Basic question from a security newbie

  • Thread starter Gordon Smith \(eMVP\)
  • Start date
G

Gordon Smith \(eMVP\)

Don't let the "MVP" fool you here... My MVP role isn't related to security.
:)

I'm trying to lock down a computer for use in an internet cafe. I assumed
the rational way to approach this is to set the default security level under
software restriction policies to "disallow" and then list the few apps
(internet explorer, etc.) as apps that are allowed to run. Am I on the
right track?

Here's where I am getting confused. I set enforcement to apply to all users
except administrators (sounds logical). I set the default security level to
disallow. I logged out (even rebooted for good measure), but my limited
user accounts are still able to run everything. For grins, I went back to
the admin account and listed "sol.exe" using a hash rule as explicitly
disallowed. My guest account can't run sol.exe now, but I had assumed that
having a default rule of disallow would have acheived the same result.
Having the sol.exe show up as blocked tells me that the policies I'm
changing do actually mean something to the system, but the default rule of
disallow seems to be ignored.

Do I need to do something to have the default security level of "Disallow"
stick or am I misunderstanding what it means?
 
G

Gordon Smith \(eMVP\)

Anyone?
Don't let the "MVP" fool you here... My MVP role isn't related to
security. :)

I'm trying to lock down a computer for use in an internet cafe. I
assumed the rational way to approach this is to set the default
security level under software restriction policies to "disallow" and
then list the few apps (internet explorer, etc.) as apps that are
allowed to run. Am I on the right track?

Here's where I am getting confused. I set enforcement to apply to
all users except administrators (sounds logical). I set the default
security level to disallow. I logged out (even rebooted for good
measure), but my limited user accounts are still able to run
everything. For grins, I went back to the admin account and listed
"sol.exe" using a hash rule as explicitly disallowed. My guest
account can't run sol.exe now, but I had assumed that having a
default rule of disallow would have acheived the same result. Having
the sol.exe show up as blocked tells me that the policies I'm
changing do actually mean something to the system, but the default
rule of disallow seems to be ignored.

Do I need to do something to have the default security level of
"Disallow" stick or am I misunderstanding what it means?
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Local Security Settings 1
Software restriction policies and Windows XP 3
Super Newbie - Excuse my ignorance. How do I limit which users can access the internet? (WinXP PRO) 1
Software restriction 2
Software Restriction Policy 2
Disable Internet Explorer 3
IE group policy to control security level 1
Software Restriction Policies 0

Top