I believe that if you use Software Restriction Policies you can restrict an application with a hash rule to prevent renaming executables.
On 8/28/07 11:54 AM, "Matt Stanzel" <[EMAIL PROTECTED]> wrote: > You will definitely want to create a new policy first, that applies only to > students: > > User Configuration > à Administrative Templates > à à System > à à à Run only allowed Windows applications > > Enable policy, and click ³Show² to add your list of applications that are > allowed. The primary problem is, that is doesn¹t use any true type of > identifier to determine the author or hash of a specified application, so any > smart student can change their executable to ³winword.exe² and run it. > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Pearson, Jeremy > Sent: Tuesday, August 28, 2007 11:27 AM > To: info-tech@aea8.k12.ia.us > Subject: RE: [info-tech] Jump Drives > > Tony- > > I think with group policy you can turn on a setting that will > only allow you to run executables that you physically put in the list. So, > once you turn it on, nothing works until you start populating the allow list > in group policy. > > Jeremy > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Richardson,Tony > Sent: Tuesday, August 28, 2007 11:19 AM > To: info-tech@aea8.k12.ia.us > Subject: RE: [info-tech] Jump Drives > > It would be usefull to know what others do to lock down their Windows servers > in a school environment. > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Henn, Layne > Sent: Tuesday, August 28, 2007 11:14 AM > To: info-tech@aea8.k12.ia.us > Subject: RE: [info-tech] Jump Drives > I have since been corrected by one of our IT staff. We don¹t block > executables, we just block access to files for user logins that are not > administrators. > We are deploying lightspeed in our district as well which will give more > control. > I can find out more about what items in Group Policy we do configure. > Layne > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Richardson,Tony > Sent: Tuesday, August 28, 2007 11:10 AM > To: info-tech@aea8.k12.ia.us > Subject: RE: [info-tech] Jump Drives > > Hi Layne, > > How is your Group Policy configured to disallow executables. What items in > Group Policy do you configure to do this this? > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Henn, Layne > Sent: Tuesday, August 28, 2007 10:46 AM > To: info-tech@aea8.k12.ia.us > Subject: RE: [info-tech] Jump Drives > Layne in Sioux City, > We allow students to use them, in fact we sell 128mb flash drives in our media > centers. > We also have a student file system (internal only) where students can log in > and have access to 100mb of storage on a server. > The system is home-grown with linux os. It links to our sis, so every student > has an account. > As far as executables, we use group policy from our windows servers to > disallow student logins the ability to run executables or access to any system > files. > Layne Henn > Sioux City Schools > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Dan Davis > Sent: Tuesday, August 28, 2007 10:11 AM > To: info-tech@aea8.k12.ia.us > Subject: [info-tech] Jump Drives > > All, > I am curious as to what other school districts policies are concerning the > use of Jump / Flash drives on school computers. Is this allowed by students / > staff? Do you have specific polices in place for their use? > How are executables installed on these devices handled so they are not run on > school computers? > I have staff asking about the use of these and I am reluctant to allow them so > far. > > > Thank you > > > > > Dan Davis > Network Administrator > Spirit Lake Comm. School > 900 20th Street > Spirit Lake, Ia.51360 > (712)336-3707 ext. 1300 > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > >
