Run only allowed Windows applications

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

HalosPrice wrote:

> I am an administrator on a fairly tightly controlled network. We use the
> "Run only allowed Windows applications" option in our Group Policies and then
> list all the executables which are permitted. Recently we installed Office
> 2003 and added, among others, WINWORD.EXE to our list of allowable
> applications.
>
> Here's the problem: When I am logged in with the above restrictions (not as
> an admin) and click on a hyperlink I receive the following error: "This
> Operation has been cancelled due to restrictions in effect on this computer".
> This is true for all link types: URL, External Word document, and internal
> bookmark. If I change the restriction to allow running any application, the
> error goes away and it works fine. This leads me to believe that I need to
> add an application to the allowed list.
>
> My question: How do I find out what executable Word is trying to call so
> that I can add it to the "Allowed Applications" list?
>
> Any assistance is greatly appreciated
Hi

For our Office 2000 installation, this is what we put into
the AppSec list:

%ProgramFiles%\Office\excel.exe
%ProgramFiles%\Office\winword.exe
%ProgramFiles%\Office\powerpnt.exe

%ProgramFiles%\Office\BINDER.EXE
%ProgramFiles%\Office\GRAPH9.EXE
%ProgramFiles%\Office\MSO7FTP.EXE
%ProgramFiles%\Office\MSO7FTPA.EXE
%ProgramFiles%\Office\MSO7FTPS.EXE
%ProgramFiles%\Office\MSOHTMED.EXE
%ProgramFiles%\Office\MSQRY32.EXE
%ProgramFiles%\Office\OSA9.EXE
%ProgramFiles%\Office\SETLANG.EXE
%ProgramFiles%\Office\WAVTOASF.EXE

%ProgramFiles%\Office\1033\MSOHELP.EXE
%ProgramFiles%\Office\1033\PROJWIZ.EXE
%ProgramFiles%\Office\Xlators\PPVIEW32.EXE

%ProgramFiles%\Common Files\Microsoft Shared\Artgalry\ARTGALRY.EXE
%ProgramFiles%\Common Files\Microsoft Shared\Artgalry\CAG.EXE
%ProgramFiles%\Common Files\Microsoft Shared\dasetup\dasetup.exe
%ProgramFiles%\Common Files\Microsoft Shared\Equation\EQNEDT32.EXE
%ProgramFiles%\Common Files\Microsoft Shared\MSInfo\MSINFO32.EXE
%ProgramFiles%\Common Files\Microsoft Shared\MSInfo\OFFPROV.EXE
%ProgramFiles%\Common Files\Microsoft Shared\OrgChart\ORGCHART.EXE
%ProgramFiles%\Common Files\Microsoft Shared\PhotoEd\PHOTOED.EXE

%WinDir%\MSAGENT\AGENTSVR.EXE
%WinDir%\System32\PACKAGER.EXE


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/s [...] fault.mspx

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

HalosPrice wrote:

> Well, I checked and all the files you listed are in our allowed
> executables list, except for the ones that are not installed on
> the system, and still no luck. Any other ideas?
Hi

Enable "Failure attempts" on the Audit Policy "Audit process tracking"
and "Audit object access", and then check the event log after trying
to start Word.


You also use Filemon from Sysinternals that does a real time logging
of file accesses, and look for failed operations there.

http://www.sysinternals.com/


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/s [...] fault.mspx