Q
Problem solve Get help with specific problems with your technologies, process and projects.

Limiting applications on Win 2003 server

At a recent seminar, I was told by Microsoft staff that we can limit the applications that we want to run on a Win 2003 server and a virus cannot run if I set this feature. Please advice how to do this.
I cannot speak for Microsoft, but I believe the reference is to Software Restriction policies. You can set them at the domain level in a GPO and therefore manage the software that can run on all XP Professional computers in a domain or OU. You can also use this on a single XP Professional computer. In short, you create a policy that prevents any software from running, and then you must create rules that allow the software that you have authorized to run. If a user attempts to run software for which there is no rule, it will not run. This can be a virus, Trojan, worm or a legitimate application. You must remember to specify all of the applications that you want to run. That's the key. But, any new software that is on purpose or accidentally added to the computer cannot run. I recommend that you experiment on a single Windows XP Professional computer until you get the rules correctly written. Then write a policy at the OU level. A good place to start researching Software Restriction Policies is with the help files on Windows XP Professional or Windows Server 2003.

Learn more about desktop security in Roberta Bragg's webcasts, Managing your road warriors and Secrets of desktop security.

Dig Deeper on Windows legacy operating systems

Programming languages for Windows; resources for Windows administrators As a server administrator managing a local OU within a large domain and no permissions to DC and GPO like EA, what tools or scripts should I use to audit or monitor changes in real-time to my OU such as Groups Modified or Computers Removed? I want to know what other users are doing to my OU by keeping a log. Can you share any good practical WMI or VP scripts that you use for AD and Windows XP/2000/2003 daily? What is the best long-term programming language to learn for Windows XP/2003/Vista environments (e.g., VBScript, Java script, Perl, Python, VB, C#)? And what is your own preference? Microsoft keeps sending out too many security patches and hotfixes that drive me crazy. Will we see an end soon like XP-SP3 and be done with? Will we see Vista as a whole lot better security with less patches than XP? What benefits are in Vista to force the upgrades? Other than Microsoft Resource Kits books, can you give me a few recommended technical books on Windows XP, 2003, Vista and WSH, WMI, Perl, Python, VB programming? Other than Microsoft's Web site to search for Knowledgebase technical help, are there other Web sites that are great for Windows administrators?

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

Close