PowerShell: machine vs man
Some time ago I inherited a farm of terminal servers. And the management gave me the task to eradicate skype, chrome, firefox and mail.ru agent on all terminal servers. Historically, the company uses thin clients and only privileged users have full-fledged PC, and it allowed these programs and terminals — no, no.
I removed all programs, tightened AD policies that limit the launch of specific applications and decided that probably this is all. But the next day I found that users reuse programs, but portable version, and. exe files were renamed to 123*.exe to Admit I was surprised, awareness and preparedness of users.
The issue with the closure of the Internet or the banning of all programs except allowed not suitable due to the nature of the office. Have any interest in sports and I decided to use powershell:
1. define running processes
2. next, require only those that are interesting for us — here we draw attention to the fact that if a process is renamed 123.exe and the squeak of the processes he will hang as 123, and it is bad, because it is not clear this process is good or bad, therefore, viewed the description field — even though the skype file and renamed to 123 and 123 processes hanging, but here's the description from the old — skype...
the
3. found stop the process:
the
Bottom line is the design view:
You can put this in a. ps1 script and tie to anything, but then you will need to sign it or disable the security requirement is not to run unsigned scripts.
I acted differently — I created a scheduler task, where indicated to run the program:
with
In this case the launch takes place and does not require the signature of the script. Now the task can be run at least every minute and nail not desirable to us programs. And if you add refined filtration to this solution it at all possible to wean users from the use of any defined programs throughout the domain (without the refined search, the renamed files will not work).
Article based on information from habrahabr.ru
I removed all programs, tightened AD policies that limit the launch of specific applications and decided that probably this is all. But the next day I found that users reuse programs, but portable version, and. exe files were renamed to 123*.exe to Admit I was surprised, awareness and preparedness of users.
The issue with the closure of the Internet or the banning of all programs except allowed not suitable due to the nature of the office. Have any interest in sports and I decided to use powershell:
1. define running processes
get-process
2. next, require only those that are interesting for us — here we draw attention to the fact that if a process is renamed 123.exe and the squeak of the processes he will hang as 123, and it is bad, because it is not clear this process is good or bad, therefore, viewed the description field — even though the skype file and renamed to 123 and 123 processes hanging, but here's the description from the old — skype...
the
where-object { $_.Description-match 'skype' }
3. found stop the process:
the
Stop-Process -Force
Bottom line is the design view:
get-process | where-object { $_.Description-match "skype" } | Stop-Process -Force
You can put this in a. ps1 script and tie to anything, but then you will need to sign it or disable the security requirement is not to run unsigned scripts.
I acted differently — I created a scheduler task, where indicated to run the program:
C:\Windows\...\powershell.exe
with
get-process | where-object { $_.Description-match 'skype' } | Stop-Process -Force
In this case the launch takes place and does not require the signature of the script. Now the task can be run at least every minute and nail not desirable to us programs. And if you add refined filtration to this solution it at all possible to wean users from the use of any defined programs throughout the domain (without the refined search, the renamed files will not work).
Комментарии
Отправить комментарий