Ah right gotcha now - path-based rules. Forgot about that bit :-) I'm just interested to see how modern SRPs stack up against the software I work with.
Ta, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY -----Original Message----- From: Miller Bonnie L. <mille...@mukilteo.wednet.edu> Date: Tue, 9 Apr 2013 11:36:28 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com> Reply-To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com>Subject: RE: Blocking executables for the root of a share They are user policies, so if it's SRPs, it would be for those users logging on, blocked via UNC or some other connection path. If these are the only accounts with access to the shared resources, it should do the trick. As someone else mentioned, you could use FSRM on the file server also to block *.exe files (and other unwanted executable types). But, file screens apply to subfolders as well, which would each require exceptions as needed, so might not be wanted here. From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 11:26 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share Can you make SRPs specific to a share? I thought they were user policies? (Long time since I used them though) Sent from my Blackberry, which may be an antique but delivers email RELIABLY ________________________________ From: Miller Bonnie L. <mille...@mukilteo.wednet.edu<mailto:mille...@mukilteo.wednet.edu>> Date: Tue, 9 Apr 2013 11:07:37 -0700 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> ReplyTo: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Subject: RE: Blocking executables for the root of a share I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: kz2...@googlemail.com<mailto:kz2...@googlemail.com> [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY ________________________________ From: David Lum <david....@nwea.org<mailto:david....@nwea.org>> Date: Tue, 9 Apr 2013 17:45:34 +0000 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> ReplyTo: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin