Ask the Expert

Limiting applications on Win 2003 server

At a recent seminar, I was told by Microsoft staff that we can limit the applications that we want to run on a Win 2003 server and a virus cannot run if I set this feature. Please advice how to do this.
I cannot speak for Microsoft, but I believe the reference is to Software Restriction policies. You can set them at the domain level in a GPO and therefore manage the software that can run on all XP Professional computers in a domain or OU. You can also use this on a single XP Professional computer. In short, you create a policy that prevents any software from running, and then you must create rules that allow the software that you have authorized to run. If a user attempts to run software for which there is no rule, it will not run. This can be a virus, Trojan, worm or a legitimate application. You must remember to specify all of the applications that you want to run. That's the key. But, any new software that is on purpose or accidentally added to the computer cannot run. I recommend that you experiment on a single Windows XP Professional computer until you get the rules correctly written. Then write a policy at the OU level. A good place to start researching Software Restriction Policies is with the help files on Windows XP Professional or Windows Server 2003.

Learn more about desktop security in Roberta Bragg's webcasts, Managing your road warriors and Secrets of desktop security.

This was first published in October 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: