Network management must learn: shielding specific software operation

Not all people go to Internet cafes, are purely for internet chat, games, a lot of people are proud of messing up internet cafes, and even some in order to steal other people's account and password, run some MAC address spoofing software or some other serious harm to Internet cafes network security software, internet café owners can not see these circumstances and sit idly by Ah, After all, it concerns their own interests. The following author to introduce a system from the "Group Policy Editor" to limit the Internet cafes in the disorderly operation of harmful Internet cafes security software.

Click "Start"-"Run" and enter "Gpedit.msc" to run the Group Policy Editor. We found "User Configuration" items, expand it, and then find the "system" branch below it, we can then see a list of the right side of a lot of specific options, we can find in this "do not run the specified Windows application", double-click it, will pop up a property window, By default, its properties are "Not configured", we have to click on the "Enabled" item, and then the "Show" button will display from the gray unavailable state becomes available, click the "Show" button, you can go to edit the list of Disallowed Applications window, click the "Add" button, Enter the file name of the application you want to prevent from running, and then "OK" to add it.　Because a program that is added to the list of disallowed applications does not run directly, but it can run on a command-line basis, we will add "cmd.exe" to the disallowed list so that the command line will not run. In fact, because a lot of software file names are unpredictable, in order to more convenient management, we actually use the "do not run the specified Windows Application" item above the "Run only licensed Windows Application" item, we will be more convenient, the same way as above, Adding the name of the application that is allowed to run is added to the list, and applications that are not in the list cannot run, and the principle is the same. (Computer science)

The method described in this article does not need to install third-party software, so will not drag down the speed of the system, but because it is through the identification of the file name to achieve the purpose of shielding, if someone changed the file name, shielding effect can not be reached, but do not worry too much, this approach to deal with the general customer has been completely enough, After all, the ashes of the customer is a minority. For the Ashes class customers, we have to use a third party shielding software to achieve our shielding purposes, in the future article, the author will introduce the relevant software.