|
|
|
|
|
|
by anshargal
610 days ago
|
|
|
About 20 years ago, I was setting up a shared PC at my university. I googled for a way in Windows XP (via registry or group policy) to only let specific programs run. I added stuff like explorer.exe, iexplore.exe, winword.exe, acroread.exe, and a few others. Fast forward a few years, and the computer was still running great. The desktop and downloads folders were full of messengers, "flash players" and other malware - but all binaries were throwing cryptic error. Since no one in IT was around or cared, nobody figured out how to edit the allow list. The computer was deemed half-broken. But when neighboring PCs were completely infested, this one could still open, edit, and print office docs flawlessly. It felt like a magic fix for shared Windows PC security. |
|
|
ACRORD32.EXE was actually cmd.exe
WINWORD.EXE was actually Mozilla
...and so on
Edit: one of those exes was regedit and every time I sat down I'd delete all the keys named Policies as a routine excersize. After that, restart explorer with one of the tricks. I don't remember the specific one but it wasn't officially documented iirc.
https://superuser.com/questions/335917/how-can-you-do-a-clea...