Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Preventing .exe's based on location? 1

Status
Not open for further replies.
acl03

acl03

MIS
Jun 13, 2005
1,077
US
I have a 2003 R2 Citrix/TS server farm for remote access. The OU containing the 2 servers has a fairly restrictive GPO attached.

One thing I cannot seem to find a way to restrict is running .exe files. I have removed access to all local server drives, but they do have access to their network drive.

What is to prevent them, for example, from copying an .exe to one of their network drives while at work (such as VNCViewer.exe) and running them from home on the remote server? I know I can restrict by name, and there are some exe's that i DO want them to be able to run.

Is there a way to create a rule to prevent any programs from being run from a certain network drive? I would like them to be able to run any exe that is on U: (users do not have write access), but none that are on P: (where users DO have write access).





Thanks,
Andrew

[smarty] Hard work often pays off over time, but procrastination pays off right now!
 
Sort by date Sort by votes
Did you try using NTFS permissions and remove the Execute privilage from the location you dont what them to run exe's from?

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen
 
Upvote 0 Downvote
You could look into using "Software Restriction Policies" and configuring path rules.

- Using Software Restriction Policies to Protect Against Unauthorized Software


- Create a path rule


Here are some additional Microsoft articles with details for locking down Terminal Server sessions you may find to be useful.

- How to lock down a Windows Server 2003 or Windows 2000 Terminal Server session


- Locking Down Windows Server 2003 Terminal Server Sessions


Joey
CCNA, MCSA 2003, MCP, A+, Network+, Wireless#
 
Upvote 0 Downvote
Thanks for the responses, guys.

Roadki11 - That won't work, since when these users are in the office I do want them to be able to have execute privileges to these files.

IllogicallyLogical - Looks interesting. I'll go through them all this morning.



Thanks,
Andrew

[smarty] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
Path rules worked like a charm, and the other links gave me some useful information as well. Thanks!

Thanks,
Andrew

[smarty] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
No problem, glad the solution worked for you.

Joey
CCNA, MCSA 2003, MCP, A+, Network+, Wireless#
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
248
DrB0b
DrB0b
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
181
mikehook
mikehook
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
167
maybeimaleo
maybeimaleo
edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
150
DrB0b
DrB0b
Billz66
  • Locked
  • Question
unable to instal msmq on server 2019 get sxs assembly missing
Replies
0
Views
240
Billz66
Billz66

Part and Inventory Search

Sponsor

Back
Top