mesale0077 Posted December 26, 2010 Share Posted December 26, 2010 (edited) hi Restrict programs that are available on Windows Limit on Windows programs xp ,vista,windows 7 will not run , exam files: exam.exe,exam.bat and such like applocker the program will not work even change the name of the program ,ı want make MD5 Hash ,i'm thinking but dont work http://support.microsoft.com/kb/323525 or http://support.microsoft.com/kb/310791/en code: expandcollapse popup#include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> $message ="EXE or BAT file select" #Region ### START Koda GUI section ### Form= $Form1 = GUICreate("[#] [#] applocker[#] [#]", 293, 123, 472, 317) $Label1 = GUICtrlCreateLabel("PROGRAM", 8, 32, 59, 17) $Input1 = GUICtrlCreateInput("pro", 72, 32, 121, 21) $Button1 = GUICtrlCreateButton("Select file", 200, 32, 75, 25, $WS_GROUP) $Button2 = GUICtrlCreateButton("Enable", 24, 80, 107, 25, $WS_GROUP) $Button3 = GUICtrlCreateButton("Disable", 184, 80, 97, 25, $WS_GROUP) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button1 ffile() Case $Button2 $AD=GUICtrlRead($Input1) $text = $AD $array = StringSplit($text, '\', 1) Enable($array[$array[0]]) msgbox(0,"info","done!") Case $Button3 GUICtrlSetData($Input1,$varyyyy) $AD=GUICtrlRead($Input1) Disable($array[$array[0]]) msgbox(0,"info","done!") EndSwitch WEnd FUNC Enable($pro) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "2", "REG_SZ",""& $pro&"") ;RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ","NOTEPAD.EXE") ProcessClose("explorer.exe") run("explorer.exe") endfunc func Disable($pro) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", 0x00000091) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsMenu", "REG_DWORD", 0x00000001) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsHistory", "REG_DWORD", 0x00000001) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "ClearRecentDocsOnExit", "REG_DWORD", 0x00000001) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms", "REG_DWORD", 0x00000001) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSaveSettings", "REG_DWORD", 0x00000000) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LinkResolveIgnoreLinkInfo", "REG_DWORD", 0x00000000) ProcessClose("explorer.exe") run("explorer.exe") endfunc func ffile() $varyyyy = FileOpenDialog($message, @WindowsDir & "\", "EXE or BAT file (*.exe;*.bat)", 1 + 4 ) If @error Then MsgBox(4096,"","No File(s) chosen") Else GUICtrlSetData($Input1,$varyyyy) endif endfunc thank you help me Edited December 27, 2010 by mesale0077 Link to comment Share on other sites More sharing options...
ripdad Posted December 26, 2010 Share Posted December 26, 2010 The regkey in WinXP and above --> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiersIt needs a few things - mainly ...It doesn't make a backup of the original key. You can't go back to defaults, unless you modfy the script.I wrote one similar to that. It's for XP only though. I think "his" will work on XP to Win7.By the way .. I believe Windows SRP is "the best line of defense" for a PC.I have it on my commercial clients' PC's and mine at home.They use to get viruses every other week. Now, I don't hear from them unless they have a real computer issue. "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward Link to comment Share on other sites More sharing options...
mesale0077 Posted December 26, 2010 Author Share Posted December 26, 2010 hi no virus look web link: http://www.sordum.com/?cat=33 appadmin pro like it, ı think make pro but dont work why ? this code where is the mistake nice cool pro this pro is autoit code Link to comment Share on other sites More sharing options...
ripdad Posted December 26, 2010 Share Posted December 26, 2010 You want a per program basis. Check this out then: How to make a disallowed-by-default Software Restriction Policy http://www.mechbgon.com/srp/ "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward Link to comment Share on other sites More sharing options...
ripdad Posted December 26, 2010 Share Posted December 26, 2010 (edited) I figured out what it is with your script. I didn't know you could do this, sorry. It's really simple.You must first create a dword reg entry here:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerIn the right pane .. right-click and choose "New -> Dword Value -> DisallowRun" and set value to 1.This is the "on and off" switch.Then "create a subkey" under:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerRight-click on the "Explorer subkey" and choose "New -> Key -> DisallowRun"In the right pane of the DisallowRun subkey .. right-click and choose "New -> String Value"Name this first one to a numerical 1 - then the program for the value.For each additional program, you will need to increase the numerical value. Example:1 REG_SZ iexplore.exe2 REG_SZ notepad.exe3 REG_SZ msn.exe-- Edit --mesale0077,I've done some test with this particular method of software restriction.It only limits the current user from manually executing a program.It won't stop another program from executing it. Edited December 27, 2010 by ripdad "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward Link to comment Share on other sites More sharing options...
mesale0077 Posted December 27, 2010 Author Share Posted December 27, 2010 (edited) hi code changed but dont work how is work reg code dont work how is Disable RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ",""& $pro&"") ;RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ","NOTEPAD.EXE") expandcollapse popup#include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> $message ="EXE or BAT file select" #Region ### START Koda GUI section ### Form= $Form1 = GUICreate("[#] [#] applocker[#] [#]", 293, 123, 472, 317) $Label1 = GUICtrlCreateLabel("PROGRAM", 8, 32, 59, 17) $Input1 = GUICtrlCreateInput("pro", 72, 32, 121, 21) $Button1 = GUICtrlCreateButton("Select file", 200, 32, 75, 25, $WS_GROUP) $Button2 = GUICtrlCreateButton("Enable", 24, 80, 107, 25, $WS_GROUP) $Button3 = GUICtrlCreateButton("Disable", 184, 80, 97, 25, $WS_GROUP) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button1 ffile() Case $Button2 $AD=GUICtrlRead($Input1) $text = $AD $array = StringSplit($text, '\', 1) Enable($array[$array[0]]) sleep(500) msgbox(0,"info","done!") Case $Button3 GUICtrlSetData($Input1,$varyyyy) $AD=GUICtrlRead($Input1) sleep(500) Disable($array[$array[0]]) msgbox(0,"info","done!") EndSwitch WEnd FUNC Enable($pro) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ",""& $pro&"") ;RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun", "1", "REG_SZ","NOTEPAD.EXE") endfunc func Disable($pro) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", 0x00000091) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsMenu", "REG_DWORD", 0x00000001) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRecentDocsHistory", "REG_DWORD", 0x00000001) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "ClearRecentDocsOnExit", "REG_DWORD", 0x00000001) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms", "REG_DWORD", 0x00000001) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSaveSettings", "REG_DWORD", 0x00000000) RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LinkResolveIgnoreLinkInfo", "REG_DWORD", 0x00000000) endfunc func ffile() $varyyyy = FileOpenDialog($message, @WindowsDir & "\", "EXE or BAT file (*.exe;*.bat)", 1 + 4 ) If @error Then MsgBox(4096,"","No File(s) chosen") Else GUICtrlSetData($Input1,$varyyyy) endif endfunc now thank you Edited December 27, 2010 by mesale0077 Link to comment Share on other sites More sharing options...
ripdad Posted December 27, 2010 Share Posted December 27, 2010 Global $DisallowRunKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" Global $DisallowRunProgramsKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" RegWrite($DisallowRunKey, "DisallowRun", "REG_DWORD", 1); (1 = on, 0 = off) RegWrite($DisallowRunProgramsKey, "1", "REG_SZ", $pro) "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward Link to comment Share on other sites More sharing options...
mesale0077 Posted December 27, 2010 Author Share Posted December 27, 2010 (edited) hi yes worked, but we change the name of the exe again , exe running how can block with the MD5 hash information Edited December 27, 2010 by mesale0077 Link to comment Share on other sites More sharing options...
ripdad Posted December 27, 2010 Share Posted December 27, 2010 (edited) mesale0077, I haven't seen any information related to a MD5 hash for this method. Some quick code. You'll need all or part of this: expandcollapse popup#include <array.au3> Global $DisallowRunKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" Global $DisallowRunProgramsKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" DisallowRun_Init(1); Turn it on Local $number = GetAvailableSlot() MsgBox(0, '', $number) DisallowRun_Add("Notepad.exe", $number) Local $t_array = GetDisallowList() _ArrayDisplay($t_array) Exit Func DisallowRun_Init($value) RegWrite($DisallowRunKey, "DisallowRun", "REG_DWORD", $value); (1 = on, 0 = off) EndFunc Func DisallowRun_Add($pro, $slot) RegWrite($DisallowRunProgramsKey, $slot, "REG_SZ", $pro) EndFunc Func DisallowRun_Delete($slot) RegDelete($DisallowRunProgramsKey, $slot) EndFunc Func GetAvailableSlot() Local $rtn For $i = 1 To 1000 $rtn = RegEnumVal($DisallowRunProgramsKey, $i) If @error <> 0 Then Return $i; get next slot If Not ($rtn = $i) Then Return $i; get in between slot, if any Next EndFunc ; $array[0][0] = number of elements or entries ; $array[0][1] = program slot number ; $array[1][1] = program Func GetDisallowList() Local $rtn, $array[1][2] For $i = 1 To 1000 $rtn = RegEnumVal($DisallowRunProgramsKey, $i) If @error <> 0 Then ExitLoop ReDim $array[$i + 1][2] $array[0][0] = $i $array[$i][0] = $rtn $array[$i][1] = RegRead($DisallowRunProgramsKey, $rtn) Next Return $array EndFunc Edited December 27, 2010 by ripdad "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward Link to comment Share on other sites More sharing options...
mesale0077 Posted December 27, 2010 Author Share Posted December 27, 2010 thank you worked Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now