Sign in to follow this  
Followers 0
mesale0077

Limit on Windows programs

10 posts in this topic

#1 ·  Posted (edited)

hi

Restrict programs that are available on Windows

Limit on Windows programs

xp ,vista,windows 7

will not run ,

exam files:

exam.exe,exam.bat and such

like applocker

the program will not work even change the name of the program ,ı want make

MD5 Hash ,i'm thinking

but dont work

http://support.microsoft.com/kb/323525

or

http://support.microsoft.com/kb/310791/en

code:

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
$message ="EXE or BAT file select"
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("[#] [#] applocker[#] [#]", 293, 123, 472, 317)
$Label1 = GUICtrlCreateLabel("PROGRAM", 8, 32, 59, 17)
$Input1 = GUICtrlCreateInput("pro", 72, 32, 121, 21)
$Button1 = GUICtrlCreateButton("Select file", 200, 32, 75, 25, $WS_GROUP)
$Button2 = GUICtrlCreateButton("Enable", 24, 80, 107, 25, $WS_GROUP)
$Button3 = GUICtrlCreateButton("Disable", 184, 80, 97, 25, $WS_GROUP)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
      Case $Button1
         ffile()

Case $Button2


$AD=GUICtrlRead($Input1)

    $text = $AD
$array = StringSplit($text, '\', 1)
Enable($array[$array[0]])
msgbox(0,"info","done!")
Case $Button3
GUICtrlSetData($Input1,$varyyyy)

$AD=GUICtrlRead($Input1)
Disable($array[$array[0]])
msgbox(0,"info","done!")
    EndSwitch
WEnd
FUNC Enable($pro)


RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "2", "REG_SZ",""& $pro&"")

;RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ","NOTEPAD.EXE")
ProcessClose("explorer.exe")
run("explorer.exe")
endfunc


func Disable($pro)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", 0x00000091)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsMenu", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsHistory", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "ClearRecentDocsOnExit", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSaveSettings", "REG_DWORD", 0x00000000)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LinkResolveIgnoreLinkInfo", "REG_DWORD", 0x00000000)
ProcessClose("explorer.exe")
run("explorer.exe")
endfunc


func ffile()
   $varyyyy = FileOpenDialog($message, @WindowsDir & "\", "EXE or BAT file (*.exe;*.bat)", 1 + 4 )

If @error Then
    MsgBox(4096,"","No File(s) chosen")
Else
GUICtrlSetData($Input1,$varyyyy)
   



endif
endfunc

thank you help me

Edited by mesale0077

Share this post


Link to post
Share on other sites



The regkey in WinXP and above --> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers

It needs a few things - mainly ...

It doesn't make a backup of the original key. You can't go back to defaults, unless you modfy the script.

I wrote one similar to that. It's for XP only though. I think "his" will work on XP to Win7.

By the way .. I believe Windows SRP is "the best line of defense" for a PC.

I have it on my commercial clients' PC's and mine at home.

They use to get viruses every other week. Now, I don't hear from them unless they have a real computer issue.


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

hi

no virus

look web link:

http://www.sordum.com/?cat=33

appadmin pro

like it, ı think make pro but dont work why ?

this code

where is the mistake

nice cool pro

this pro is autoit code

Share this post


Link to post
Share on other sites

You want a per program basis. Check this out then:

How to make a disallowed-by-default Software Restriction Policy

http://www.mechbgon.com/srp/


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

I figured out what it is with your script. I didn't know you could do this, sorry. It's really simple.

You must first create a dword reg entry here:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

In the right pane .. right-click and choose "New -> Dword Value -> DisallowRun" and set value to 1.

This is the "on and off" switch.

Then "create a subkey" under:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Right-click on the "Explorer subkey" and choose "New -> Key -> DisallowRun"

In the right pane of the DisallowRun subkey .. right-click and choose "New -> String Value"

Name this first one to a numerical 1 - then the program for the value.

For each additional program, you will need to increase the numerical value. Example:

1 REG_SZ iexplore.exe

2 REG_SZ notepad.exe

3 REG_SZ msn.exe

-- Edit --

mesale0077,

I've done some test with this particular method of software restriction.

It only limits the current user from manually executing a program.

It won't stop another program from executing it.

Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

hi

code changed but dont work

how is work

reg code dont work

how is Disable

RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ",""& $pro&"")

;RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ","NOTEPAD.EXE")

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
$message ="EXE or BAT file select"
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("[#] [#] applocker[#] [#]", 293, 123, 472, 317)
$Label1 = GUICtrlCreateLabel("PROGRAM", 8, 32, 59, 17)
$Input1 = GUICtrlCreateInput("pro", 72, 32, 121, 21)
$Button1 = GUICtrlCreateButton("Select file", 200, 32, 75, 25, $WS_GROUP)
$Button2 = GUICtrlCreateButton("Enable", 24, 80, 107, 25, $WS_GROUP)
$Button3 = GUICtrlCreateButton("Disable", 184, 80, 97, 25, $WS_GROUP)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
      Case $Button1
         ffile()

Case $Button2


$AD=GUICtrlRead($Input1)

    $text = $AD
$array = StringSplit($text, '\', 1)
Enable($array[$array[0]])
sleep(500)
msgbox(0,"info","done!")
Case $Button3
GUICtrlSetData($Input1,$varyyyy)

$AD=GUICtrlRead($Input1)
sleep(500)
Disable($array[$array[0]])
msgbox(0,"info","done!")
    EndSwitch
WEnd
FUNC Enable($pro)


RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ",""& $pro&"")

;RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ","NOTEPAD.EXE")



endfunc


func Disable($pro)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", 0x00000091)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsMenu", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsHistory", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "ClearRecentDocsOnExit", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms", "REG_DWORD", 0x00000001)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSaveSettings", "REG_DWORD", 0x00000000)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LinkResolveIgnoreLinkInfo", "REG_DWORD", 0x00000000)

endfunc


func ffile()
   $varyyyy = FileOpenDialog($message, @WindowsDir & "\", "EXE or BAT file (*.exe;*.bat)", 1 + 4 )

If @error Then
    MsgBox(4096,"","No File(s) chosen")
Else
GUICtrlSetData($Input1,$varyyyy)
   
endif
endfunc

now thank you

Edited by mesale0077

Share this post


Link to post
Share on other sites

Global $DisallowRunKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
Global $DisallowRunProgramsKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun"

RegWrite($DisallowRunKey, "DisallowRun", "REG_DWORD", 1); (1 = on, 0 = off)
RegWrite($DisallowRunProgramsKey, "1", "REG_SZ", $pro)


"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

hi

yes worked,

but we change the name of the exe again , exe running

how can block with the MD5 hash information

Edited by mesale0077

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

mesale0077,

I haven't seen any information related to a MD5 hash for this method.

Some quick code. You'll need all or part of this:

#include <array.au3>

Global $DisallowRunKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
Global $DisallowRunProgramsKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun"

DisallowRun_Init(1); Turn it on

Local $number = GetAvailableSlot()
MsgBox(0, '', $number)

DisallowRun_Add("Notepad.exe", $number)

Local $t_array = GetDisallowList()
_ArrayDisplay($t_array)

Exit

Func DisallowRun_Init($value)
    RegWrite($DisallowRunKey, "DisallowRun", "REG_DWORD", $value); (1 = on, 0 = off)
EndFunc

Func DisallowRun_Add($pro, $slot)
    RegWrite($DisallowRunProgramsKey, $slot, "REG_SZ", $pro)
EndFunc

Func DisallowRun_Delete($slot)
    RegDelete($DisallowRunProgramsKey, $slot)
EndFunc

Func GetAvailableSlot()
    Local $rtn
    For $i = 1 To 1000
        $rtn = RegEnumVal($DisallowRunProgramsKey, $i)
        If @error <> 0 Then Return $i; get next slot
        If Not ($rtn = $i) Then Return $i; get in between slot, if any
    Next
EndFunc

; $array[0][0] = number of elements or entries
; $array[0][1] = program slot number
; $array[1][1] = program
Func GetDisallowList()
    Local $rtn, $array[1][2]
    For $i = 1 To 1000
        $rtn = RegEnumVal($DisallowRunProgramsKey, $i)
        If @error <> 0 Then ExitLoop
        ReDim $array[$i + 1][2]
        $array[0][0] = $i
        $array[$i][0] = $rtn
        $array[$i][1] = RegRead($DisallowRunProgramsKey, $rtn)
    Next
    Return $array
EndFunc
Edited by ripdad

"The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward

Share this post


Link to post
Share on other sites

thank you worked

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0