Programming Forums - View Single Post

Dameon · Jun 12th, 2007, 6:11 AM

You're reinventing the wheel

Except...your wheel is square.

It looks like your current group policy settings are already pointed in the right direction. Using hashes are only one option, however.

Disallow execution by default.
If it's in a trusted directory, allow it (They can't write to "C:\Program Files" or such, of course...you do have proper directory permissions, right?)
If it's signed by a trusted publisher, allow it (different than hashes, less annoying).

Jun 12th, 2007, 6:11 AM	#3
Dameon Troll Join Date: Apr 2005 Location: Texas Posts: 732 Rep Power: 4	You're reinventing the wheel Except...your wheel is square. It looks like your current group policy settings are already pointed in the right direction. Using hashes are only one option, however. Disallow execution by default. If it's in a trusted directory, allow it (They can't write to "C:\Program Files" or such, of course...you do have proper directory permissions, right?) If it's signed by a trusted publisher, allow it (different than hashes, less annoying). __________________ MD5(sig) = bcef75433db02e9ad9bf81d6f7c5c270