Keep in mind that this will disallow them from using some USB flash drives. And in response to the previous post about it being miss-labeled as a root-kit: I would have thought that initially as well, however I did some research when I first discovered the SysInternals 'root kit revealer' program and found that a root-kit on a windows machines goes by a completely different definition than a root kit on a unix/linux machine. In windows it appears to be all about hiding things from the kernel and the os, in *nix its all about privilege escalation, back doors and hiding your tracks. Here is an excellent book on the topic... http://www.amazon.com/gp/product/0321294319/104-7516086-3390329?v=glance&n=2 83155&n=507846&s=books&v=glance /------------------------------------ | Bryan Murphy | Information Technology Coordinator | Plant Research Lab and Plant Biology | http://infotech.prl.msu.edu \------------------------------------ -----------[ 11/10/05 6:16 PM [log in to unmask] ]-------------- > Tom. > > Here are some different options, see which one would fit best for you. > I'm positive these settings are stored in the registry, not sure > where, but you should be able to find them and create a VBScript that > will set them for you automatically. > > Start --> Control Panel --> Administrative Tools --> Local Security > Settings --> Security Settings --> Local Policies --> User Rights > Assignment --> Load and unload device drivers > > Also check out > Start --> Control Panel --> Administrative Tools --> Local Security > Settings --> Security Settings --> Local Policies --> Devices: > Unsigned driver installation behavior > > I believe this is the same option as under Start --> Control Panel --> > System --> Hardware --> Driver Signing > > > -t > > On 11/10/05, Tom Rockwell <[log in to unmask]> wrote: >> Troy, >> >> Is there a local registry setting for stand-alone Windows machines that >> achieves the same thing? >> >> Thanks, >> Tom >> >> Troy Murray wrote: >>>> As for work Windows computers, is there a way to lock out users from >>>> installing (either willfully or inadvertently) new or modified drivers? >>> >>> >>> If your running a Windows 2000 or 2003 domain, there is a policy >>> setting for the domain policy that you can set which will restrict the >>> users from installing any drivers, un-signed drivers or signed >>> drivers. >>> >>> -t >>> >>> >>> On 11/10/05, Tom Rockwell <[log in to unmask]> wrote: >>> >>>> Sony's software is only installed on Windows computers. The security >>>> model of Linux and Mac OS X should prevent this type of software from >>>> automatically being installed. It seems safe to qualify "your computer" >>>> to "your Windows computer". >>>> >>>> As for work Windows computers, is there a way to lock out users from >>>> installing (either willfully or inadvertently) new or modified drivers? >>>> Is there no way for an administrator to prevent this such >>>> auto-installs (something more robust than disabling autorun for CDs)? >>>> >>>> -Tom >>>> >>>> Richard Wiggins wrote: >>>> >>>>> This is a brand new development and it is widely covered in the media. >>>>> Go to news.google.com <http://news.google.com> and search for "sony" and >>>>> you will find lots of coverage. So far, I do not know of a list that is >>>>> comprehensive. I would suspect that any recent Sony music CD might be >>>>> so infected. (Sony owns multiple music labels.) >>>>> >>>>> If I were crafting a message about this for end users, it would be along >>>>> the lines of "Sadly, recent news involving Sony's music division >>>>> demonstrates that a commercial audio CD can install unwanted and >>>>> dangerous software on your computer without warning even if you merely >>>>> insert the CD into the drive to play it." >>>>> >>>>> I would hate to have to advise end users to never play audio CDs on work >>>>> computers, but that's probably the safest advice right now. >>>>> >>>>> /rich >>>>> >>>>> >>>>> On 11/10/05, *Thomas P. Carter* <[log in to unmask] >>>>> <mailto:[log in to unmask]>> wrote: >>>>> >>>>> Does anyone know if there's a list of affected (Infected? >>>>> Infecting?) Sony titles anywhere? >>>>> >>>>> >>>>> >>>>> *Thomas P. Carter,** **Ph.D.* >>>>> Department of Chemistry >>>>> Michigan State University >>>>> East Lansing, MI 48824-1322 >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> Troy D Murray >>> Blog: http://troymurray.blogspot.com/ >> >> >> >> > > > -- > Troy D Murray > Blog: http://troymurray.blogspot.com/