[gptalk] Re: Office Blockage...
- From: "Deepu" <yoursfren@xxxxxxxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: 23 Jul 2008 17:40:15 -0000
Ya Darren,
Even after removing vbs and cmd from the designated file type
list, it's still not allowing me to run a cmd file which we were
testing.
Secondly even let's consider that somehow it starts working. But
practically it's not feasible to block every exe as a user may
have the requirement to install any program or run an exe
externally...
Kindly let me know if you have some other solution. You can also
try removing the vbs and cmd file type and try running a .cmd
script. It will be denied...
Thanks...
On Wed, 23 Jul 2008 Darren Mar-Elia wrote :
Well, my guess is that you are not whitelisting everything you
need to then.
You can also exclude .vbs file types in your Designated File
Types rule.
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Deepu
Sent: Wednesday, July 23, 2008 10:29 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Office Blockage...
Hi Darren,
I have even tried the whitelist mode. But doing so blocks all
exe
and even it doesn't allow to run vbs (scripts) which are
necessary
to run.
There may be some exe's which user should run.. So, allowing
this
policy doesnot works...
Thanks...
------------------------------------------------------
On Wed, 23 Jul 2008 Darren Mar-Elia wrote :
>Deepak-
>Have you considered using Software Restriction Policy in
>whitelist mode?
>That is, set the default level to disallowed and then only
allow
>a specified
>pre-approved set of executables?
>
>Darren
>
>-----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx
>[mailto:gptalk-bounce@xxxxxxxxxxxxx] On
>Behalf Of Deepu
>Sent: Wednesday, July 23, 2008 7:39 AM
>To: gptalk@xxxxxxxxxxxxx
>Subject: [gptalk] Office Blockage...
>
>Hi Friends,
>
>I am in a great problem. I would really appreciate if anyone
>can
>help me at the earliest:
>
>Problem: I want to block some executables like access.exe,
>publisher.exe and communicator.exe using group policy.
>
>Now the problem is i can't use Software Restriction Policy
>using
>hash rule as the hash will change everytime microsoft patches
>or
>release service pack for office 2007.
>
>Secondly if i use Software Restriction Policy using path
rule.
>The
>user can simply copy the exe to alternate location and can
run
>the
>program with ease.
>
>So,i would really appreciate if anyone can help me to solve
>this
>issue, as the user can't open the above mentioned exe from
>anywhere. I want to implement it using group policy. A custom
>ADM/ADMX will also work... Please guide me if possible...
>
>Waiting for your reply...
>Deepak Kumar...
>India...
>
>***********************
>You can unsubscribe from gptalk by sending email to
>gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the
Subject
>field OR by
>logging into the freelists.org Web interface. Archives for
the
>list are
>available at http://www.freelists.org/archives/gptalk/
>************************
>
>***********************
>You can unsubscribe from gptalk by sending email to
>gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the
Subject
>field OR by logging into the freelists.org Web interface.
>Archives for the list are available at
>http://www.freelists.org/archives/gptalk/
>************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject
field OR by
logging into the freelists.org Web interface. Archives for the
list are
available at http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject
field OR by logging into the freelists.org Web interface.
Archives for the list are available at
http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************
Other related posts:
- » [gptalk] Office Blockage...
- » [gptalk] Re: Office Blockage...
- » [gptalk] Re: Office Blockage...
- » [gptalk] Re: Office Blockage...
- » [gptalk] Re: Office Blockage...
- » [gptalk] Re: Office Blockage...
- » [gptalk] Re: Office Blockage...
- » [gptalk] Re: Office Blockage...
- » [gptalk] Re: Office Blockage...
- » [gptalk] Re: Office Blockage...
- » [gptalk] Re: Office Blockage...
- » [gptalk] Re: Office Blockage...
-----Original Message-----From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Deepu Sent: Wednesday, July 23, 2008 10:29 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Office Blockage... Hi Darren,I have even tried the whitelist mode. But doing so blocks all exe and even it doesn't allow to run vbs (scripts) which are necessary
to run.There may be some exe's which user should run.. So, allowing this
policy doesnot works... Thanks... ------------------------------------------------------ On Wed, 23 Jul 2008 Darren Mar-Elia wrote : >Deepak- >Have you considered using Software Restriction Policy in >whitelist mode?>That is, set the default level to disallowed and then only allow
>a specified >pre-approved set of executables? > >Darren > >-----Original Message----- > From: gptalk-bounce@xxxxxxxxxxxxx >[mailto:gptalk-bounce@xxxxxxxxxxxxx] On >Behalf Of Deepu >Sent: Wednesday, July 23, 2008 7:39 AM >To: gptalk@xxxxxxxxxxxxx >Subject: [gptalk] Office Blockage... > >Hi Friends, > >I am in a great problem. I would really appreciate if anyone >can >help me at the earliest: > >Problem: I want to block some executables like access.exe, >publisher.exe and communicator.exe using group policy. > >Now the problem is i can't use Software Restriction Policy >using >hash rule as the hash will change everytime microsoft patches >or >release service pack for office 2007. >>Secondly if i use Software Restriction Policy using path rule.
>The>user can simply copy the exe to alternate location and can run
>the >program with ease. > >So,i would really appreciate if anyone can help me to solve >this >issue, as the user can't open the above mentioned exe from >anywhere. I want to implement it using group policy. A custom >ADM/ADMX will also work... Please guide me if possible... > >Waiting for your reply... >Deepak Kumar... >India... > >*********************** >You can unsubscribe from gptalk by sending email to>gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject
>field OR by>logging into the freelists.org Web interface. Archives for the
>list are >available at http://www.freelists.org/archives/gptalk/ >************************ > >*********************** >You can unsubscribe from gptalk by sending email to>gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject
>field OR by logging into the freelists.org Web interface. >Archives for the list are available at >http://www.freelists.org/archives/gptalk/ >************************ *********************** You can unsubscribe from gptalk by sending email togptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/ ************************ ***********************You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at http://www.freelists.org/archives/gptalk/
************************