How to stop people running Program X.

[Matty_Cross]

Just into my email from the kind people at TechRepublic...

Every admin has a program that they don't want the users to run, be it a chat client, a filesharing program, or simply something that allows access to classified materials...

A variety of methods have been made for stopping access to said programs... and hears yet another one!!!

Control access to applications with Appsec.exe

IT pros who want to restrict access to applications might want to consider using the GUI-based tool called Application Security (Appsec.exe) from the Windows 2000 Resource Kit. The tool automatically adds certain applications to the list, including XCOPY, CMD, SUBST, NET, and several others. When you add an application, you specify the absolute path to the application's executable file.

Appsec lets you restrict access to applications, enabling you to control the applications that a given user can run. You can also use Appsec to track application access and let you know when someone runs a restricted application indirectly, such as launching Word by starting a new message in Outlook with Word as the default e-mail editor. This tracking ability can help you identify and close potential loopholes.

Appsec's restriction list applies to the local computer and therefore to all local users. It doesn't discriminate on a per-user or per-group basis. In addition, the restriction list is single-purpose; if an application is on the list, it blocks access for all users. In order to unblock an application, you must remove it from the list.

Appsec doesn't provide a mechanism for disabling security for a specific application on the list, although you can enable and disable security globally. Administrators aren't affected by Appsec and can access all applications regardless of their presence on the restriction list.

Note: Microsoft states in Knowledge Base article Q257980 that the version of Appsec included with the Windows 2000 Resource Kit is missing three files. You can download the complete version of Appsec from Microsoft's ftp site .

Now, as I read this, I think... isn't this kinda heavy handed?? Blocking it for all users? What about those who you need to use the applications..... Your not going to make them Administrator's just so they can run the program... well, I know that I wouldn't, some people think that's a reasonable thing to do.. *shakes head*

Also, it uses Absolute Path's.... wouldn't that mean if its an enclosed program (ie, only one file) this security is useless?? Couldn't they could just copy the file to another directory, and run it from there, bypassing the absolute reference that is blocked.....

On the plus side, it does track when a blocked application is run, which would, as it said, help you identify and close loopholes....

Just though I'd share.....

[Simon Templer]

Hello Everyone,

The college I work for, asked me to write an application that would restrict programs, similiar to Application Security. The way I layed my program out was as follows:

You have a set of policies that you can use to classify each program. Each policy has it's own password. For example:

A policy called "Chat Programs" may include the EXE names for:
MSN
Yahoo
Etc, Etc

Or a policy named "Office Apps" may include the EXE names for:
Excel
Word
Etc, Etc

My program would then monitor the process list, for any of the "watched" EXE names. If it found one, it would "pop-up" with a password box. If the user does not enter the correct password for that policy (In a specified time limit), then my program would terminate the application.

In addition, it would log the username, time, program, and if they gained access to the program (yes/no).

If anyone is interested, I'd be happy to share with them, the way my program works...

Simon Templer

[fiend]

err... It would be fairly easy to simply rename the file, thus negating the process name you code into the program