Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Prevent executables from running on mapped network drives

14 Jan 2013   #11
Parman

Windows 7 Ultimate x64
 
 

Okay i tested it out and it worked fine.

look at this for most of the instructions.

How to configure AppLocker Group Policy to prevent software from running - TechNet Articles - United States (English) - TechNet Wiki

When you get to conditions. choose path

Then select browse folders (navigate to your share using the UNC path.) choose next.

If you dont want any exceptions choose next again.

In the Description you can add "Please move files to desktop to run."

Then create. You dont need any of the default runs created.

This will update with the policy update or you can force it to update with the command gpedit /force


My System SpecsSystem Spec
.
14 Jan 2013   #12
Rickson1982

Windows 7 Professional 64Bit
 
 

Hi parman!

Thank you a lot for your effort.

I will follow your steps and I will make sure that the Application Identity service (AppIDSvc) is running.

I will let you know about the results.

Kind regards
Rickson1982
My System SpecsSystem Spec
14 Jan 2013   #13
Parman

Windows 7 Ultimate x64
 
 

Remember that you should not set the service to automatic until your have successfully tested it out. It's pretty straight forward and worked for me the first time so if you have any issues just ask.
My System SpecsSystem Spec
.

15 Jan 2013   #14
Rickson1982

Windows 7 Professional 64Bit
 
 

Hi parman!

Today, I tried out your solution.

It works perfectly for workstations which are on the domain.

However, it does not work for workstations which are not part of the domain (imaged workstations).

Do you have any suggestions how to deal with that problem?

Kind regards
Rickson1982
My System SpecsSystem Spec
15 Jan 2013   #15
Parman

Windows 7 Ultimate x64
 
 

You will have to go into the local group policy for the pc.
My System SpecsSystem Spec
15 Jan 2013   #16
Rickson1982

Windows 7 Professional 64Bit
 
 

Hi!

I think this is where I defined the rules.

I defined them here (without success):
Local Group Policy Editor / Computer Configuration / Windows Settings / Security Settings / Application Control Policies / AppLocker

Do you have any other ideas?

Do I need to change sth. in Local Group Policy Editor / Computer Configuration / Windows Settings / Security Settings / Local Policies?
My System SpecsSystem Spec
15 Jan 2013   #17
Parman

Windows 7 Ultimate x64
 
 

1. Start menu type gpedit.msc
2. Computer Configuration>Windows settings>Security Settings>Application Control Policies> Applocker.

My list and your list match up. It should work fine. did you run gpedit /force afterwards. Remember that without forcing the update it will only update after a certain period of time.

Last thing did you remember to start the service? Application Identity service

It will also have to be setup to automatic or it will not work after reboot, but only set on automatic after its been tested and working correctly.
My System SpecsSystem Spec
15 Jan 2013   #18
Rickson1982

Windows 7 Professional 64Bit
 
 

Hi!

I did all the steps exactly as you mentioned. Without success.

I think there may be some other settings missing...
My System SpecsSystem Spec
15 Jan 2013   #19
Parman

Windows 7 Ultimate x64
 
 

Anyway you could get me screen shots of the configuration. I just did it again using a network drive (UNC path) and it worked flawless.
My System SpecsSystem Spec
15 Jan 2013   #20
Rickson1982

Windows 7 Professional 64Bit
 
 

Hi!

What configuration do you think could be interesting?

I am sure that the configuration of the AppLocker rules is correct.

As I said the workstation does not belong to the domain and has been set up by means of an image. Maybe there are some other security or general settings wrong which are required by AppLocker to function correctly...
My System SpecsSystem Spec
Reply

 Prevent executables from running on mapped network drives




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
.bat for migrating mapped network drives?
Can someone please provide a .bat file that will copy network shares on old computer and another .bat file to map those drives on new computer? Thank you Erik
Network & Sharing
mapped network drives without drive letters
I have the problem of a long list of redundant mapped network drives without drive letters, for example, documents, documents~1, documents~2, etc. all with same location...right clicking on the mapped does not present any "disconnect" option. Oh, they do not appear as mapped network drives under...
Network & Sharing
Manually mapped network drives
Hi All Hope you can help. I want to know if there is anyway to find out if a network shared drive (showing within 'My Computer') is manually connected/mapped. (btw we are using a AD - GPO & Desktop Authority) I don't want to disconnect all the drives and then log the user off as i want...
Network & Sharing
1 of 3 Mapped Network Drives not showing up
Windows Server 2008 R2 Windows 7 32 Bit I have a Windows 7 Enterprise box that when started will only create 2 of 3 mapped network drives. This does not happen every time either, just about 2-3 days of the 5 day work week. 2 of the drives are mapped via a script, while the 1 drive that is the...
Network & Sharing
Prevent users from running executables from usb sticks
Guys, how do I prevent users from running executabels from usb sticks? I do want them to save and read files from the usb sticks, but not any executable files such as bat, exe, vbs etc.
Customization
Mapped network drives are lost
I have a problem with mapped network drives disconnecting. I run Win7 Pro connecting to Win Server 2003. Reboot and the drives are there. After a while a red cross appears against them in Explorer. I can usually see the contents, but running a program that requires those resources fails. The only...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:22.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App