Q

Limiting applications on Win 2003 server

At a recent seminar, I was told by Microsoft staff that we can limit the applications that we want to run on a Win 2003 server and a virus cannot run if I set this feature. Please advice how to do this.
I cannot speak for Microsoft, but I believe the reference is to Software Restriction policies. You can set them at the domain level in a GPO and therefore manage the software that can run on all XP Professional computers in a domain or OU. You can also use this on a single XP Professional computer. In short, you create a policy that prevents any software from running, and then you must create rules that allow the software that you have authorized to run. If a user attempts to run software for which there is no rule, it will not run. This can be a virus, Trojan, worm or a legitimate application. You must remember to specify all of the applications that you want to run. That's the key. But, any new software that is on purpose or accidentally added to the computer cannot run. I recommend that you experiment on a single Windows XP Professional computer until you get the rules correctly written. Then write a policy at the OU level. A good place to start researching Software Restriction Policies is with the help files on Windows XP Professional or Windows Server 2003.

Learn more about desktop security in Roberta Bragg's webcasts, Managing your road warriors and Secrets of desktop

security.

This was first published in October 2003

Dig deeper on Windows legacy operating systems

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close