MS App security question

[TechLitTeacher]

We are running a Novell LAN using Zenworks. We have found that, although we can lock down access to the hard drive via the desktop and Start menu, anyone can still access any drive or directory from the Open dialog box in any MS application. This allows the user to copy any executable or other file(s) (sysedit, regedit, format, command.com etc) to their home directory and run that file. And they can copy entire CD's to their home directory and install software. Has anyone an idea of how to plug this hole using Zenworks or Windows rights or policies? I know that there has to be a fairly simple way and my half-fried brain is just missing it. Any help would, of course, be appreciated.

 

[dynamode]

The solution to this is not to let them execute anything other than NAL, NALEXPRD(?), or NALDESK. Move your applications to run in those memory areas. This will lock your users out of running anthing NOT in the NAL memory areas and if it doesn't show up in their NAL menu they can't run it. Joshua Rothschild
j.rothschild@dynamode.com