[gptalk] Re: Office Blockage...

  • From: "Deepu" <yoursfren@xxxxxxxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: 23 Jul 2008 17:40:15 -0000

Ya Darren,

Even after removing vbs and cmd from the designated file type list, it's still not allowing me to run a cmd file which we were testing.

Secondly even let's consider that somehow it starts working. But practically it's not feasible to block every exe as a user may have the requirement to install any program or run an exe externally...

Kindly let me know if you have some other solution. You can also try removing the vbs and cmd file type and try running a .cmd script. It will be denied...

Thanks...

On Wed, 23 Jul 2008 Darren Mar-Elia wrote :
Well, my guess is that you are not whitelisting everything you need to then. You can also exclude .vbs file types in your Designated File Types rule.

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Deepu
Sent: Wednesday, July 23, 2008 10:29 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Office Blockage...

Hi Darren,

I have even tried the whitelist mode. But doing so blocks all exe and even it doesn't allow to run vbs (scripts) which are necessary
to run.

There may be some exe's which user should run.. So, allowing this
policy doesnot works...

Thanks...

------------------------------------------------------

On Wed, 23 Jul 2008 Darren Mar-Elia wrote :
>Deepak-
>Have you considered using Software Restriction Policy in
>whitelist mode?
>That is, set the default level to disallowed and then only allow
>a specified
>pre-approved set of executables?
>
>Darren
>
>-----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx
>[mailto:gptalk-bounce@xxxxxxxxxxxxx] On
>Behalf Of Deepu
>Sent: Wednesday, July 23, 2008 7:39 AM
>To: gptalk@xxxxxxxxxxxxx
>Subject: [gptalk] Office Blockage...
>
>Hi Friends,
>
>I am in a great problem. I would really appreciate if anyone
>can
>help me at the earliest:
>
>Problem: I want to block some executables like access.exe,
>publisher.exe and communicator.exe using group policy.
>
>Now the problem is i can't use Software Restriction Policy
>using
>hash rule as the hash will change everytime microsoft patches
>or
>release service pack for office 2007.
>
>Secondly if i use Software Restriction Policy using path rule.
>The
>user can simply copy the exe to alternate location and can run
>the
>program with ease.
>
>So,i would really appreciate if anyone can help me to solve
>this
>issue, as the user can't open the above mentioned exe from
>anywhere. I want to implement it using group policy. A custom
>ADM/ADMX will also work... Please guide me if possible...
>
>Waiting for your reply...
>Deepak Kumar...
>India...
>
>***********************
>You can unsubscribe from gptalk by sending email to
>gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject
>field OR by
>logging into the freelists.org Web interface. Archives for the
>list are
>available at http://www.freelists.org/archives/gptalk/
>************************
>
>***********************
>You can unsubscribe from gptalk by sending email to
>gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject
>field OR by logging into the freelists.org Web interface.
>Archives for the list are available at
>http://www.freelists.org/archives/gptalk/
>************************

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: