Hi
we need to deny purticular user(local& domain) to access from some applications please recommend any fixlets
Regards
Vicky
In the console, goto Endpoint Protection Module, goto all dashboards then click Behavior Monitoring Wizard and select the exception tab and specify the path of the application you want to block.
Thanks
You should also be able to do this through Windows AppLocker, which it should be possible to manage through IEM. I have not tried it, but it is definitely something I am interested in.
Is this an application that you don’t want anyone to have access to? If so, you could create a policy action that automatically uninstalls it if it is detected.
This may be a little long…I was also asked recently to create a way in IEM to block applications also. What I found is that you’ll need to create a task to add the “DisallowRun” subkey and entry to the key “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer“; you can then add values to the “DisallowRun” subkey that will block the .exe from running. https://technet.microsoft.com/en-us/library/cc960900.aspx has more details on the DisallowRun subkey. Unfortunately you have to do this for each user, since there doesn’t seem to be away to do this for all users at once without a lot of registry hacks that I wasn’t comfortable with doing. I ended up breaking up the process into two parts.
The first task runs and checks to see if the current user has the “DisallowRun” registry key and if not, it adds it and prompts them to reboot using the post action. The reboot is required for the key to take effect.
Relevance:
NOT exists key whose (name of it as string is “DisallowRun”) of key (“HKEY_USERS” & (component string of sid of security account (name of logged on user) as string) & “\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”) of (registry|native registry)
The Action is:
regset “[HKEY_USERS{component string of sid of security account (name of logged on user)}\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]” “DisallowRun”=dword:00000001
/The next regset isn’t need but I like to have a DisplayName value to query and use in the second task/
regset “[HKEY_USERS{component string of sid of security account (name of logged on user)}\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]” “DisplayName”=“BigFix Blocked Apps”
The second task prompts for the entry name and the value of the executable that we want to block and then adds them under the “DisallowRun” subkey. I also added a taskkill to the second task so that the targeted application is closed after the value is added. This task does not require a reboot and takes effect right after it is applied as long as the machine was rebooted when the first task was run on the machine. After the entry is added the application closes if opened and the user will get a message that the application has been blocked by their administrator if they attempt to open it again.
Relevance:
exists key whose (value “DisplayName” of it as string is “BigFix Blocked Apps”) of key (“HKEY_USERS” & (component string of sid of security account (name of logged on user) as string) & “\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”) of (registry|native registry) as string
The Action is:
/The first action parameter takes the actual executable name e.g. notepad.exe/
action parameter query “blockedExe” with description “Enter the executable name:” with default value “none”
/The second action parameter takes the description. This could be 1,2,3 or blabla. I find it useful to just name it after the executable. e.g. notepad/
action parameter query “blockedExeDesc” with description “Enter the description for the executable:” with default value “none”
/Adds the value to the DisallowRun key for the current user/
regset “[HKEY_USERS{component string of sid of security account (name of logged on user)}\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]” “{parameter “blockedExeDesc”}”="{parameter “blockedExe”}"
/kills the executable after the value is added/
waithidden “{pathname of client folder of site “BESSupport”}\taskkill.exe” /F /IM {parameter “blockedExe”}
It should be possible to effect all user keys using Local GPO deployed through BigFix, which would simplify this.
k. I’ll take another shot at it and post back if I’m able to simply the process using the local gpo.
Okay will check in my environment & revert back to u
We have licensed version of LCM & SUA only
Thanks JGSTEV … okay will check nd tell
Hi
kindly can u able to give fixlet for chrome.exe application control