Jump to content
Sign in to follow this  
mesale0077

Limit on Windows programs

Recommended Posts

hi

Restrict programs that are available on Windows

Limit on Windows programs

xp ,vista,windows 7

will not run ,

exam files:

exam.exe,exam.bat and such

like applocker

the program will not work even change the name of the program ,ı want make

MD5 Hash ,i'm thinking

but dont work

http://support.microsoft.com/kb/323525

or

http://support.microsoft.com/kb/310791/en

code:

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
$message ="EXE or BAT file select"
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("[#] [#] applocker[#] [#]", 293, 123, 472, 317)
$Label1 = GUICtrlCreateLabel("PROGRAM", 8, 32, 59, 17)
$Input1 = GUICtrlCreateInput("pro", 72, 32, 121, 21)
$Button1 = GUICtrlCreateButton("Select file", 200, 32, 75, 25, $WS_GROUP)
$Button2 = GUICtrlCreateButton("Enable", 24, 80, 107, 25, $WS_GROUP)
$Button3 = GUICtrlCreateButton("Disable", 184, 80, 97, 25, $WS_GROUP)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
      Case $Button1
         ffile()

Case $Button2


$AD=GUICtrlRead($Input1)

    $text = $AD
$array = StringSplit($text, '\', 1)
Enable($array[$array[0]])
msgbox(0,"info","done!")
Case $Button3
GUICtrlSetData($Input1,$varyyyy)

$AD=GUICtrlRead($Input1)
Disable($array[$array[0]])
msgbox(0,"info","done!")
    EndSwitch
WEnd
FUNC Enable($pro)


RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "2", "REG_SZ",""& $pro&"")

;RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ","NOTEPAD.EXE")
ProcessClose("explorer.exe")
run("explorer.exe")
endfunc


func Disable($pro)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", 0x00000091)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsMenu", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsHistory", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "ClearRecentDocsOnExit", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSaveSettings", "REG_DWORD", 0x00000000)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LinkResolveIgnoreLinkInfo", "REG_DWORD", 0x00000000)
ProcessClose("explorer.exe")
run("explorer.exe")
endfunc


func ffile()
   $varyyyy = FileOpenDialog($message, @WindowsDir & "\", "EXE or BAT file (*.exe;*.bat)", 1 + 4 )

If @error Then
    MsgBox(4096,"","No File(s) chosen")
Else
GUICtrlSetData($Input1,$varyyyy)
   



endif
endfunc

thank you help me

Edited by mesale0077

Share this post


Link to post
Share on other sites

The regkey in WinXP and above --> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers

It needs a few things - mainly ...

It doesn't make a backup of the original key. You can't go back to defaults, unless you modfy the script.

I wrote one similar to that. It's for XP only though. I think "his" will work on XP to Win7.

By the way .. I believe Windows SRP is "the best line of defense" for a PC.

I have it on my commercial clients' PC's and mine at home.

They use to get viruses every other week. Now, I don't hear from them unless they have a real computer issue.


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

hi

no virus

look web link:

http://www.sordum.com/?cat=33

appadmin pro

like it, ı think make pro but dont work why ?

this code

where is the mistake

nice cool pro

this pro is autoit code

Share this post


Link to post
Share on other sites

You want a per program basis. Check this out then:

How to make a disallowed-by-default Software Restriction Policy

http://www.mechbgon.com/srp/


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

I figured out what it is with your script. I didn't know you could do this, sorry. It's really simple.

You must first create a dword reg entry here:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

In the right pane .. right-click and choose "New -> Dword Value -> DisallowRun" and set value to 1.

This is the "on and off" switch.

Then "create a subkey" under:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Right-click on the "Explorer subkey" and choose "New -> Key -> DisallowRun"

In the right pane of the DisallowRun subkey .. right-click and choose "New -> String Value"

Name this first one to a numerical 1 - then the program for the value.

For each additional program, you will need to increase the numerical value. Example:

1 REG_SZ iexplore.exe

2 REG_SZ notepad.exe

3 REG_SZ msn.exe

-- Edit --

mesale0077,

I've done some test with this particular method of software restriction.

It only limits the current user from manually executing a program.

It won't stop another program from executing it.

Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

hi

code changed but dont work

how is work

reg code dont work

how is Disable

RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ",""& $pro&"")

;RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ","NOTEPAD.EXE")

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
$message ="EXE or BAT file select"
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("[#] [#] applocker[#] [#]", 293, 123, 472, 317)
$Label1 = GUICtrlCreateLabel("PROGRAM", 8, 32, 59, 17)
$Input1 = GUICtrlCreateInput("pro", 72, 32, 121, 21)
$Button1 = GUICtrlCreateButton("Select file", 200, 32, 75, 25, $WS_GROUP)
$Button2 = GUICtrlCreateButton("Enable", 24, 80, 107, 25, $WS_GROUP)
$Button3 = GUICtrlCreateButton("Disable", 184, 80, 97, 25, $WS_GROUP)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
      Case $Button1
         ffile()

Case $Button2


$AD=GUICtrlRead($Input1)

    $text = $AD
$array = StringSplit($text, '\', 1)
Enable($array[$array[0]])
sleep(500)
msgbox(0,"info","done!")
Case $Button3
GUICtrlSetData($Input1,$varyyyy)

$AD=GUICtrlRead($Input1)
sleep(500)
Disable($array[$array[0]])
msgbox(0,"info","done!")
    EndSwitch
WEnd
FUNC Enable($pro)


RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ",""& $pro&"")

;RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ","NOTEPAD.EXE")



endfunc


func Disable($pro)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", 0x00000091)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsMenu", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsHistory", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "ClearRecentDocsOnExit", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSaveSettings", "REG_DWORD", 0x00000000)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LinkResolveIgnoreLinkInfo", "REG_DWORD", 0x00000000)

endfunc


func ffile()
   $varyyyy = FileOpenDialog($message, @WindowsDir & "\", "EXE or BAT file (*.exe;*.bat)", 1 + 4 )

If @error Then
    MsgBox(4096,"","No File(s) chosen")
Else
GUICtrlSetData($Input1,$varyyyy)
   
endif
endfunc

now thank you

Edited by mesale0077

Share this post


Link to post
Share on other sites

Global $DisallowRunKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
Global $DisallowRunProgramsKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun"

RegWrite($DisallowRunKey, "DisallowRun", "REG_DWORD", 1); (1 = on, 0 = off)
RegWrite($DisallowRunProgramsKey, "1", "REG_SZ", $pro)


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

hi

yes worked,

but we change the name of the exe again , exe running

how can block with the MD5 hash information

Edited by mesale0077

Share this post


Link to post
Share on other sites

mesale0077,

I haven't seen any information related to a MD5 hash for this method.

Some quick code. You'll need all or part of this:

#include <array.au3>

Global $DisallowRunKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
Global $DisallowRunProgramsKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun"

DisallowRun_Init(1); Turn it on

Local $number = GetAvailableSlot()
MsgBox(0, '', $number)

DisallowRun_Add("Notepad.exe", $number)

Local $t_array = GetDisallowList()
_ArrayDisplay($t_array)

Exit

Func DisallowRun_Init($value)
    RegWrite($DisallowRunKey, "DisallowRun", "REG_DWORD", $value); (1 = on, 0 = off)
EndFunc

Func DisallowRun_Add($pro, $slot)
    RegWrite($DisallowRunProgramsKey, $slot, "REG_SZ", $pro)
EndFunc

Func DisallowRun_Delete($slot)
    RegDelete($DisallowRunProgramsKey, $slot)
EndFunc

Func GetAvailableSlot()
    Local $rtn
    For $i = 1 To 1000
        $rtn = RegEnumVal($DisallowRunProgramsKey, $i)
        If @error <> 0 Then Return $i; get next slot
        If Not ($rtn = $i) Then Return $i; get in between slot, if any
    Next
EndFunc

; $array[0][0] = number of elements or entries
; $array[0][1] = program slot number
; $array[1][1] = program
Func GetDisallowList()
    Local $rtn, $array[1][2]
    For $i = 1 To 1000
        $rtn = RegEnumVal($DisallowRunProgramsKey, $i)
        If @error <> 0 Then ExitLoop
        ReDim $array[$i + 1][2]
        $array[0][0] = $i
        $array[$i][0] = $rtn
        $array[$i][1] = RegRead($DisallowRunProgramsKey, $rtn)
    Next
    Return $array
EndFunc
Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...