Prevent users from running executables from usb sticks
Dracula28
Member Posts: 232
Guys, how do I prevent users from running executabels from usb sticks? I do want them to save and read files from the usb sticks, but not any executable files such as bat, exe, vbs etc.
I thought I could do this through AppLocker by definig the usb path as drive, but its not working.
I thought I could do this through AppLocker by definig the usb path as drive, but its not working.
Current certs: MCP (210) MCSA (270, 290, 291 and 680) MCTS (680, 640)
Comments
-
Dracula28
Member Posts: 232
Just saw why I can not enforce applocker policies on my computers. They are running win7 pro. I'll give software restriction policies a try, but I think there will be a problem restricting users from running files from subfolders, and the restriction will just be for the root of the drive.Current certs: MCP (210) MCSA (270, 290, 291 and 680) MCTS (680, 640)
-
Shadly1
Member Posts: 96 ■■□□□□□□□□
Software restriction will apply to the domain account so as long as they're logged in to the domain, they're restricted. Just make sure they're not local administrators or all this will be a wasted effort. -
pzero
Member Posts: 192
If your using AppLocker, make sure that the Application Identity Service is started. -
Claymoore
Member Posts: 1,637
Just saw why I can not enforce applocker policies on my computers. They are running win7 pro. I'll give software restriction policies a try, but I think there will be a problem restricting users from running files from subfolders, and the restriction will just be for the root of the drive.
AppLocker is only enforceable in Windows 7 Enterprise or Ultimate editions:
Understanding Windows 7 AppLocker
You can disable autorun through group policy which should stop most malicious software from running as soon as the drive is connected. If a user really wants to run the program, they could always just copy it to their desktop and run it from there.
