Announcement

Collapse
No announcement yet.

Software Restrictions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Software Restrictions

    Sweet, I love the site and this is my first post on the forums...

    So my question/problem is as follows...

    I have a Domain and a GPO is running fine, I want to restrict use of MSN, Yahoo! and ICQ and for that I've got my firewall blocking such activity, but, I also want to restrict the use of the programs while people are connected to the office LAN. I don't want them restricted when they go home with their laptops though... there I don't mind what they do.

    So, I've yet to be able to find a dynamic rule like that so it'll restrict while connected to the LAN and allow when at home or using another LAN ...

    Any idea if this is even possible?

    Cheers,
    Shai

  • #2
    configure the policy for the domain
    and configure local profile to laptop users when the go home.
    Good Luck

    Shai

    MCSE 2003+Security;MCSE 2003+Messaging
    HP ASE;HP AIS;HP APS

    So, from me to all of you out there, wherever you are, remember:
    the light at the end of the tunnel may be you. Good Day!

    Comment


    • #3
      Thanks Shai
      But when they go home, they still use the login using their domain username/password/domain
      Won't that have the domain policy effect on them still?

      Shai

      Comment


      • #4
        no
        when the users are logging on locally (this computer) with users from the local sam database, they are using local security policy from there own machines.
        the domain policy applies only when they loging on to the domain.
        Good Luck

        Shai

        MCSE 2003+Security;MCSE 2003+Messaging
        HP ASE;HP AIS;HP APS

        So, from me to all of you out there, wherever you are, remember:
        the light at the end of the tunnel may be you. Good Day!

        Comment


        • #5
          Oh, I didn't understand that you ment Locally.
          Anyways, that might prove to be a problem since they all have their stuff on their laptops, on the desktops, Outlook from Exchnage etc. etc. setup on their domain profile...

          Is there a way to have them logon locally and still have all of their stuff from the domain profile setup each day they leave the office and logon at home (or elsewhere)?

          Comment


          • #6
            if the user need his outlook, he can use owa or establish a vpn connection.
            remember to edit the hosts file so the outlook can recognize the exchange server.
            other files can be store in a folder that is accessible to both profiles,
            the local and the domain
            Good Luck

            Shai

            MCSE 2003+Security;MCSE 2003+Messaging
            HP ASE;HP AIS;HP APS

            So, from me to all of you out there, wherever you are, remember:
            the light at the end of the tunnel may be you. Good Day!

            Comment


            • #7
              Re: Software Restrictions

              Originally posted by shaibn
              I also want to restrict the use of the programs while people are connected to the office LAN. I don't want them restricted when they go home with their laptops though... there I don't mind what they do.

              So, I've yet to be able to find a dynamic rule like that so it'll restrict while connected to the LAN and allow when at home or using another LAN ...

              Any idea if this is even possible?
              I don't think it will be possible, why would you want to do this anyway, it's a business laptop, what would stop them logging on locally while at work and installing the software, then they can just log back onto the domain. Or if they install some "dodgy" software at home and then bring the laptop in the next day, it still connects to your network with the same disastrous affects.

              topper
              * Shamelessly mentioning "Don't forget to add reputation!"

              Comment


              • #8
                Re: Software Restrictions

                Originally posted by topper
                Originally posted by shaibn
                I also want to restrict the use of the programs while people are connected to the office LAN. I don't want them restricted when they go home with their laptops though... there I don't mind what they do.

                So, I've yet to be able to find a dynamic rule like that so it'll restrict while connected to the LAN and allow when at home or using another LAN ...

                Any idea if this is even possible?
                I don't think it will be possible, why would you want to do this anyway, it's a business laptop, what would stop them logging on locally while at work and installing the software, then they can just log back onto the domain. Or if they install some "dodgy" software at home and then bring the laptop in the next day, it still connects to your network with the same disastrous affects.

                topper
                as far as i know if you use software restriction policy you can block the apps even if the were installed on the local profile
                Good Luck

                Shai

                MCSE 2003+Security;MCSE 2003+Messaging
                HP ASE;HP AIS;HP APS

                So, from me to all of you out there, wherever you are, remember:
                the light at the end of the tunnel may be you. Good Day!

                Comment


                • #9
                  As for the "why would you want to do this and not that" issue... it's the long lasting battle between the IT teams and the managments we run under and who came first, the chicken or the egg. Who sets the rules and who's to blame when a trojan is sliping in...?

                  Comment

                  Working...
                  X