prevent user specific autostarts

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

hallo,

is it to possible to prevent users from creating user specific autostarts on
their client machines in a windows 2003 domain? I would like to prevent the
execution of their user specific autostart folder as well as the different
registry keys in HKEY_CURRENT_USER.
The idea is, to prevent malware from becoming active again after a regular
system reboot.

Thanks
Christian Gulich
 
Christian Gulich said:
hallo,

is it to possible to prevent users from creating user specific
autostarts on their client machines in a windows 2003 domain? I would
like to prevent the execution of their user specific autostart folder
as well as the different registry keys in HKEY_CURRENT_USER.
The idea is, to prevent malware from becoming active again after a
regular system reboot.

Thanks
Christian Gulich
Click to expand...

Well, you might be able to do this, and even make the programs\startup
folder read only, but any malware worth its salt is going to do what it
wants. I don't think this is the answer. I think the answer is to keep users
from having more rights than they should, and run good/updated/resident
antivirus/antimalware software on all systems (centrally managed).
 
I think the answer is to keep users
from having more rights than they should ...
Click to expand...

Thanks for your answer. My users just have the standard rights for the
"normal" user, but by default a "normal" user has its own startup folder and
its own registry keys, where he or the malware could place an automatic start
at user login into. THIS I want to prevent.
If this would be possible by reducing the user rights centrally, I would be
very happy.

Christian
 
Christian Gulich said:
Thanks for your answer. My users just have the standard rights for the
"normal" user, but by default a "normal" user has its own startup
folder and its own registry keys, where he or the malware could place
an automatic start at user login into. THIS I want to prevent.
If this would be possible by reducing the user rights centrally, I
would be very happy.

Christian
Click to expand...

You might be able to get away with it, but I truly think it's a waste of
effort - it won't prevent malware infection in the slightest, and may
actually cause more problems than it prevents. Get some decent software
running resident, that does AV and antimalware scanning. You might try
posting in microsoft.public.security with this, though.
 
Back
Top