Disable CAB Installations

[Guest jenya]

Hi,

I am interested in finding out if there are any methods to disabling CAB installations?

The two methods I have thought about in theory are:

1. Make CAB files an unknown file type via registry so they can not be used for installations

2. Only allow CAB's signed by certain cert to be allowed to install

Of course I don't know if either is possible and would not even know where to start to look so hoping someone here could help me out...

Thanks,

Jenya

[Guest chucky.egg]

Yeah, the easy way is to change the registry association (which is probably something like "cabfile" in HKCR)

Paul actually wrote an app for my company which re-associates CAB files with his app, and then prompts for a PIN when one is run. That means that CABs can still be installed, but it stops the casual meddler from screwing things up

[Guest jenya]

Hi,

Would you be able to provide me a link to this app?

Thanks,

Eugene

Yeah, the easy way is to change the registry association (which is probably something like "cabfile" in HKCR)

Paul actually wrote an app for my company which re-associates CAB files with his app, and then prompts for a PIN when one is run. That means that CABs can still be installed, but it stops the casual meddler from screwing things up

[Guest chucky.egg]

Er, no. Sorry

It's a commercial app that Paul wrote. It's called PINstaller, so if you PM him he'll be able to tell you whether it's for general sale.

[Guest gpcarreon (MVP)]

A simple 'password-protected CAB installation' can also be achieved using MortScript. ;)

[Guest jenya]

A simple 'password-protected CAB installation' can also be achieved using MortScript. ;)

Hi,

I actually came up with a good solution. Basically I imported my own CA Cert in to the SPC store and removed all of the default ones. So only CAB files signed by me can be installed...

[Guest gpcarreon (MVP)]

Indeed, a good solution. ;)