tailieunhanh - Methods of Restricting Registry Access phần 2
The New Path Rule window 2. To create a new Internet Zone rule, proceed in a similar way, but select the New Internet Zone Rule command from the right-click menu. | 1. Figure The New Path Rule window 2. To create a new Internet Zone rule proceed in a similar way but select the New Internet Zone Rule command from the right-click menu. Select the Restricted Sites option leave the security level at Disallowed then click OK. 3. To create a Hash rule right-click the Additional Rules container select New Hash Rule command from the context menu and when the New Hash Rule window appears Fig. click the Browse button to locate a copy of the file that you want to prevent from running. The hash appears in the File Hash field and information about the file will appear in the File Information box. Now any attempt to run the specified program will result in a check of the cryptographic hash and based on the results of this check the program will be allowed or disallowed to run depending on the policy type. Leave the security level at Disallowed and click OK. Figure The New Hash Rule window 4. The first time you create a rule of a particular type test it. You can do so by logging off and logging on as an ordinary user then by attempting to run the tool. You should be refused and receive the message shown in Fig. . Next log on as Administrator and attempt to run the tool. You should be able to do so. Test all rules to ensure that they operate as you expect. Any changes to the rules should require a retest. Figure Error message displayed to the user when attempting to run restricted software After creating and testing software restriction policies take some time to investigate them for possible holes. For example when you create path rules if a program file type is not covered by the Designated file types list see Fig. the program will be allowed to run. Path rules are the simplest to understand and create. However they have their drawbacks. For example they will only prevent the user from running restricted tools from within the specified folder and its subfolders. If the user can copy a tool from that folder to another
đang nạp các trang xem trước