Blocking executables from being written to disk or executed?
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.general (More info?)
Hi!
I work in a school where the students like to download & install
software & destroy the computer configuration.
We are now going to get 25 Win2K Pro workstations and about 100 XP
Home PC:s.
Is there any way to block executables from being written to disk, that
is, blocking those filetypes from being downloaded?
Is it possible to tell te OS not to execute some filetypes except
those in the original computer configuration?
Any way to this from Windows or with some free tools?
Is it possible with NTFS permissions?
Any tips?
Thanks!
Hi!
I work in a school where the students like to download & install
software & destroy the computer configuration.
We are now going to get 25 Win2K Pro workstations and about 100 XP
Home PC:s.
Is there any way to block executables from being written to disk, that
is, blocking those filetypes from being downloaded?
Is it possible to tell te OS not to execute some filetypes except
those in the original computer configuration?
Any way to this from Windows or with some free tools?
Is it possible with NTFS permissions?
Any tips?
Thanks!
More about : blocking executables written disk executed
Archived from groups: microsoft.public.win2000.general (More info?)
Alek-
I'm sorry you had to wait so long for an answer. It's absolutely possible
and most everyone in this forum could have helped you. Maybe the MVP's don't
think it's worth their time to help someone unless they can get "points" for
answering the question (pay no attention to this paragraph, I'm just annoyed
that no one cared enough to help you).
On the 2k pro boxes simply making the students only members of the Users
group should prevent them from installing the great majority of programs and
certainly most anything that would mess up the computer. Go here to read
more about Windows 2000 groups (skip over the domain groups/universal/global
groups unless you are using a domain):
http://www.microsoft.com/resources/documentation/Window...
As you read more you will see it's all about NTFS security (permissions) and
Group Policies/local policy (Rights). Just remember, you can lock it down as
tight as you want. You could set up 2000 on a public kiosk that any stranger
could access and still keep it secure (provided they couldn't open the
computer, etc).
Good luck and I hope this helps.
Nick Staff
"alekz" wrote:
> Hi!
>
> I work in a school where the students like to download & install
> software & destroy the computer configuration.
>
> We are now going to get 25 Win2K Pro workstations and about 100 XP
> Home PC:s.
>
> Is there any way to block executables from being written to disk, that
> is, blocking those filetypes from being downloaded?
>
> Is it possible to tell te OS not to execute some filetypes except
> those in the original computer configuration?
>
> Any way to this from Windows or with some free tools?
>
> Is it possible with NTFS permissions?
>
> Any tips?
>
> Thanks!
>
Alek-
I'm sorry you had to wait so long for an answer. It's absolutely possible
and most everyone in this forum could have helped you. Maybe the MVP's don't
think it's worth their time to help someone unless they can get "points" for
answering the question (pay no attention to this paragraph, I'm just annoyed
that no one cared enough to help you).
On the 2k pro boxes simply making the students only members of the Users
group should prevent them from installing the great majority of programs and
certainly most anything that would mess up the computer. Go here to read
more about Windows 2000 groups (skip over the domain groups/universal/global
groups unless you are using a domain):
http://www.microsoft.com/resources/documentation/Window...
As you read more you will see it's all about NTFS security (permissions) and
Group Policies/local policy (Rights). Just remember, you can lock it down as
tight as you want. You could set up 2000 on a public kiosk that any stranger
could access and still keep it secure (provided they couldn't open the
computer, etc).
Good luck and I hope this helps.
Nick Staff
"alekz" wrote:
> Hi!
>
> I work in a school where the students like to download & install
> software & destroy the computer configuration.
>
> We are now going to get 25 Win2K Pro workstations and about 100 XP
> Home PC:s.
>
> Is there any way to block executables from being written to disk, that
> is, blocking those filetypes from being downloaded?
>
> Is it possible to tell te OS not to execute some filetypes except
> those in the original computer configuration?
>
> Any way to this from Windows or with some free tools?
>
> Is it possible with NTFS permissions?
>
> Any tips?
>
> Thanks!
>
Archived from groups: microsoft.public.win2000.general (More info?)
Clarification -
Even regular users are susceptable to spyware/adware - however the
installations should be contained to the user who installed the spyware. For
example if John is on the computer and malware is installed which gives him
tons of popups, then he logs off and Mary logs on (using her account of
course), she should not be effected.
Hope this helps,
Nick Staff
"Nick Staff" wrote:
> Alek-
>
> I'm sorry you had to wait so long for an answer. It's absolutely possible
> and most everyone in this forum could have helped you. Maybe the MVP's don't
> think it's worth their time to help someone unless they can get "points" for
> answering the question (pay no attention to this paragraph, I'm just annoyed
> that no one cared enough to help you).
>
> On the 2k pro boxes simply making the students only members of the Users
> group should prevent them from installing the great majority of programs and
> certainly most anything that would mess up the computer. Go here to read
> more about Windows 2000 groups (skip over the domain groups/universal/global
> groups unless you are using a domain):
> http://www.microsoft.com/resources/documentation/Window...
>
> As you read more you will see it's all about NTFS security (permissions) and
> Group Policies/local policy (Rights). Just remember, you can lock it down as
> tight as you want. You could set up 2000 on a public kiosk that any stranger
> could access and still keep it secure (provided they couldn't open the
> computer, etc).
>
> Good luck and I hope this helps.
>
> Nick Staff
> "alekz" wrote:
>
> > Hi!
> >
> > I work in a school where the students like to download & install
> > software & destroy the computer configuration.
> >
> > We are now going to get 25 Win2K Pro workstations and about 100 XP
> > Home PC:s.
> >
> > Is there any way to block executables from being written to disk, that
> > is, blocking those filetypes from being downloaded?
> >
> > Is it possible to tell te OS not to execute some filetypes except
> > those in the original computer configuration?
> >
> > Any way to this from Windows or with some free tools?
> >
> > Is it possible with NTFS permissions?
> >
> > Any tips?
> >
> > Thanks!
> >
Clarification -
Even regular users are susceptable to spyware/adware - however the
installations should be contained to the user who installed the spyware. For
example if John is on the computer and malware is installed which gives him
tons of popups, then he logs off and Mary logs on (using her account of
course), she should not be effected.
Hope this helps,
Nick Staff
"Nick Staff" wrote:
> Alek-
>
> I'm sorry you had to wait so long for an answer. It's absolutely possible
> and most everyone in this forum could have helped you. Maybe the MVP's don't
> think it's worth their time to help someone unless they can get "points" for
> answering the question (pay no attention to this paragraph, I'm just annoyed
> that no one cared enough to help you).
>
> On the 2k pro boxes simply making the students only members of the Users
> group should prevent them from installing the great majority of programs and
> certainly most anything that would mess up the computer. Go here to read
> more about Windows 2000 groups (skip over the domain groups/universal/global
> groups unless you are using a domain):
> http://www.microsoft.com/resources/documentation/Window...
>
> As you read more you will see it's all about NTFS security (permissions) and
> Group Policies/local policy (Rights). Just remember, you can lock it down as
> tight as you want. You could set up 2000 on a public kiosk that any stranger
> could access and still keep it secure (provided they couldn't open the
> computer, etc).
>
> Good luck and I hope this helps.
>
> Nick Staff
> "alekz" wrote:
>
> > Hi!
> >
> > I work in a school where the students like to download & install
> > software & destroy the computer configuration.
> >
> > We are now going to get 25 Win2K Pro workstations and about 100 XP
> > Home PC:s.
> >
> > Is there any way to block executables from being written to disk, that
> > is, blocking those filetypes from being downloaded?
> >
> > Is it possible to tell te OS not to execute some filetypes except
> > those in the original computer configuration?
> >
> > Any way to this from Windows or with some free tools?
> >
> > Is it possible with NTFS permissions?
> >
> > Any tips?
> >
> > Thanks!
> >
Related ressources:
- Forum[SOLVED] Batch file commands not executed
- ForumWhy was Intel a no-show on No Execute?
- ForumHow are hard disks read from and written to?
- ForumSata adapter BIOS not executing
- ForumDisable Exe and Other File Types from being run/viewed
- ForumLarge (8+ disk ) RAID5 Array Solution - for PC?
- ForumFX-8150 vs i7/i5, what games use all 8 cores and is there a benchmark?
- ForumConfiguring and Securing Multiple Computers
- ForumPerformance scaling with SSDs in raid array
- ForumWhat Exactly Is Imaging a Disk and How Does It Differ from Backing Up?
- ForumDrive Selection for RAID
- Forum" DISK BOOT FAILURE, INSERT SYSTEM DISK AND PRESS ENTER."
- ForumBest 64 - bit OS for Gaming?
- ForumTestingcolors
- ForumParallel and com ports not appearing in device manager
- ForumHELP -Need instructions on running Service Pack from cmd p..
- Forumshutdown from command line
- ForumAuto-logoff from XP workstations after idle period?
- Forumwin 2000 server boot disk problem
- Forumtools to resize dynamic disk?
- More resources
!
