Using SRP with AppLocker to block more scripts

Discussion in 'other security issues & news' started by doktornotor, Apr 8, 2011.

Thread Status:
Not open for further replies.
  1. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Since AppLocker only cares about .ps1, .bat, .cmd, .vbs, and .js scripts, I thought I might use SRP to disallow other scripts to be run outside of %WinDir% and %ProgramFiles% to make life more of a PITA for users :p

    Already removed stuff covered by AppLocker from Designated File Types plus a bunch of others, such as MS Access/Project files, LNK, CHM... So, what would be a good suffix list for this? Ideas?
     
  2. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    When Applocker is active, SRP is disabled, so not sure why you'd want to remove anything from SRP, and if I am not mistaken that feature only blocks by file extension which is easy to circumvent and btw doesn't work if a script is assigned to open by a third-party app.
     
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Yes, by extension. Perfectly enough since their browsing is already restricted to intranet and couple of selected sites.

    Why I wanted to do this? Because the users here are complete morons. (Their computer literacy pretty much reflects their salary, ugh... Good that I spend just a couple of hours a week in this company from hell.) Would prefer to not get into more details, suffice to say that recently one of them wiped pretty much his entire user profile by clicking on a "picture" which was a script. It was a "joke" by one of his fellow workers. Similar incidents happen couple of times every month and am I tired of restoring the backups.

    Well, since both cannot be applied at the same time I will have to look at alternative GPO stuff to do the same, thread pretty much closed. Or I will just send them to hell and tell them to find another backup-restore monkey :p
     
  4. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747

    Why not just use SRP then ?
     
  5. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Wanted to avoid it since there is one big office OU with the same AppLocker policy... which includes also normal people :p with much less restricted internet access. AppLocker obviously preferred there. Also a whole lot better when forcing up-to-date versions of applications etc. Also at least one less policy and OU to manage. Eh well, sigh...

    Honestly these morons would be best served with a Linux live CD if a couple of the core apps there did not require Windows. :rolleyes:
     
  6. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    Oh, well...

    You can't stop stupidity, the person responsible for that 'joke' should be punished...

    btw what kind of script was that?
     
  7. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    IIRC some WSF crap. :rolleyes:
     
Loading...
Thread Status:
Not open for further replies.