Page 3 of 3 FirstFirst 123
Results 21 to 24 of 24

Thread: disable running of batch files

  1. #21
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    As stated earlier....

    As we are obviously talking about "the enemy within" you MUST blend in physical security and a strong AUP as part of your security model.
    This IS they only way to circumvent

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  2. #22
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Sir Dice said:

    Domain policies, third party software and what not are all moot if I can boot the machine with a live-cd...
    That really hits the nail on the head! the actual issue is more like "How do I stop users running unauthorised executables in my environment" rather that "how do I stop them running batch files"

    JonnyFrond
    Wow Nihil, I had no idea, which James Bond film were you in??
    It isn't funny mate. Given that this sort of thing is rife in secondary schools, vocational colleges and universities, you have to assume that people you hire these days will have the knowledge and skill to pull it off....................even if they couldn't write a batch file to save their miserable lives

    As for the boot sequence, you can use a custom BIOS and/or an EEPROM chip, and put a lock on the case.................mess with that and you are out................instantly.............as I have said, a strong AUP is part of the model.

    Also, why pay for CD/DVD drives, USB, floppy drives if you don't NEED them.


  3. #23
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by nihil
    Also, why pay for CD/DVD drives, USB, floppy drives if you don't NEED them.[/B]
    Actually, with the A-brands you seem to have to pay them to leave it out these days

    But.. The A-brands (the corporate models at least) also have case locking so you can use those laptop type kabel/locks to lock/secure the casing and LCD to the desk. Added bonus: it'll make the computer harder to steal.. physicly that is..
    BIOS boot order and password should prevent booting from anything else but the harddrive.. GPO and perhaps some third party software should give you some control over who can access thumbdrives and/or cd/dvd-roms.. The A-brands also have a small cover switch that gets activated when the case is opened.. Next time the computer boots normally it can send a signal to you.. The cloners also picked up on this so there are casings and mainboards around that also sport these 'corporate' features
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #24
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I recently attended an MS Vista preview and they had 2 new features that would be handy and prevent physical access to data stored locally.

    The ability to lock out usb drives...and harddrive encryption....

    Not sure if these features will be available in all versions....

    So far they have 3 versions for home use and 3 versions for business...

    Supposedly the guts are all the same...just some features are turn on\off with the different versions.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •