Hi, Everybody.
In the current year I've had so many virus infections in my PCs and given the fact that antiviruses cannot detect'em, I no longer rely on antivirus for security. I opted to use SecPol to disallow execution from suspicious paths (say USB drive) with good results so far. But since my PC have an standard installation and all programs ever needed on them are installed before deployment I'd like to know if it is possible to use SecPol to set Windows up to refuse to execute anything not under the %programfiles% and %windir% paths? and is it possible to script those change so they can be replicated easily in other PCs? (those are XP boxes)
thanx in advance,
Raptor
PS: I've alse though of removing write permision for all users to the autorun registry entries (can those be scripted too?)