Problem solve Get help with specific problems with your technologies, process and projects.

Limiting applications on Win 2003 server

At a recent seminar, I was told by Microsoft staff that we can limit the applications that we want to run on a Win 2003 server and a virus cannot run if I set this feature. Please advice how to do this.
I cannot speak for Microsoft, but I believe the reference is to Software Restriction policies. You can set them at the domain level in a GPO and therefore manage the software that can run on all XP Professional computers in a domain or OU. You can also use this on a single XP Professional computer. In short, you create a policy that prevents any software from running, and then you must create rules that allow the software that you have authorized to run. If a user attempts to run software for which there is no rule, it will not run. This can be a virus, Trojan, worm or a legitimate application. You must remember to specify all of the applications that you want to run. That's the key. But, any new software that is on purpose or accidentally added to the computer cannot run. I recommend that you experiment on a single Windows XP Professional computer until you get the rules correctly written. Then write a policy at the OU level. A good place to start researching Software Restriction Policies is with the help files on Windows XP Professional or Windows Server 2003.

Learn more about desktop security in Roberta Bragg's webcasts, Managing your road warriors and Secrets of desktop security.

Dig Deeper on Windows legacy operating systems

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.