Announcement

Collapse
No announcement yet.

Prevent users from accessing powershell

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Prevent users from accessing powershell

    Hi, i am working on a group policy design for a Windows Seven Rolout. The customer incists that access to powershell is disabled. As far as i know there are no default templates available (ADM(X) files) which prevents users from accessing powershell.

    So i choose a quick an dirty way to disabled Powershell for the users. What i did was remove the users from the ACL list of the powershell folder through a GPO.

    Quick and dirty and it works. But what i discovered rambles my head. Although domain admins and helpdesk personell are part of the local administrators group, they also appear to have insufficient permissions to run powershell.

    As soon as i add users to the acl (read and execute) list, administrator have access again.

    ACL on the Powershell folder:
    Creator/Owner = FC
    Administrators = FP
    System = FC

    I disabled Powershell using a software restriction policy. Than it still works for administrators if you run Powershell in administrative mode, user mode also fails for the administrator.
    Last edited by Killerbe; 1st March 2010, 23:16. Reason: typo's
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

  • #2
    Re: Prevent users from accessing powershell

    This is actually the only topic I found...
    http://www.eggheadcafe.com/software/...-access-t.aspx

    Except Software Restriction GPO using path/hash there is not really an other way..
    Last edited by Dumber; 2nd March 2010, 23:44.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Prevent users from accessing powershell

      Thanks for the reply.
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment

      Working...
      X