A
ahmd0
Guest
Hi everyone:
I am trying to set up our office computer running Windows 7 Professional with a set of local Group Policy objects to guard against viruses and installation of junk software (like browser toolbars, etc.) I tried setting up Norton to do it for us, but it doesn't really work -- it makes things slow, it costs money and then when time comes to renew the Norton license it becomes another pain in the rear because no one remembers the license number (including Norton itself.) So I decided to try Group Policy objects, which is free.
Let me add that the people that will be using this computer are not trying to install anything bad intentionally, so there will be no malicious attempts to circumvent those GPOs. I just need to prevent against situations like this -- sometimes they call me up and say, "Hey, this computer is too slow." I come on over, look at it and, for say, IE has 10 toolbars/bloatware installed in it. I ask them, "Why did you install it?" And I get this answer, "It [popup] was very insistent and told me that I had to install it."
You need to understand that I'm dealing with middle-aged women that have just a slightest clue of how computers work.
So obviously Norton and other AVPs won't safeguard against installation of bloatware (jeez, most times even viruses) so in my opinion, all those AVPs is just a waste of money. Instead my idea was to use what is already provided by the OS and set up some GPOs to allow only specific processes to run on the system. For instance, iexplore.exe or explorer.exe, etc. I'd do:
gpedit.msc
then go to "User Configuration" -> "Administrative Templates" -> System -> "Run only allowed Windows applications"
My question is, what processes shall I put on that list to allow the basic functioning of the Windows 7 OS?
Continue reading...
I am trying to set up our office computer running Windows 7 Professional with a set of local Group Policy objects to guard against viruses and installation of junk software (like browser toolbars, etc.) I tried setting up Norton to do it for us, but it doesn't really work -- it makes things slow, it costs money and then when time comes to renew the Norton license it becomes another pain in the rear because no one remembers the license number (including Norton itself.) So I decided to try Group Policy objects, which is free.
Let me add that the people that will be using this computer are not trying to install anything bad intentionally, so there will be no malicious attempts to circumvent those GPOs. I just need to prevent against situations like this -- sometimes they call me up and say, "Hey, this computer is too slow." I come on over, look at it and, for say, IE has 10 toolbars/bloatware installed in it. I ask them, "Why did you install it?" And I get this answer, "It [popup] was very insistent and told me that I had to install it."
You need to understand that I'm dealing with middle-aged women that have just a slightest clue of how computers work.So obviously Norton and other AVPs won't safeguard against installation of bloatware (jeez, most times even viruses) so in my opinion, all those AVPs is just a waste of money. Instead my idea was to use what is already provided by the OS and set up some GPOs to allow only specific processes to run on the system. For instance, iexplore.exe or explorer.exe, etc. I'd do:
gpedit.msc
then go to "User Configuration" -> "Administrative Templates" -> System -> "Run only allowed Windows applications"
My question is, what processes shall I put on that list to allow the basic functioning of the Windows 7 OS?
Continue reading...
