I think you can restrict users of installing programs with policies but you cannot restrict of running a executable which does no install at all
----------------------------------------------- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: [email protected] Internet: www.tropenklinik.de ----------------------------------------------- -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Hubert Choma Gesendet: Donnerstag, 14. Oktober 2010 08:48 An: samba Betreff: [Samba] how to prevent copying programs on local harddisk from samba share Hello Ia have samba PDC 3.3.8-0.52.el5_5.2 on centos 5.5. My clients - win XP PRO SP3. I have noticed that some users copy from sama share whole catalog with program and run it from local drive where they got full access. Write access for This share [geo$] is only for @geo group! Others can't write . So they are workaround this ! How can I prevent copying programs from samba shares to a local drives and run it from there? It is any possibility to secure programs and run it from samba shares only ? Please help! [global] workgroup = geodezja server string = Samba Server %v interfaces = 10.10.10.0/255.255.255.0 127.0.0.1 bind interfaces only = Yes update encrypted = Yes client ntlmv2 auth = yes log level = 2 vfs:3 auth:2 passdb:3 log file = /var/log/samba/%U.%m.log max log size = 500 #PERFORMANCE socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 read raw = yes write raw = yes max xmit = 65535 large readwrite = yes add user script = /usr/sbin/useradd "%u" -n -g users add group script = /usr/sbin/groupadd "%g" add machine script = /usr/sbin/useradd -n -c "komputer (%u)" -M -d /nohome -s /bin/false "%u" # add machine script = /usr/sbin/useradd -g komputery -d /dev/null -s /bin/false -M "%u" logon script = %G.CMD logon path = logon home = domain logons = yes os level = 128 preferred master = yes domain master = yes local master = yes remote browse sync = none remote announce = none dns proxy = No wins support = yes name resolve order = wins hosts bcast hosts allow = 10.10.10.0/255.255.255.0 127.0.0.1 hosts deny = ALL security = user null passwords = no deadtime = 0 map to guest = never create mask = 0777 nt acl support = no time server = yes enable privileges = yes passdb backend = tdbsam username map = /etc/samba/smbusers hide dot files = yes guest ok = no name cache timeout = 60 [geo$] comment = Mapa # oplock = yes # level2oplocks = yes # locking = yes invalid users = @geodeta,@ewidencja, write list = +geo path = /home/samba/geo force group = geo force create mode = 0777 vfs object = recycle full_audit recycle:repository = .recycle/%U recycle:touch = true recycle:keeptree = true recycle:versions = false recycle:exclude = *.TMP *.STP recycle:directory_mode = 773 full_audit:prefix = %u|%m|%I|%S full_audit:success = read pwrite write rename unlink rmdir mkdir lock pread full_audit:failure = read write -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
