Can you make SRPs specific to a share? I thought they were user policies? (Long time since I used them though)
Sent from my Blackberry, which may be an antique but delivers email RELIABLY -----Original Message----- From: Miller Bonnie L. <[email protected]> Date: Tue, 9 Apr 2013 11:07:37 To: NT System Admin Issues<[email protected]> Reply-To: "NT System Admin Issues" <[email protected]>Subject: RE: Blocking executables for the root of a share I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: [email protected] [mailto:[email protected]] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY ________________________________ From: David Lum <[email protected]<mailto:[email protected]>> Date: Tue, 9 Apr 2013 17:45:34 +0000 To: NT System Admin Issues<[email protected]<mailto:[email protected]>> ReplyTo: "NT System Admin Issues" <[email protected]<mailto:[email protected]>> Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
