Announcement

Collapse
No announcement yet.

Deny Specific Programs from Running

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Deny Specific Programs from Running

    I am using Windows 2003 R2 server. I would like to know if there is a policy which will deny specific programs from running on a client machine. For instance i would like to deny access to AOL AIM version 6 from running on client machine but would like to allow AOL AIM PRO to run. This is a compliance issue and the client would like to control which IM programs users can use. The issue is only certain version of AOL AIM , yahoo MSG , etc are accessible for monitoring and archiving.

  • #2
    Re: Deny Specific Programs from Running

    I don't know much about AOL, but for general advice about application rules in GPO:

    Look under User Configuration, Windows Settings, Security Settings, Software Restriction Policies. Right click the Software Restriction Policies folder to create a new one.

    You can either have the default as "Unrestricted" so all applications run (but you'll be adding some denied ones later) or you can start with "Disallowed" which means no application will run (but you'll be adding some apps that you permit later on).

    Assuming you started with "Unrestricted" you will want to add a path rule to deny a specific application.

    Now, once you have the Path rule working OK, you need to think about users who simply install apps in a different path. This will bypass the rule and they'll be able to get away with it. So, there are other rules, called Hash rules, which can take care of this situation. I suggest you get a path rule working first, then you can get more complicated with Hash Rules. There are also Certificate Rules and Internet Zone rules too.

    For more detail, see How To Use Software Restriction Policies in Windows Server 2003
    Best wishes,
    PaulH.
    MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

    Comment


    • #3
      Re: Deny Specific Programs from Running

      beside PaulH response, i think you will use the hash restrictions or the certificate-based one

      and if you have the isa, you can use the AOL signature to block it

      Comment


      • #4
        Re: Deny Specific Programs from Running

        Originally posted by Dr.Kernel View Post
        and if you have the isa, you can use the AOL signature to block it
        That's a good point, and if you do not have ISA there are many routers which can be configured to block certain websites too, which is another way to do it.
        Best wishes,
        PaulH.
        MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

        Comment


        • #5
          Re: Deny Specific Programs from Running

          We do have a poxy but have not finished setting up that project. I haved used proxy server in the past, porducts such as surf control... The problem with a proxy is i will need to block al AOL communication... What i need to do is limit the version or clients user can use... for instance aol pro is a good version but aol 6 is not... I will work on the Software restcition policy and let you know how it works out... Thanks for your help

          Mike

          Comment

          Working...
          X