Removing Pinball, Hearts, Minesweep etc from multiple workstations

15 pts.
Tags:
Active Directory
Desktop Management
Group Policy
Workstations
I have 200 plus Dell pc's hooked up to a network that I need to remove the microsoft games freecell, Minesweep etc. How can I do this without going to each machine and removing the games? Can I create a startup batch file to do this? Thanks.

Answer Wiki

Thanks. We'll let you know when a new response is added.

You could use a file system policy to deny execute rights to everyone on the
> default games.
To do this you will need access to the GPO editor, your Domain Controler, and some time and testing
Here is a short starting point.
——-
<b>How do I use Group Policy to set File System permissions?</b>

1. Open the policy you wish to use in the Group Policy Editor.
2. Navigate to Computer Configuration / Windows Settings / Security Settings / File System.

3. Right-click File System and press Add File.

4. Browse to the file or folder whose permissions you wish to configure, select it, and press OK.

5. In the Database Security for <File or Folder> dialog, set the permissions and press OK.

6. In the Add Object dialog, make your selection and press OK.

How do I use Group Policy to set Registry permissions?
1. Open the policy you wish to use in the Group Policy Editor.
2. Navigate to Computer Configuration / Windows Settings / Security Settings / Registry.

3. Right-click Registry and press Add Key.

4. Browse to the registry key whose permissions you wish to configure, select it, and press OK.

5. In the Database Security for <KeyName> dialog, set the permissions and press Apply and OK.

6. In the Add Object dialog, make your selection and press OK.

This won’t prevent the user from making a copy of the file though and running the copy from a new location. So, you could create a group policy that has software restrictions that denied execution of the executable by either path, name, or hash.

Obviously, denying by the hash value of the executable would be the most fool proof way to do this, but it would also require the most work since if the hash changed with a new version you would need to update the hash in the group policy.

Doing it by executable name will prevent them from copying it to a new location and running it, but they could just rename it and run it.

Entering the full path and filename is the method that seems to be the easiest and quickest.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • T-Bird 332
    The machines were originally imaged with the game package uninstalled on them. We think the associates are using " Start/Run" to execute the games because they are on the machines. I am hoping to find a way to remove the games using a batch file or script. The policy settings work but there is a couple work arounds. This will help for sure. Thanks again..
    15 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following