No announcement yet.

Restrict nasty programs from running

  • Filter
  • Time
  • Show
Clear All
new posts

  • Restrict nasty programs from running

    Hi everyone.

    Does any know if it possible to use domain GPO to only allow an approved list of programs to execute on domain joint computers. either by the system stating them or the user running them. I'm thinking along these lines to stop users running crypto viruses running for example.

    Regard mark

  • #2
    Depending on the OS on your clients, you have either AppLocker (Win7 Enterprise or above) or Software Restriction Policies available. Do some research first before you implement as it is quite easy to lock users out of legitimate applications.

    Also restrict local admin rights as much as possible
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Depends on your environment, but it might be easier/cheaper to use a third-party application rather than upgrading all your client machines. Lumension have a product that does application whitelisting (Sanctuary was the name of it, think it's changed now though) and I'm sure some AV Suites have at least limited functionality included as well.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      Cruachan's Blog


      • #4
        Do use with caution, but for the most part, you can use Software Restriction policies against .exe's such as the Win10 upgrade notification (GWX.exe). Which I used at the domain level to stop that notification from appearing. You can get really granular with it down to the hash against any programs from running. If you know what you're doing, you can build yourself a really nice ACL list of only allowed programs to run on your network stopping anything else from trying to execute including today's cryptolocker virus. Again, use with caution if you try and get this deep with it though and test, test again, and then actually test it!