7352 » How do I use software restriction policies in Windows Server 2003? 21-Oct-03
Microsoft Knowledge Base Article 324036 contains the following summary:
This article describes how to use software restriction
policies in Windows Server 2003. When you use software restriction policies,
you can identify and specify the software that is allowed to run so that you
can protect your computer environment from untrusted code. When you use
software restriction policies, you can define a default security level of Unrestricted or Disallowed for a Group Policy object (GPO) so that software is either
allowed or not allowed to run by default. To create exceptions to this default
security level, you can create rules for specific software. You can create the
following types of rules:
•
Hash rules
•
Certificate rules
•
Path rules
•
Internet zone rules
A policy is made up of the default security level and all of
the rules applied to a GPO. This policy can apply to all of the computers or to
individual users. Software restriction policies provide a number of ways to
identify software, and they provide a policy-based infrastructure to enforce
decisions about whether the software can run. With software restriction
policies, users must follow the guidelines that are set up by administrators
when they run programs.
With software restriction policies, you can
perform the following tasks:
•
Control which programs can run on your computer. For
example, you can apply a policy that does not allow certain file types to run
in the e-mail attachment folder of your e-mail program if you are concerned
about users receiving viruses through e-mail.
•
Permit users to run only specific files on multiple-user
computers. For example, if you have multiple users on your computers, you can
set up software restriction policies in such a way that users do not have
access to any software except for those specific files that they must use for
their work.
•
Decide who can add trusted publishers to your
computer.
•
Control whether software restriction policies affect all
users or just certain users on a computer.
•
Prevent any files from running on your local computer, your
organizational unit, your site, or your domain. For example, if there is a
known virus, you can use software restriction policies to stop the computer
from opening the file that contains the virus.IMPORTANT: Microsoft recommends that you do not use software restriction
policies as a replacement for antivirus software.
End of Article
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
When Microsoft announced its Windows Live OneCare security and PC health product over five years (as MSN OneCare), Symantec, McAfee, and the other consumer-oriented security vendors reacted with stunning vigor. ...
Get Mark Minasi’s Windows Server 2008 Audio CDs "Windows expert, consultant and best-selling author Mark Minasi shows you if 2008 is right for you and, if so, how to get the most out of it!
Take Control of Your Email Optimize your email storage – Download this white paper to learn key how-to’s in email storage management.
Get Windows IT Pro To Go! The Windows IT Pro Magazine Master CD is a powerful combination of content and convenience. Order now, and save up to 25%--plus you’ll get online access to new articles each and every month! Subscribe today!