1

Can Windows 7 be configured in a way to prevent a user to execute an .exe that is on a network drive, and if so, how could that be done?

René Nyffenegger
  • 135
  • 2
  • 7

1 Answers1

2

If you want to prevent a specific executable, then Local Security policy might be the easiest route. Run secpol.msc from Start | Run. Navigate to Software Restriction Policies and right click on the tree node to create a new one. (This is the local version of group policy, which would have precedence in a domain.)

Within the policy under additional rules right click to create new path rule. Enter the path of the executable and security level of disallowed.

Two caveats:

  • This requires Windows Professional/Enterprise/Ultimate.
  • It is not clear how changing to a different drive mapping would work (using a hash rule would help here, but a rule would be needed for each file rather than having a rule for a folder tree).
jscott
  • 24,484
  • 8
  • 79
  • 100
Richard
  • 5,324
  • 1
  • 23
  • 20
  • +1 For using SRP. If you use the network drive's UNC path in the black list, it will not matter if the user changes the mapped drive letter, they will remain blocked. – jscott Jan 25 '11 at 10:29