Agree 100% On 4/4/10, Butturini, Russell <[email protected]> wrote: > In 2003 environments you can set group policy to disable the windows > installer on workstations. However this won't knock out third party > installation packagers. The best thing to do is strip local admin rights > from the users and prevent them from writing files to key directories > (program files, system32, etc.) > > ----- Original Message ----- > From: Sherwyn <[email protected]> > To: Butturini, Russell; '[email protected]' > <[email protected]> > Sent: Sun Apr 04 12:15:19 2010 > Subject: Re: [Pauldotcom] Blocking Unwanted programing from installing > > The are running 2003. > > Thanks. > Infolookup > www.infolookup.blogspot.com > www.twitter.com/infolookup > > > -----Original Message----- > From: "Butturini, Russell" <[email protected]> > Date: Sun, 4 Apr 2010 10:57:15 > To: '[email protected]'<[email protected]>; > '[email protected]'<[email protected]> > Subject: Re: [Pauldotcom] Blocking Unwanted programing from installing > > What version of SBS are you dealing with? 2003 or 2008? You have some more > capabilities in 2008 than 2003 for this sort of thing, > > ----- Original Message ----- > From: [email protected] > <[email protected]> > To: PaulDotCom Security Weekly Mailing List <[email protected]> > Sent: Sat Apr 03 20:34:27 2010 > Subject: [Pauldotcom] Blocking Unwanted programing from installing > > Hello PDC Guru's, > > I am task with locking down a Microsoft SBS environment. The goal is to > allow all currently installed application to be able to run but stop the > installation of any new application (limewire, AOL messenger etc). > > I am aware that I can use a Run only list or software restriction "path > rule", but since both of these can be very time consuming if the users has > lots of application installed. > > Is there anyway to just allow all currently installed aops run access but > block installation of new apps for a set of users? > > Thank you in advance. > > Infolookup > www.infolookup.blogspot.com > www.twitter.com/infolookup > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > ****************************************************************************** > This email contains confidential and proprietary information and is not to > be used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > ****************************************************************************** > > ****************************************************************************** > This email contains confidential and proprietary information and is not to > be used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > ****************************************************************************** > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
-- Sent from my mobile device _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
