well to be honest, thats what I suggested to my boss, but he didn't agree for some strange reason. so here I am.
Printable View
well to be honest, thats what I suggested to my boss, but he didn't agree for some strange reason. so here I am.
JB
You really have to talk this strategy through with your boss, as he seems to be stuck on a tactical (short-term) approach at the moment.
OK, so you identify 1000 hacking programs and block them by "name" and I re-name them all?
Then I write 1001
It just does not make any sense?
Please take the advice of the very experienced contributors to this thread, and your own instincts.......it won't work.
Perhaps you need to brush up on your persuasive techniques here?
Good Luck Mate!
Alright thats what I do, can anyone please help me find out what sub programs ms office apps call????
Hey JB,
Cut us a bit of slack............
Which version of office? (4.X, 95,97,2000, XP/2002)
Standard, Professional, Developer?
Which modules (Word, Excel, Access, Powerpoint)?
That is a pretty tall order you have placed :) If you have a corporate licence, why not ask Microsoft Technical Support?
Cheers
BTW............It might help us if you said what you were trying to ACHIEVE?......I have a nasty suspicion that you might be going about it the long/wrong way?
We run our own programed software on windows 2000 servers(web based software) that allow users to log into our servers using items like citrix or Remote desktop / terminal services and use the computer/network just like it was there desktop at there office. We want to avoid users downloading applications from the web and running them against the server. I know some applications require admin access but not all do. So we want to deny the users access to run any exe but the ones we specifiy. First by denying any other hacking program running, but now(hopfully) by allowing them to run only the programs we specify.
Do you all know how to do it a simpler way?????
Office 2000 Professional
Microsoft tech support won't give out the information as it "compromises there software" blah blah blah.
Any help?????
Another problem would be, due to our various clients, Office is not the only program we have running. I mean we have everything from accounting software to grammer tools, talk and type tools.
So its a very very very large/hard problem.... and those options above are so far the only ones we have come up with so far. So its like a lose lose situation.. Any other ideas???
Have you looked into the SCE (Security Configuration Editor). Microsoft and the NSA both provide guides that might help you with this:
Microsoft's Security Hardening Guide
NSA CSE Templates
Hi jbclarkman,
I haven't uset the Citrix metaserver for a couple of years now, but you should be safe with that? AFAIK it just lets you use standard applications that you set up for the user in Citrix.......they should not be able to upload anything else, other than macros?......I am still trying to visualise your system............where is the data held?, hopefully on separate fileservers?...and there should not be any executables on those?
Also, you must use the Windows 2000 security features to their full extent. For the other stuff, the User should only be allowed to run programs, not add software? The answer has to lie in letting them access applications, but not access your OS?
You might like to consider creating you own "Citrix Like" environment, so they log into a screen full of icons that just pull up what they are entitled to on the applications server? A few lines of code in their logon script would do this.
I will need to go and think about this a bit more, but the scenario is familiar.
Please try to provide a bit more info about your architecture.........you can attach diagrams so long as they are not more than 1Mb and have a valid extension.........please see bottom left of reply screen.
Cheers
If you want a list of exe's that you do want to be able to execute, start by doing a search for all EXE's on the box..
(Start -> Search -> Files and Folders) *.exe
that would be a good start ;)
Well we have already developed are own "Citrix Like" enviornment. It loads almost like citrix but they can run the programs on there desktop and in start menu and such. They do not have access to a command prompt or anything of that matter. We are concerned with the fact that they might be able to download(sense they have internet access) and run some .exe programs that might compromise our server. So that is the main concern. We can't take away download/internet privlages because all of our clients pretty much depend on us for there high speed access. and I'm not exactly sure how to restrcit what users download... any ideas??