Home > IT Answers > Microsoft Windows > Removing Pinball, Hearts, Minesweep etc from ...
Help

Question

  Asked: Feb 20 2008   4:02 PM GMT
  Asked by: T-Bird 332

Removing Pinball, Hearts, Minesweep etc from multiple workstations


Desktop management, Workstations, Group Policy, Active Directory

I have 200 plus Dell pc's hooked up to a network that I need to remove the microsoft games freecell, Minesweep etc.
How can I do this without going to each machine and removing the games?
Can I create a startup batch file to do this? Thanks.

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
Last Answered: Mar 5 2008  9:42 PM GMT  by Jlees


Latest Contributors: Noah Murphy


You could use a file system policy to deny execute rights to everyone on the
> default games.
To do this you will need access to the GPO editor, your Domain Controler, and some time and testing
Here is a short starting point.
-------
How do I use Group Policy to set File System permissions?

1. Open the policy you wish to use in the Group Policy Editor.
2. Navigate to Computer Configuration / Windows Settings / Security Settings / File System.

3. Right-click File System and press Add File.

4. Browse to the file or folder whose permissions you wish to configure, select it, and press OK.

5. In the Database Security for <File or Folder> dialog, set the permissions and press OK.

6. In the Add Object dialog, make your selection and press OK.

How do I use Group Policy to set Registry permissions?
1. Open the policy you wish to use in the Group Policy Editor.
2. Navigate to Computer Configuration / Windows Settings / Security Settings / Registry.

3. Right-click Registry and press Add Key.

4. Browse to the registry key whose permissions you wish to configure, select it, and press OK.

5. In the Database Security for <KeyName> dialog, set the permissions and press Apply and OK.

6. In the Add Object dialog, make your selection and press OK.

This won't prevent the user from making a copy of the file though and running the copy from a new location. So, you could create a group policy that has software restrictions that denied execution of the executable by either path, name, or hash.

Obviously, denying by the hash value of the executable would be the most fool proof way to do this, but it would also require the most work since if the hash changed with a new version you would need to update the hash in the group policy.

Doing it by executable name will prevent them from copying it to a new location and running it, but they could just rename it and run it.

Entering the full path and filename is the method that seems to be the easiest and quickest.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Microsoft Windows.

Looking for relevant Microsoft Windows Whitepapers? Visit the SearchEnterpriseDesktop.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

T-Bird 332  |   Feb 20 2008  5:00PM GMT

The machines were originally imaged with the game package uninstalled on them. We think the associates are using ” Start/Run” to execute the games because they are on the machines. I am hoping to find a way to remove the games using a batch file or script. The policy settings work but there is a couple work arounds. This will help for sure. Thanks again..