Application lockdown

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have tried verious methods posted here. I have hidden the c drive, used disable specific programs. Used GPO and such... i have been very successful on the local level. the problem i'm having is my users have figured out if they create a a shortcut on thier network drive, they can point to a file on thier local drive.

ie.. some have created a shortcut "MS-DOS" with it pointing to c:\windows\system32\command.com even though their is a GPO set so they can not run command.com, it still works... they have found a work-around

Can anyone help?
 
ehance the logon script to delete all the *.lnk files from the stored
network area!

It's a freaken cat and mouse game... isn't it! :)

Stew

roger said:
I have tried verious methods posted here. I have hidden the c drive, used
Click to expand...
disable specific programs. Used GPO and such... i have been very successful
on the local level. the problem i'm having is my users have figured out if
they create a a shortcut on thier network drive, they can point to a file on
thier local drive.
ie.. some have created a shortcut "MS-DOS" with it pointing to
Click to expand...
c:\windows\system32\command.com even though their is a GPO set so they can
not run command.com, it still works... they have found a work-around.
 
roger said:
I have tried verious methods posted here. I have hidden the c drive, used
Click to expand...
disable specific programs. Used GPO and such... i have been very successful
on the local level. the problem i'm having is my users have figured out if
they create a a shortcut on thier network drive, they can point to a file on
thier local drive.
ie.. some have created a shortcut "MS-DOS" with it pointing to
Click to expand...
c:\windows\system32\command.com even though their is a GPO set so they can
not run command.com, it still works... they have found a work-around.
Can anyone help?
Click to expand...

Have you denied it specifically by that name, if so do cmd.exe. Set
properties to deny cmd.exe / command.exe on the files itself to certain user
would b my suggestion
 
the login script is a good idea but they can just create the shortcut again.
and yes i have done the whole combination cmd.exe command.com command.exe
and others.
 
i meant set the properties on the files themselves so that they do not have
read permissions.
 
Back
Top