That would work, but I actually use GPOs to do this. User Policies > Admin Templates > System > Run only approved Windows executables. [If I remember correctly]
And then I use Software Restriction Policies [in a separate GPO] to keep anything from running out of %temp% and %tmp%. This one can cause problems installing some software, so I keep it as a separate GPO, for easy removal.
Thanks Westin - I went through this a while back but as I dont really admin any GPO's its slipped the mind.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it. Albert Einstein
Originally Posted by westin
Reply With Quote