To block a specific software running on a Windows system

system · April 26, 2013, 7:25pm

(imported topic written by Corda)

Hi to all, can anyone help me to create a Fixlet that blocks a specific software running on a Windows system?

Any suggestions
?

Thanks, Marco.

dexdexdex · April 26, 2013, 9:51pm

(imported comment written by liuhoting)

My first shot at this would basically be to look for:

Q: exists process whose (name of it contains “dwm.exe”)

and then maybe run taskkill on that particular application that’s running on your system?

system · April 26, 2013, 10:17pm

(imported comment written by Rob M.)

Was looking for the same solution. Everything lead to adding registry entries. Incorporating
Method 2
in this article:
http://support.microsoft.com/kb/323525

I’ve yet to write the fixlet and test due to more urgent matters, but if it helps, let us know.

system · April 27, 2013, 10:39pm

(imported comment written by Corda)

ok thanks, the second method could be a solution… I’ll also try to write the fixlet, but i’ll wait willingly suggestions.

Thanks.

Marco

system · April 29, 2013, 11:04pm

(imported comment written by Corda)

Hello, I’m trying to use the following command to create a registry key value. The console views “action is completed” but the action script is not working. The keys have not been created. Why?

regset “[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]” “DisallowRun”=dword:1

regset “[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]” “firefox”=“firefox.exe”

system · April 29, 2013, 11:12pm

(imported comment written by Rob M.)

This is because the regset is running as SYSTEM, not the current logged on user. There is a system location for the same command: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\

Explorer] which should theoretically provide the results you’re seeking. Hope it works. I need to implement a similar action for Google Chrome.

system · April 30, 2013, 2:47pm

(imported comment written by Corda)

Yes, with HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ the agent BigFix creates the two keys, but the processes are not blocked. At the moment, I don’t know how to do.

system · April 30, 2013, 5:10pm

(imported comment written by Rob M.)

If you’ve rebooted and it still doesn’t work, then it’s back to the drawing board for me as well.

system · May 2, 2013, 1:36am

(imported comment written by Corda)

I solved retrieving the current user key to access the system registry

parameter “currentUser”="{name of key whose (((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@”) of (it as string as lowercase) of (if (name of operating system = “Win7” OR name of operating system = “WinVista” OR name of operating system = “Winxp” OR name of operating system = “Win2003”) AND (exists value “USERNAME” of key “Volatile Environment” of it) then value “USERNAME” of key “Volatile Environment” of it else value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it))) of key “HKEY_USERS” of registry}"

regset “[HKEY_USERS{parameter “currentUser”}\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]” “DisallowRun”=dword:1

regset “[HKEY_USERS{parameter “currentUser” \Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]” “firefox”=“firefox.exe”