Microsoft)