Blocking executables from being written to disk or executed?

Archived from groups: microsoft.public.win2000.general (More info?)

Hi!

I work in a school where the students like to download & install
software & destroy the computer configuration.

We are now going to get 25 Win2K Pro workstations and about 100 XP
Home PC:s.

Is there any way to block executables from being written to disk, that
is, blocking those filetypes from being downloaded?

Is it possible to tell te OS not to execute some filetypes except
those in the original computer configuration?

Any way to this from Windows or with some free tools?

Is it possible with NTFS permissions?

Any tips?

Thanks!
2 answers Last reply
More about blocking executables written disk executed
  1. Archived from groups: microsoft.public.win2000.general (More info?)

    Alek-

    I'm sorry you had to wait so long for an answer. It's absolutely possible
    and most everyone in this forum could have helped you. Maybe the MVP's don't
    think it's worth their time to help someone unless they can get "points" for
    answering the question (pay no attention to this paragraph, I'm just annoyed
    that no one cared enough to help you).

    On the 2k pro boxes simply making the students only members of the Users
    group should prevent them from installing the great majority of programs and
    certainly most anything that would mess up the computer. Go here to read
    more about Windows 2000 groups (skip over the domain groups/universal/global
    groups unless you are using a domain):
    http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/deploy/dgbf_upg_jcik.asp

    As you read more you will see it's all about NTFS security (permissions) and
    Group Policies/local policy (Rights). Just remember, you can lock it down as
    tight as you want. You could set up 2000 on a public kiosk that any stranger
    could access and still keep it secure (provided they couldn't open the
    computer, etc).

    Good luck and I hope this helps.

    Nick Staff
    "alekz" wrote:

    > Hi!
    >
    > I work in a school where the students like to download & install
    > software & destroy the computer configuration.
    >
    > We are now going to get 25 Win2K Pro workstations and about 100 XP
    > Home PC:s.
    >
    > Is there any way to block executables from being written to disk, that
    > is, blocking those filetypes from being downloaded?
    >
    > Is it possible to tell te OS not to execute some filetypes except
    > those in the original computer configuration?
    >
    > Any way to this from Windows or with some free tools?
    >
    > Is it possible with NTFS permissions?
    >
    > Any tips?
    >
    > Thanks!
    >
  2. Archived from groups: microsoft.public.win2000.general (More info?)

    Clarification -

    Even regular users are susceptable to spyware/adware - however the
    installations should be contained to the user who installed the spyware. For
    example if John is on the computer and malware is installed which gives him
    tons of popups, then he logs off and Mary logs on (using her account of
    course), she should not be effected.

    Hope this helps,

    Nick Staff

    "Nick Staff" wrote:

    > Alek-
    >
    > I'm sorry you had to wait so long for an answer. It's absolutely possible
    > and most everyone in this forum could have helped you. Maybe the MVP's don't
    > think it's worth their time to help someone unless they can get "points" for
    > answering the question (pay no attention to this paragraph, I'm just annoyed
    > that no one cared enough to help you).
    >
    > On the 2k pro boxes simply making the students only members of the Users
    > group should prevent them from installing the great majority of programs and
    > certainly most anything that would mess up the computer. Go here to read
    > more about Windows 2000 groups (skip over the domain groups/universal/global
    > groups unless you are using a domain):
    > http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/deploy/dgbf_upg_jcik.asp
    >
    > As you read more you will see it's all about NTFS security (permissions) and
    > Group Policies/local policy (Rights). Just remember, you can lock it down as
    > tight as you want. You could set up 2000 on a public kiosk that any stranger
    > could access and still keep it secure (provided they couldn't open the
    > computer, etc).
    >
    > Good luck and I hope this helps.
    >
    > Nick Staff
    > "alekz" wrote:
    >
    > > Hi!
    > >
    > > I work in a school where the students like to download & install
    > > software & destroy the computer configuration.
    > >
    > > We are now going to get 25 Win2K Pro workstations and about 100 XP
    > > Home PC:s.
    > >
    > > Is there any way to block executables from being written to disk, that
    > > is, blocking those filetypes from being downloaded?
    > >
    > > Is it possible to tell te OS not to execute some filetypes except
    > > those in the original computer configuration?
    > >
    > > Any way to this from Windows or with some free tools?
    > >
    > > Is it possible with NTFS permissions?
    > >
    > > Any tips?
    > >
    > > Thanks!
    > >
Ask a new question

Read More

Configuration Computers Windows