If you were really evil, you could toss in a wscript.echo statement after
the objLatestProcess.TargetInstance.Terminate line that says "stop
downloading viruses already!" (or a more sensible usage warning).
:-)
Richard
> -----Original Message-----
> From: Puckett, Richard
> Sent: Tuesday, October 15, 2002 5:52 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [ActiveDir] Disable IE via GPO
>
>
>
> James,
>
> There are a couple of different ways you could approach this.
>
> One quick thought would be a custom logon script that targets
> this user specifically at logon and runs a wscript (not
> cscript) call against the below code (converted from the MS
> Script Repository). This creates a temporary event consumer
> that continually watches for instances of IEXPLORE.EXE and
> kills them (good for a practical joke too :-)). Using
> wscript ensures that no command window is created and the
> script is only recognizable by the wscript.exe process active
> in task manager. Of course this doesn't preclude him
> renaming IEXPLORE.EXE to something else, or logging on
> locally to avoid the logon script, but it's at least one option.
>
>
> Put wscript.exe %LOGONSERVER%\netlogon\killie.vbs in the
> logon script field (to suppress any display of a command
> prompt). Then stick the following into a .VBS file and copy
> it into the netlogon share.
>
> 'KillIE.VBS
>
> strComputer = "."
> Set objWMIService = GetObject("winmgmts:" _
> & "{impersonationLevel=impersonate}!\\" & strComputer &
> "\root\cimv2")
> Set colMonitoredProcesses = objWMIService. _
> ExecNotificationQuery("select * from __instancecreationevent " _
> & " within 1 where TargetInstance isa
> 'Win32_Process'") i = 0 Do While i = 0
> Set objLatestProcess = colMonitoredProcesses.NextEvent
> If objLatestProcess.TargetInstance.Name = "IEXPLORE.EXE" Then
> objLatestProcess.TargetInstance.Terminate
> End If
> Loop
>
>
> Hope this helps,
> Richard
>
>
> > -----Original Message-----
> > From: James Liddil [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, October 15, 2002 3:54 PM
> > To: [EMAIL PROTECTED]
> > Subject: [ActiveDir] Disable IE via GPO
> >
> >
> > W2K/Exchange2K Environment. We have a visiting scientist who
> > I was asked to give an account to. Turns out he has been
> > reading his web mail and it is highly infected based on the
> > number of alerts I got. The one machine he uses I have
> > pulled of the internet. But I now find he went to another
> > machine and did some web mail (virus alert again). So at
> > this point my hands are tied by the managements lack of
> > policies. So I need a way to prevent him from using IE
> > regardless of the machine. It seems in GPO I can lock it
> > down but not totally disable it. Or is there a way?
> >
> > Jim Liddil
> > List info : http://www.activedir.org/mail_list.htm
> > List FAQ : http://www.activedir.org/list_faq.htm
> > List archive:
> > http://www.mail-archive.com/activedir%> 40mail.activedir.org/
> >
> List info : http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%> 40mail.activedir.org/
>
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
