Sorry if this is a duplicate post but I did not see my original item on the list.
Patrons would like to be able to download Word and Excel documents via email and then open it with the appropriate Microsoft viewers.
Here are my questions:
a) In order to allow patrons to open an email attachment do they have to have the ability to download? We are using PWB 2.04 so can we leave the download turned off but allow the public to open a document?
b) If we have to allow download how do you restrict people from downloading other executable or self installing files to the a: drive and then running them? They could do this by browsing to a: and executing the file?
c) How do you stop people from downloading or executing bat or exe or com files? We run Windows 2000 and there is no group policy to restrict this.
Downloading Word and Excel Documents Via Email
Moderators: Tyler, Scott, PWB v2 Moderator
Because viewers such as Word or Excel are external applications to Internet Explorer and thus PWB, the file needs to be downloaded before the applicaiton can open the file. Interstingly enough, this is not the case with Adobe Acrobat PDF files.
a) If the attachment is a Word DOC file, you have to allow downloads to open the file.
b) c) Use Group Policies to enable a run list with.
Enable Run List:
1. Start Run GPEDIT.MSC
2. Open the following key.
...User Configuration
......Administrative Templates
.........System
3. Open the "Run only allowed Windows applications".
4. Click the "Enable" radio button.
5. Click the "Show" button.
6. Click the "Add" button.
7. Add all the applications that need to run.
Step 7 takes some patients and testing, but it is very effective. If you use full paths to the applications it is even more effective.
--Scott
a) If the attachment is a Word DOC file, you have to allow downloads to open the file.
b) c) Use Group Policies to enable a run list with.
Enable Run List:
1. Start Run GPEDIT.MSC
2. Open the following key.
...User Configuration
......Administrative Templates
.........System
3. Open the "Run only allowed Windows applications".
4. Click the "Enable" radio button.
5. Click the "Show" button.
6. Click the "Add" button.
7. Add all the applications that need to run.
Step 7 takes some patients and testing, but it is very effective. If you use full paths to the applications it is even more effective.
--Scott
- Philip - Long Beach NY
- Benefactor
- Posts: 82
- Joined: Fri Feb 28, 2003 2:30 pm
Alternately,
If you don't have group policies, you could use TrustNoExe, a small app that disallows any exe to execute (except for progams listed in the Program Files folder such as MS Office, and any other program located elsewhere that you specify), even from external drives. I use it myself without any problems at my library. It even allows you to customize a message that when an executable is blocked, the patron isn't going crazy trying to figure out why their program isn't working.
Try it free.
http://www.beyondlogic.org/solutions/tr ... no-exe.htm
Phil
If you don't have group policies, you could use TrustNoExe, a small app that disallows any exe to execute (except for progams listed in the Program Files folder such as MS Office, and any other program located elsewhere that you specify), even from external drives. I use it myself without any problems at my library. It even allows you to customize a message that when an executable is blocked, the patron isn't going crazy trying to figure out why their program isn't working.
Try it free.
http://www.beyondlogic.org/solutions/tr ... no-exe.htm
Phil
Complexity is the enemy of security
-- Steve Gibson
-- Steve Gibson