Preventing PSTOOLS on domain/network

Toggle sidebar Toggle sidebar
S

sirdistik

Distinguished
Apr 17, 2003
34
0
18,530
Hi,

Does anyone have any experience with restricting PSTOOLS [ http://www.sysinternals.com ] from running on a windows network running Windows server 2003 ??

we have a few clever users here who are locking out and shutting other people's PC's down remotely.

The users DON"T have any administrator right but are still able to execute the programs. I'm hoping to "nip the problem in the bud" - so to speak, by trying to take away any access that's allowing them to do it.

Thanks in advance
 
M

mafadecay

Distinguished
Mar 30, 2008
130
0
18,680
Here are 2 links worth a read:

http://desktopengineer.com/msirestrictrun
http://www.tunexp.com/news/windows-story-834.html

Here are some ideas that might work.

1) Goto Local security policy.
Under local policies and user rights assignment check users for force shutdown from a remote system. Hopefully set to admins only.

2) Also remove users form the shutdown the system policy. Only have Admins and power users allowed. This will stop local shutdown of the system. (Might stop remote shutdown also not sure)

3) Under software restriction policies create an additional rule. New path rule. Disallow the path to psshutdown.exe from pstools store folder.

4) Same software restriction policy create a new hash rule for pstools psshutdown.exe and disallow (Also apply to any other command tools you want to deny access). Even deny cmd.exe and command.exe this will stop all command line access.

5) Before long they will learn other command line tools. You can remove the run command for starters. This will cut off one avenue for them easily opening a command line. Various ways to remove run command.

Just some ideas if nobody else can come up with anything.

 
S

sirdistik

Distinguished
Apr 17, 2003
34
0
18,530
Thanks for the info Mafadecay. I was hoping more for restrictions on the access level if at all possible. So far I've taken all batch file execution and command line access off which prevents them from running those scripts but i'm not sure whether that will stop other types like VB, pl, etc..

I've heard about MS's shared computer toolkit before, and it looks like i'll have to start looking into it seriously this time.. thanks again.

Any other ideas from anyone would be much appreciated!
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom