| 13 |
| Control access to applications with Appsec.exe |
| IT pros who want to restrict access to applications might want to consider using the GUI-based tool |
| called Application Security (Appsec.exe) from the Windows 2000 Resource Kit. The tool |
| automatically adds certain applications to the list, including XCOPY, CMD, SUBST, NET, and |
| several others. When you add an application, you specify the absolute path to the application's |
| Appsec lets you restrict access to applications, enabling you to control the applications that a given |
| user can run. You can also use Appsec to track application access and let you know when someone |
| runs a restricted application indirectly, such as launching Word by starting a new message in |
| Outlook with Word as the default e-mail editor. This tracking ability can help you identify and |
| close potential loopholes. |
| Appsec's restriction list applies to the local computer and therefore to all local users. It doesn't |
| discriminate on a per-user or per-group basis. In addition, the restriction list is single-purpose; if |
| an application is on the list, it blocks access for all users. In order to unblock an application, you |
| must remove it from the list. |
| Appsec doesn't provide a mechanism for disabling security for a specific application on the list, |
| although you can enable and disable security globally. Administrators aren't affected by Appsec and |
| can access all applications regardless of their presence on the restriction list. |
| Note: Microsoft states in Knowledge Base article Q257980 that the version of Appsec included with |
| the Windows 2000 Resource Kit is missing three files. You can download the complete version of |
| Appsec from Microsoft's ftp site. |
| ftp://ftp.microsoft.com/reskit/win2000/ |
First Previous Next Last |