Home > IT Answers > Security > Block Net.exe and *.xls Files
Help

Question

  Asked: Feb 20 2008   9:26 AM GMT
  Asked by: Muhammad usman

Block Net.exe and *.xls Files


Security, OU, Windows Server 2003, Active Directory, Organizational Unit

AOA
Dear all, i am using server 2003. I have made different OU in our domain. Now i want to block net.exe and other program like *.xls,*.doc files. The purpose of these files is that i want to block net send command centerally. please tell me complete procedure how i am block these files extension using active directory.
i try using software restriction policy but its n't implement from OU .


Please help me.

Thanks
Muhammad Usman.

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
Last Answered: Feb 20 2008  10:28 PM GMT  by Mrdenny




Blocking NET SEND is easy. Use your GPO to disable the Alerter service. That will stop the machine from being able to send or receive NET SEND messages.

You can't block xls and doc files as these aren't programs. They are files which hold information. XLS files are Excel spread sheets and DOC files are Word documents. You can use a GPO to block Excel and Word from running, however this will probably create a problem as most businesses use Word and Excel often.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security and Microsoft Windows.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Jlees  |   Mar 5 2008  9:49PM GMT

MrDenny is right, you could prevent the net command from sending messages (because they wouldn’t be recieved) by disabling the alerter service.

At first glance it seems like the concept of removing execute permissions from net.exe might be valid— but that would break the net use command as well, which would likely break login scripts, if they were batch scripts.