for example under
UserConfiguration/Admin Templates/System/"Don't run specified windows applications"
The sasser variants would be
napatch.exe
avserve.exe
avserve2.exe
lsasss.exe
We then linked this policy just under the default domain policy. This made sense for us because the NOC was already watching for AV defs and is there all the time. So when a new variant springs up with a new executable we just instructed them to add the executable name to the list. It would be great if there was API into GPO objects so that I could have provided them a perl or vb script to do it without giving up the entire GPMC, but ms hasn't provided one to manage individual policy settings. Hint, hint, Eric...
^Insert distorted emoticon here
On May 13, 2004, at 4:14 PM, Mike Hogenauer wrote:
<x-tad-bigger>Sorry for the newbie sounding question.</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>How can I use Group Policy to block certain ports in all workstation in a certain OU? Ex: for the SASSER virus it’s recommended to block TCP 5554 9996. I have remote users that I wanted apply a GP to that will block these ports.</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>Thanks</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>Mike</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-smaller>Mike Hogenauer</x-tad-smaller>
<x-tad-smaller>[EMAIL PROTECTED]</x-tad-smaller>
<x-tad-smaller>Rendition Networks, Inc.</x-tad-smaller>
<x-tad-smaller>10735 Willows Rd NE, Suite 150</x-tad-smaller>
<x-tad-smaller>Redmond, WA 98052</x-tad-smaller>
<x-tad-smaller>425.636.2115 | Fax: 425.497.1149</x-tad-smaller>
