Blocking executables from being written to disk or executed?

[Guest]

Archived from groups: microsoft.public.win2000.general (More info?)

Hi!

I work in a school where the students like to download & install
software & destroy the computer configuration.

We are now going to get 25 Win2K Pro workstations and about 100 XP
Home PC:s.

Is there any way to block executables from being written to disk, that
is, blocking those filetypes from being downloaded?

Is it possible to tell te OS not to execute some filetypes except
those in the original computer configuration?

Any way to this from Windows or with some free tools?

Is it possible with NTFS permissions?

Any tips?

Thanks!

 

[Guest]

Archived from groups: microsoft.public.win2000.general (More info?)

Alek-

I'm sorry you had to wait so long for an answer. It's absolutely possible
and most everyone in this forum could have helped you. Maybe the MVP's don't
think it's worth their time to help someone unless they can get "points" for
answering the question (pay no attention to this paragraph, I'm just annoyed
that no one cared enough to help you).

On the 2k pro boxes simply making the students only members of the Users
group should prevent them from installing the great majority of programs and
certainly most anything that would mess up the computer. Go here to read
more about Windows 2000 groups (skip over the domain groups/universal/global
groups unless you are using a domain):
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/deploy/dgbf_upg_jcik.asp

As you read more you will see it's all about NTFS security (permissions) and
Group Policies/local policy (Rights). Just remember, you can lock it down as
tight as you want. You could set up 2000 on a public kiosk that any stranger
could access and still keep it secure (provided they couldn't open the
computer, etc).

Good luck and I hope this helps.

Nick Staff
"alekz" wrote:

> Hi!
>
> I work in a school where the students like to download & install
> software & destroy the computer configuration.
>
> We are now going to get 25 Win2K Pro workstations and about 100 XP
> Home PC:s.
>
> Is there any way to block executables from being written to disk, that
> is, blocking those filetypes from being downloaded?
>
> Is it possible to tell te OS not to execute some filetypes except
> those in the original computer configuration?
>
> Any way to this from Windows or with some free tools?
>
> Is it possible with NTFS permissions?
>
> Any tips?
>
> Thanks!
>

 

[Guest]

Archived from groups: microsoft.public.win2000.general (More info?)

Clarification -

Even regular users are susceptable to spyware/adware - however the
installations should be contained to the user who installed the spyware. For
example if John is on the computer and malware is installed which gives him
tons of popups, then he logs off and Mary logs on (using her account of
course), she should not be effected.

Hope this helps,

Nick Staff

"Nick Staff" wrote:

> Alek-
>
> I'm sorry you had to wait so long for an answer. It's absolutely possible
> and most everyone in this forum could have helped you. Maybe the MVP's don't
> think it's worth their time to help someone unless they can get "points" for
> answering the question (pay no attention to this paragraph, I'm just annoyed
> that no one cared enough to help you).
>
> On the 2k pro boxes simply making the students only members of the Users
> group should prevent them from installing the great majority of programs and
> certainly most anything that would mess up the computer. Go here to read
> more about Windows 2000 groups (skip over the domain groups/universal/global
> groups unless you are using a domain):
> http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/deploy/dgbf_upg_jcik.asp
>
> As you read more you will see it's all about NTFS security (permissions) and
> Group Policies/local policy (Rights). Just remember, you can lock it down as
> tight as you want. You could set up 2000 on a public kiosk that any stranger
> could access and still keep it secure (provided they couldn't open the
> computer, etc).
>
> Good luck and I hope this helps.
>
> Nick Staff
> "alekz" wrote:
>
> > Hi!
> >
> > I work in a school where the students like to download & install
> > software & destroy the computer configuration.
> >
> > We are now going to get 25 Win2K Pro workstations and about 100 XP
> > Home PC:s.
> >
> > Is there any way to block executables from being written to disk, that
> > is, blocking those filetypes from being downloaded?
> >
> > Is it possible to tell te OS not to execute some filetypes except
> > those in the original computer configuration?
> >
> > Any way to this from Windows or with some free tools?
> >
> > Is it possible with NTFS permissions?
> >
> > Any tips?
> >
> > Thanks!
> >