Prevent users from running executables from usb sticks

Guys, how do I prevent users from running executabels from usb sticks? I do want them to save and read files from the usb sticks, but not any executable files such as bat, exe, vbs etc.

I thought I could do this through AppLocker by definig the usb path as drive, but its not working.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Shadly1

Software restriction policy.

Dracula28

Just saw why I can not enforce applocker policies on my computers. They are running win7 pro. I'll give software restriction policies a try, but I think there will be a problem restricting users from running files from subfolders, and the restriction will just be for the root of the drive.

Shadly1

Software restriction will apply to the domain account so as long as they're logged in to the domain, they're restricted. Just make sure they're not local administrators or all this will be a wasted effort.

pzero

If your using AppLocker, make sure that the Application Identity Service is started.

Claymoore

Dracula28 wrote: »

Just saw why I can not enforce applocker policies on my computers. They are running win7 pro. I'll give software restriction policies a try, but I think there will be a problem restricting users from running files from subfolders, and the restriction will just be for the root of the drive.

AppLocker is only enforceable in Windows 7 Enterprise or Ultimate editions:
Understanding Windows 7 AppLocker

You can disable autorun through group policy which should stop most malicious software from running as soon as the drive is connected. If a user really wants to run the program, they could always just copy it to their desktop and run it from there.

pzero

^^ and that........ I prob should have read the thread properly first