Block the download location on the firewall (Not the best, but it will help).
________________________________ From: Miller Bonnie L. [mailto:[email protected]] Sent: Wednesday, July 08, 2009 1:14 PM To: NT System Admin Issues Subject: RE: GPO to block chrome.exe If you are talking about a software restriction policy value that you've added, it will only block the ability to run chrome.exe out of that location you've specified-it does not filter out the actual file from existing on the system. The hash block is also going to only work on that specific version, and you could run into versioning issues as upgrades are released. WS03 R2 or higher has File server resource manager (part of the R2 quota tools), which can be used to add file screens, but that won't work on a local workstation (it's possible they've added something with Vista and up that I'm not aware of-probably worth searching). If these are roaming profiles, FSRM file screens could prevent it saving back to the server, but we've had all sorts of grief with that type of setup-you're better off blocking the installation application or locking down rights to install in the first place. If that's not an option, you might be looking for something third party. -Bonnie From: David Lum [mailto:[email protected]] Sent: Tuesday, July 07, 2009 10:53 AM To: NT System Admin Issues Subject: GPO to block chrome.exe I have a GPO with a path value blocking %userprofile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe, but it doesn't seem to be working. Running the modeling wizard I see the GPO is applied to the correct system. I also see chrome.exe seems to exist in all sorts of "Local Settings\Temp\chrome_nnnn" locations, what's up w/ that? I also have a hash value block of the .EXE (well, one version of them) in the same GPO. I need to block the app (please don't get me started at blocking the install on the first place...one step at a time here). Ideas? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
