Jump to content

disable .exe files in My Documents

Guest Baker72

By Guest Baker72
in Windows 2003 Server

 Share

Recommended Posts

Guest Baker72

Guest Baker72

Posted
Posted

I have a W2k3 SP1 server, which the users login via Terminal server. The My

Documents folder is re-routed to another server. I need to stop the user from

installing and running .exe files from they "My Documents". Upgrading to W2K3

R2 is not an option for now...

 

Any ideas

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Thee Chicago Wolf

Guest Thee Chicago Wolf

Posted
Posted

Re: disable .exe files in My Documents

 

>I have a W2k3 SP1 server, which the users login via Terminal server. The My

>Documents folder is re-routed to another server. I need to stop the user from

>installing and running .exe files from they "My Documents". Upgrading to W2K3

>R2 is not an option for now...

>

>Any ideas

 

Sure. Try this: Start > Run > gpedit.msc OR if you've got a policy set

up, apply it to your specific policy

 

Navigate to the following keys and turn these on:

 

Local Computer Policy > Computer Config > Windows Settings > Security

Settings > Software Restriction Policies > Additional Rules

 

You should be able to set up a simple PATH rule to My Documents

disallowing *.exe, that should do it for that folder. If you need to

put it on other My Doc. folders, do as you see fit.

 

 

Next...

Local Computer Policy > Computer Config > Administrative Templates >

Windows Components > Windows Installer

-----------------------------------------------------------------------------------------------------------

Always Install With Elevated Privileges = Disabled

Enable User Control Over Install = Disabled

Prohibit User Installs = Enabled, User Install Behavior = Prohibit

Installs

 

The above should turn off the ability for anyone to install junk. They

pretty much speak for themselves.

 

 

Lastly...

User Configuration > Administrative Templates > Windows Components >

Windows Installer

-----------------------------------------------------------------------------------------------------------

Always install with elevated Privileges = Disabled

Prevent removable media source for any install = Enabled

 

If you need to, adjust these as well. Should put the hammer down on

those philistines. ;-)

 

Let me know how it goes.

 

- Thee Chicago Wolf

Guest Baker72

Guest Baker72

Posted
Posted

Re: disable .exe files in My Documents

 

Wow, that is what I call detail information. Thanks man!!!

 

One more question. The policies should I configured them in the server that

they connect to, or the server where the My documents is located? I assumed

that is the one that they connect to...

 

"Thee Chicago Wolf" wrote:

> >I have a W2k3 SP1 server, which the users login via Terminal server. The My

> >Documents folder is re-routed to another server. I need to stop the user from

> >installing and running .exe files from they "My Documents". Upgrading to W2K3

> >R2 is not an option for now...

> >

> >Any ideas

>

> Sure. Try this: Start > Run > gpedit.msc OR if you've got a policy set

> up, apply it to your specific policy

>

> Navigate to the following keys and turn these on:

>

> Local Computer Policy > Computer Config > Windows Settings > Security

> Settings > Software Restriction Policies > Additional Rules

>

> You should be able to set up a simple PATH rule to My Documents

> disallowing *.exe, that should do it for that folder. If you need to

> put it on other My Doc. folders, do as you see fit.

>

>

> Next...

> Local Computer Policy > Computer Config > Administrative Templates >

> Windows Components > Windows Installer

> -----------------------------------------------------------------------------------------------------------

> Always Install With Elevated Privileges = Disabled

> Enable User Control Over Install = Disabled

> Prohibit User Installs = Enabled, User Install Behavior = Prohibit

> Installs

>

> The above should turn off the ability for anyone to install junk. They

> pretty much speak for themselves.

>

>

> Lastly...

> User Configuration > Administrative Templates > Windows Components >

> Windows Installer

> -----------------------------------------------------------------------------------------------------------

> Always install with elevated Privileges = Disabled

> Prevent removable media source for any install = Enabled

>

> If you need to, adjust these as well. Should put the hammer down on

> those philistines. ;-)

>

> Let me know how it goes.

>

> - Thee Chicago Wolf

>

Guest Thee Chicago Wolf

Guest Thee Chicago Wolf

Posted
Posted

Re: disable .exe files in My Documents

 

>Wow, that is what I call detail information. Thanks man!!!

>

>One more question. The policies should I configured them in the server that

>they connect to, or the server where the My documents is located? I assumed

>that is the one that they connect to...

 

On the server should be fine. Remember that these might also affect

the Admin account as well so you might have to temporarily disable

them to install stuff. However, I've only ever seen it complain with

MSI's. In any case, I don't know too many admins who install stuff on

their servers to have to worry about it. It's be interesting to see

how it works for you. Let me know, ok?

 

- Thee Chicago Wolf

 Share
Go to topic listing
×
×
  • Create New...