[gptalk] Re: Software restriction

  • From: Shane Williford <shane.williford@xxxxxxxxxx>
  • To: "gptalk@xxxxxxxxxxxxx" <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 19 Jan 2009 12:24:29 -0600

Darren (& others),
I heard back from my client who has done a week's worth of testing. This is his 
response:

I have spent the week testing every possible scenario for the designated file 
types and I have come to the conclusion that Windows Media player files can't 
be blocked!!!  The group policy and file types are being applied to the target 
computer.  Group policy logging doesn't indicate any conflicts or obvious 
problems. All the files which are being blocked are logged in events.  No log 
is generated for file types that should be blocked but are not (ie MP3).

It doesn't block the files even if i add the specific file paths 
(u:\Test_fles\*.mp3 or u:\Test_fles\My_Music_file.mp3).

I have also removed the following enties which are added automatically when a 
software policy is first created to see if that would help:

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\SystemRoot%*.exe
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\SystemRoot%System32\*.exe
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%

This didn't help at all!

Only idea i can think of doing now is to get someone else to try and block MP3, 
AVI, WAV, WMA, ZIP, PDF files on their system using software restrictions and 
see it works, unless someone can think of something else i can do?
In doing some searches, I've seen this happen to others with no posted 
solutions.

Any suggestions are greatly appreciated! Thanks guys (& gals) :)
~S

Shane Williford
MCSE, MCSA Sec, Sec+, Net+, A+
Systems Administrator
Mazuma Credit Union
Kansas City, MO 64131
shane.williford@xxxxxxxxxx<mailto:shane.williford@xxxxxxxxxx>
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of 
Darren Mar-Elia [darren@xxxxxxxxxx]
Sent: Friday, January 09, 2009 1:05 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Software restriction

Shane –
One thing you can try is to have them enable Software Restriction Policy 
logging on their client machines. That will create a log that will show 
whenever an execution passes or fails a rule, and which rule was involved. Its 
hard to say why those are not getting blocked but my suspicions are that the 
rule in use may not be capturing the right thing.

Darren

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Shane Williford
Sent: Friday, January 09, 2009 10:02 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Software restriction

Darren/All,
After further testing by my client, he states that all files are placed in the 
Designated File Types area and that: MP3, AVI, WAV, WMA, ZIP, PDF
file types are not getting blocked. Other files types (i.e. DOCX, CSV, DOC, 
TXT, etc) are getting blocked. Hmmm..not sure why that is…any other suggestions?

Thanks.

Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@xxxxxxxxxx<mailto:shane.williford@xxxxxxxxxx>
816-361-4194 x6012

From: Shane Williford
Sent: Friday, January 09, 2009 8:29 AM
To: 'gptalk@xxxxxxxxxxxxx'
Subject: RE: [gptalk] Re: Software restriction

Will do…I’ll keep you posted…

Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@xxxxxxxxxx<mailto:shane.williford@xxxxxxxxxx>
816-361-4194 x6012

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Friday, January 09, 2009 8:28 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Software restriction

Shane-
You could try adding those file types to the Designated File Types area in that 
policy. I haven’t tested them specifically but I don’t see why they shouldn’t 
work. Can you test and let us know?

Darren

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Shane Williford
Sent: Friday, January 09, 2009 5:47 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Software restriction

All,
Does the software restriction policy work with Windows Media files? I have a 
user who set this policy up and all seems to work except for these file types 
(i.e. WMA, WMV, MP3, etc)/

Shane M. Williford
Systems Administrator
MCSE, MCSA Sec, Sec+, Net+, A+
Mazuma Credit Union
9300 Troost
Kansas City, MO 64131
shane.williford@xxxxxxxxxx<mailto:shane.williford@xxxxxxxxxx>
816-361-4194 x6012


________________________________
Notice: The information transmitted in this e-mail may contain confidential 
and/ or legally privileged information intended only for the use of the 
individual(s) named above. Review, use, disclosure, distribution, or forwarding 
of this information by persons or entities other than the intended recipient(s) 
is prohibited by law and may subject them to criminal or civil liabilities. 
Statements and opinion expressed in this e-mail may not represent those of 
Mazuma Credit Union. All e-mail communications through Mazuma's corporate email 
system are subject to archiving and review by someone other than the recipient. 
If you have received this communication in error, please notify the sender 
immediately and delete/destroy any and all copies of the original message from 
any computer or network system.
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: