Domain and .EXE files

Hello,
Recently we had a user create an .exe file on their XP PRO computer and ran
this file which didnt hurt anything, but in the future, I want to be able to
block this activity in case the .exe would have been malicious.

So, how can I block all .exe files from running from a user's desktop?

Although, if they copy it to a different path, I guess they'd still be able
to run it.

Any ideas how I can block this sort of activity in the future?

I do not want to allow user's to create .exe files and run them on their
local PCs.

 

WORLDe <WORLDe@discussions.microsoft.com> wrote:
> Hello,
> Recently we had a user create an .exe file on their XP PRO computer
> and ran this file which didnt hurt anything, but in the future, I
> want to be able to block this activity in case the .exe would have
> been malicious.
>
> So, how can I block all .exe files from running from a user's desktop?
>
> Although, if they copy it to a different path, I guess they'd still
> be able to run it.
>
> Any ideas how I can block this sort of activity in the future?
>
> I do not want to allow user's to create .exe files and run them on
> their local PCs.

It sounds like your users have local admin rights. Revoke those. Users
should be members of the Users group only. Also, you don't describe how
your user created an executable file on his or her desktop, but perhaps you
should uninstall the software that permitted this to happen.

Presuming you're using AD you can also use group policy and software
restrictions to limit what they can run. I suggest you post in
m.p.windows.group_policy and explain what exactly it is you want to allow
and what you want to deny.

 

> So, how can I block all .exe files from running from a user's desktop?

Take their desktop away from them.

They won't be able to work. You would be blocking Word,
Outlook..................


> block this activity in case the .exe would have been malicious.

This is where virus software comes in. Install it on all the laptops and
keep it updated. If he is creating viruses on the company computer and
spreading it to the company network do you really want this person working
there?


DDS


"WORLDe" <WORLDe@discussions.microsoft.com> wrote in message
news:2D52A43E-054F-4A3C-800C-F7AF5A8E2771@microsoft.com...
> Hello,
> Recently we had a user create an .exe file on their XP PRO computer and
> ran
> this file which didnt hurt anything, but in the future, I want to be able
> to
> block this activity in case the .exe would have been malicious.
>
> So, how can I block all .exe files from running from a user's desktop?
>
> Although, if they copy it to a different path, I guess they'd still be
> able
> to run it.
>
> Any ideas how I can block this sort of activity in the future?
>
> I do not want to allow user's to create .exe files and run them on their
> local PCs.

 

If I revoke their local admin rights, what will this stop them from doing?

"Lanwench [MVP - Exchange]" wrote:

> WORLDe <WORLDe@discussions.microsoft.com> wrote:
> > Hello,
> > Recently we had a user create an .exe file on their XP PRO computer
> > and ran this file which didnt hurt anything, but in the future, I
> > want to be able to block this activity in case the .exe would have
> > been malicious.
> >
> > So, how can I block all .exe files from running from a user's desktop?
> >
> > Although, if they copy it to a different path, I guess they'd still
> > be able to run it.
> >
> > Any ideas how I can block this sort of activity in the future?
> >
> > I do not want to allow user's to create .exe files and run them on
> > their local PCs.
>
> It sounds like your users have local admin rights. Revoke those. Users
> should be members of the Users group only. Also, you don't describe how
> your user created an executable file on his or her desktop, but perhaps you
> should uninstall the software that permitted this to happen.
>
> Presuming you're using AD you can also use group policy and software
> restrictions to limit what they can run. I suggest you post in
> m.p.windows.group_policy and explain what exactly it is you want to allow
> and what you want to deny.
>
>
>

 

WORLDe <WORLDe@discussions.microsoft.com> wrote:
> If I revoke their local admin rights, what will this stop them from
> doing?

A lot of things. More to the point, if you don't revoke their admin rights
you can't reasonably expect to *stop* them from doing anything.
>
> "Lanwench [MVP - Exchange]" wrote:
>
>> WORLDe <WORLDe@discussions.microsoft.com> wrote:
>>> Hello,
>>> Recently we had a user create an .exe file on their XP PRO computer
>>> and ran this file which didnt hurt anything, but in the future, I
>>> want to be able to block this activity in case the .exe would have
>>> been malicious.
>>>
>>> So, how can I block all .exe files from running from a user's
>>> desktop?
>>>
>>> Although, if they copy it to a different path, I guess they'd still
>>> be able to run it.
>>>
>>> Any ideas how I can block this sort of activity in the future?
>>>
>>> I do not want to allow user's to create .exe files and run them on
>>> their local PCs.
>>
>> It sounds like your users have local admin rights. Revoke those.
>> Users should be members of the Users group only. Also, you don't
>> describe how your user created an executable file on his or her
>> desktop, but perhaps you should uninstall the software that
>> permitted this to happen.
>>
>> Presuming you're using AD you can also use group policy and software
>> restrictions to limit what they can run. I suggest you post in
>> m.p.windows.group_policy and explain what exactly it is you want to
>> allow and what you want to deny.

 

Hello WORLDe,

Seems that you users are local admin, remove that and you solved a lot of
problems for yourself. Also they are not able to install software which effects
the system drive. They are still able to run/install some software, but lot's
are stopped with removing local admin rights.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello,
> Recently we had a user create an .exe file on their XP PRO computer
> and ran
> this file which didnt hurt anything, but in the future, I want to be
> able to
> block this activity in case the .exe would have been malicious.
> So, how can I block all .exe files from running from a user's desktop?
>
> Although, if they copy it to a different path, I guess they'd still be
> able to run it.
>
> Any ideas how I can block this sort of activity in the future?
>
> I do not want to allow user's to create .exe files and run them on
> their local PCs.
>