Jump to content

do you block itune installations in your organization?

ceez

By ceez
in Windows 2000/2003/NT4

 Share

Recommended Posts

ceez

ceez

Posted
Posted

hello fellow msfn-ers!

as most IT people, i hate itunes, specially when the users install it on their workstations as if they were working on their home pc's...

I am looking for a 'silver bullet' on blocking the installation of itunes. I know i am asking for a lot, but i can give it a try.

I know that I can create a hash rule for the itunes .exe installer, but with new and different versions of itunes so does a new hash. I could also use path rules, but some 'smart' users can figure out that by changing the install path they can install the darnned thing.

so I was wondering if you have another alternative, maybe downloaded an adm or you probably created your own adm file that you can share with me (and anyone else trying to kill itunes from their corporate workstations)!

thank you for your time,

ceez

:thumbup

Link to comment
Share on other sites

cluberti

cluberti

Posted
Posted

Short of removing users from doing anything other than "read only" in \Program Files (and any other folders they shouldn't be writing to), I'm not sure you have many options short of using Group Policy. Of course, marking the whole drive read only usually breaks applications... :)

I'd always dealt with it by having a corporate policy for users - if you install something, it's OK, but it's not supported. If your machine breaks for any reason, it'll be replaced or reimaged and we'll make no attempts at all to save any data from said program. Profiles were roaming, and the documents folder was redirected to a home server minus the music and videos folders - worked great. We had a few users who lost all of their music too, and that pretty much killed it after some months, and we heard nothing more of it. It's low-tech, but it worked overall, and we didn't have to be the IT scrooges either (nice come bonus time :)).

Link to comment
Share on other sites
fdv

fdv

Posted
Posted (edited)

Adopt a written policy with the CEO's sign-off that it's inappropriate misuse of the company's computers. Issue warning when it's installed. Tell supervisors that iPods can act as USB drives, and that can be a security risk (maybe not where you are though). Tell people that bringing MP3's to work is no problem, listening at work is no problem, but iTunes is going over the line -- managing your music collection at work? Grabbing bandwidth and downloading music from the iTunes store? No f-ing way!

Another practical solution. Obviously you are in an org where people get admin rights to their machines for whatever reason. Which can boost morale, and can create IT headaches. I don't let my users have admin rights (though I do liberally allow all sorts of apps if they ask) but perhaps try this. Try replacing a critical DLL with an earlier version. Or resedit one and just muck it up... a little bit. Make the software crash. A Lot. If your boss is going to insist that all users have root on their boxes and you have to be the grown up in Romper Room policing after n00bs who load their machines with malware (or worse, don't, because they are advanced home users and do more "sophisticated" stuff like run VPNs that they don't tell you about or pull port forwarding tricks to keep you from seeing their pr0n downloads when they hit Usenet) then you have no choice. This is a game where the odds are against you.

Wanna win?

All you have is subterfuge, and I'd recommend making an INF and running it on startup that removes iTunes registry data by deleting iTunes keys so even reinstalls don't work for them. Put a shortcut in startup...

%SystemRoot%\system32\rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 %SYSTEMROOT%\system32\youritunesregistrykiller.inf

...and call it something innocent and have it do nothing at all for a few weeks so they aren't suspicious. Here are some keys for you to kill to get you started. Note that no names of DLLs appear, nor do any searchable strings, so clever users can't easily pick out what this file is :whistle:


[Version]
signature="$Windows NT$"
ClassGUID={00000000-0000-0000-0000-000000000000}
SetupClass=Base
LayoutFile=layout.inf

[DefaultInstall]
AddReg = keys.add
DelReg = keys.del

[keys.add]


[keys.del]
HKCR,"AppID\{3AA2E692-0A50-496B-A91B-9F7AF63B3511}"
HKCR,"AppID\{5011B6DE-E9FA-4518-B5E5-45DE9DD2CDC6}"
HKCR,"CLSID\{063D34A4-BF84-4B8D-B699-E8CA06504DDE}"
HKCR,"CLSID\{08A6AF6A-8FF2-4a3b-BECF-C2FAC8630BBF}"
HKCR,"CLSID\{0A25C695-3765-4B37-9455-4B1C113C2C04}"
HKCR,"CLSID\{20ADDA11-8287-44D0-8C63-27CDA87ACC46}"
HKCR,"CLSID\{368F81BC-9439-41A8-B532-39C8D7E7D147}"
HKCR,"CLSID\{5bdb98cc-b3f5-4d33-9a91-cbc986bea087}"
HKCR,"CLSID\{62A560B8-09DB-4cc6-AE1B-9D8F7ADDB8F3}"
HKCR,"CLSID\{6C2589C3-96F8-4863-A511-9C33EB2C7E2A}"
HKCR,"CLSID\{7312c0a0-a397-4a19-b432-9ac90c4466af}"
HKCR,"CLSID\{80EE9910-D470-4AED-AC5D-987046FDB574}"
HKCR,"CLSID\{8bb882d5-de37-4630-84e9-cc4bd7c44cb1}"
HKCR,"CLSID\{aa9c1a1e-b91a-424e-9e27-3f1967b707f1}"
HKCR,"CLSID\{aef7e664-dc9b-48b2-8b35-5422d3f08c77}"
HKCR,"CLSID\{B33927D0-89E6-45D8-87C7-27F3DE3EFDE6}"
HKCR,"CLSID\{B8DF592B-DE05-49f5-BB21-084F548F12A9}"
HKCR,"CLSID\{d4704c9e-adbf-411a-9ef2-87feb99ccf69}"
HKCR,"CLSID\{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}"
HKCR,"CLSID\{e73e119c-be36-4693-8a47-88c16829008c}"
HKCR,"CLSID\{F7A782D3-2DDD-4327-BB70-0D1D0F1E38B0}"

As an IT guy I don't advocate killing morale but iTunes seems over the top to me. An iPod is one thing. But buying music and managing your collection is another.

Edited by fdv
Link to comment
Share on other sites
ceez

ceez

Posted
  • Author
Posted

thanks for the input guys....

i personally dont have an ipod (other mp3 player) but i assume that you dont need the itune s/w to even charge your ipod. All i know is that they can view their library and even share it with others.

Yes our users need to have admin rights since it's an architectural firm and autocad requires that the users have full admin rights to their machines. It doesnt matter how many policies are written in stone some users will just install it, and for the most part, their superiors also have ipods and install it on their workstations or laptops. So killing it or 'crashing' it will eventually trigger issues with the 'higher' users. Unless we get their support then we will continue to see itunes installed on workstations....that's another story.

I'll look over that inf idea and shoot it around with the IT director to see how we can apply this

thanks guys,

ceez

ps- btw, cad technicians apparently are useless without music while they work! good excuse!

ps2- apple should come up with and be held responsible for creating adm's or software for corporations that do not want their itunes software running on enterprise systems! :realmad: darn you ipod!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...