Novell is now a part of Micro Focus

More about Banning Apps and Rogue Processes

Novell Cool Solutions: Tip
By Carl Beehler

Digg This - Slashdot This

Posted: 2 Dec 2005

In the article about Apps You Might Want to Ban, a number of people made the comment that it's better to only allow specified apps than to specify denied apps. I wholeheartedly agree in that one cannot enumerate all the possible names of executables that can be launched. However, it's hard to figure out which apps are being blocked incorrectly in a timely manner. A way around this is to set up reporting and do a "test run" of all available applications with reporting running. This will give you a list of everything that you will need to allow.

An added benefit is that you can leave reporting running to see what your users are clicking on! To set this up:

  1. Create a directory in a location that users and workstations have rights to. I've used the PUBLIC directory.
  2. Next, CREATE the text file that you want to use for logging. If it's not there to begin with, logging might not work. In this case, the filename is "rogue.txt"
  3. Finally, log in as a test account with the appropriate force run application object distributing the registry settings. It's best to make this "distribute always" across the board so that any necessary changes are sent out ASAP.
  4. Run any and all applications. Don't worry about which ones are blocked as this will be recorded in the log!
  5. Check out the log file. The info in it will allow you to add exceptions for programs that need to run with user rights. It will also catch secondary apps that are run from apps opened from the Launcher.
  6. Keep in mind that you can't test everything, so check the logfile from time to time to see if legitimate software is being blocked by mistake. If your app object is set up correctly, any changes that you make will be put into effect at the next NAL refresh. Your users will thank you.

Here's the settings that I use to monitor blocked apps:

[HKEY_CURRENT_USER\Software\NetWare\NAL\1.0\Process Management]
"Default Action"=dword:00000001
"Report Ignored"=dword:00000000
"Report Terminated"=dword:00000001

[HKEY_CURRENT_USER\Software\NetWare\NAL\1.0\Process Management\Reporting Targets]

If you REALLY want to be slick, you can create an MS Access database or Crystal report that will allow you to view the data in a more flexible format. Opening the text file while in use doesn't seem to create any problems.

If you have any questions you may contact Carl at

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates