[THIN] Appsec, Software Restriction Policies and Windows Server 2003...
- From: RICHARD.CHAPMAN@xxxxxxxxxxxxxxxxxx
- To: thin@xxxxxxxxxxxxx
- Date: Thu, 12 Jun 2003 09:55:24 +0100
Hi there
We currently run a Windows NT 4.0 Terminal Server farm for which we use
appsec very successfully to restrict access to unknown code whilst giving
access to over 100 known applications. We use a scripted build to deploy
the applications and at the same time enter trusted applications into the
appsec registry section. This works very well for us.
We are currently looking at moving to Windows Server 2003 and I see now that
appsec has been replaced by Software Restriction Policies. So far, I
haven't been able to find any information on how to script these policies
or, for that matter, any way in the MMC to export and import these policies.
(An export option is available to a csv file but there is no way to import
this file... and all of the restrictions need to be entered manually in the
first instance anyway)
After a bit of digging I found that the Software Restriction Policies
themselves are stored in the registry under
HKLM\Software\Policies\Microsoft\Windows\Safer\codeidentifiers\0\Paths\{Some
GUID} for disallowed rules
and
HKLM\Software\Policies\Microsoft\Windows\Safer\codeidentifiers\262144\Paths\
{Some GUID} for unrestricted rules
If I directly enter restrictions into the above registry locations by
creating my own unique GUID and all of the other appropriate information and
then reboot the server, the policies do in fact take effect. However, they
are not viewable in the MMC.
Does anyone know of any other ways to script this in a more refined manner
and in a way where everything will be viewable in the MMC?
Regards
Rich
Richard Chapman
Technical Support
richard.chapman@xxxxxxxxxxxxxxxxxx
Ph +44 207 587 2205
This email is confidential to the addressee only. If you do not believe that
you are the intended addressee, do not use, pass on or copy it in any way.
If you have received it in error, please delete it immediately and telephone
the number given, reversing the charges if necessary.
****************************************************************************
SMOKE ALARMS SAVE LIVES
Go to London Fire at www.london-fire.gov.uk/firesafety
This email is confidential to the addressee only. If you do not believe that
you are the intended addressee, do not use, pass on or copy it in any way.
If you have received it in error, please delete it immediately and telephone
the number given, reversing the charges if necessary.
********************************************************
This weeks sponsor - Emergent Online 99Point9.com
Designed to facilitate efficient resolution of your technical server-based
questions, issues and incidents, technical support is a few mouse-clicks away:
you submit your incident-specific support requests via our online support
helpdesk, our certified engineers resolve them while you monitor the progress,
and your systems get back to 99.9% up-time in no time.
http://www.99point9.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
