Have group policy to block most .exe from executing in temp locations. Think cryptolocker.
Access to C:\Users\xxx\AppData\Local\Temp\Temp1_Veeam.Endpoint.Backup.8.0.0.1822.BETA.zip\EndPoint.8.0.0.1822.exe has been restricted by your Administrator by location with policy rule {431c1074-5bc6-4045-a8e4-50ddb52c0719} placed on path C:\Users\xxx\AppData\Local\Temp\*.zip\*.exe.
Should recode so that it doesn't use that path.
-
- Novice
- Posts: 5
- Liked: never
- Joined: Dec 16, 2014 7:50 pm
- Contact:
-
- Product Manager
- Posts: 14720
- Liked: 1705 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Install blocked by group policy
Hello csnow123,
From my experience, it is common for the software to use C:\Users\xxx\AppData\Local\Temp\ as a temporary location while performing a self unpacking. Could you please describe is it a default group policy or to deploy such is considered to be a best practice? Thank you.
From my experience, it is common for the software to use C:\Users\xxx\AppData\Local\Temp\ as a temporary location while performing a self unpacking. Could you please describe is it a default group policy or to deploy such is considered to be a best practice? Thank you.
-
- Novice
- Posts: 5
- Liked: never
- Joined: Dec 16, 2014 7:50 pm
- Contact:
Re: Install blocked by group policy
I used the gpo provided in this article and links
http://community.spiceworks.com/topic/3 ... it-updated
Not sure I would consider it a best practice (yet) and it does cause issues, notably acrobat flash and join.me.
But, it's another measure of security to keep programs from being installed or run. Most pc users have just local rights but can still run from the various temp directories. Easier to do this than whitelist all programs.
I would prefer that exe's that need to unpack do so in the directory they are run from.
Separate GPO, looks like this:
Software Restriction Policies/Additional Ruleshide
Path Ruleshide
%AppData%\*.exe
Security Level Disallowed
Description Disables ability for executables(exe files) from running under AppData folder
Date last modified 10/7/2013 10:01:19 AM
%AppData%\*\*.exe
Security Level Disallowed
Description Disables ability for executables(exe files) from running under AppData\<Vendor>\ folder
Date last modified 10/7/2013 10:02:46 AM
%localAppData%\*.exe
Security Level Disallowed
Description
Date last modified 10/7/2013 10:12:09 AM
%localAppData%\*\*.exe
Security Level Disallowed
Description
Date last modified 10/7/2013 10:13:06 AM
Temp%\*.zip\*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened using Windows built-in Zip support.
Date last modified 10/17/2013 4:58:50 PM
%Temp%\7z*\*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with 7zip
Date last modified 10/17/2013 4:57:52 PM
http://community.spiceworks.com/topic/3 ... it-updated
Not sure I would consider it a best practice (yet) and it does cause issues, notably acrobat flash and join.me.
But, it's another measure of security to keep programs from being installed or run. Most pc users have just local rights but can still run from the various temp directories. Easier to do this than whitelist all programs.
I would prefer that exe's that need to unpack do so in the directory they are run from.
Separate GPO, looks like this:
Software Restriction Policies/Additional Ruleshide
Path Ruleshide
%AppData%\*.exe
Security Level Disallowed
Description Disables ability for executables(exe files) from running under AppData folder
Date last modified 10/7/2013 10:01:19 AM
%AppData%\*\*.exe
Security Level Disallowed
Description Disables ability for executables(exe files) from running under AppData\<Vendor>\ folder
Date last modified 10/7/2013 10:02:46 AM
%localAppData%\*.exe
Security Level Disallowed
Description
Date last modified 10/7/2013 10:12:09 AM
%localAppData%\*\*.exe
Security Level Disallowed
Description
Date last modified 10/7/2013 10:13:06 AM
Temp%\*.zip\*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened using Windows built-in Zip support.
Date last modified 10/17/2013 4:58:50 PM
%Temp%\7z*\*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with 7zip
Date last modified 10/17/2013 4:57:52 PM
-
- Expert
- Posts: 214
- Liked: 61 times
- Joined: Feb 18, 2013 10:45 am
- Full Name: Stan G
- Contact:
Re: Install blocked by group policy
You would prefer if each program uses it's own TEMP directory inside their current path?
That would be hell to clean-up, so no I don't agree on this one.
That would be hell to clean-up, so no I don't agree on this one.
-
- Product Manager
- Posts: 14720
- Liked: 1705 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Install blocked by group policy
csnow123,
Thanks for details! I agree with Stan - it’s just easier to manage on folder via software permissions then have separate temp folder for every piece of software (and again manage all of them, but separately).
Thanks for details! I agree with Stan - it’s just easier to manage on folder via software permissions then have separate temp folder for every piece of software (and again manage all of them, but separately).
Who is online
Users browsing this forum: Akhanzhin, neo24382 and 40 guests