Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 160
  • Last Modified:

Puzzles about how to use Software Restrication Policies

Hi there!

I have posted a question "How to prevent users from installing programs" few days ago. And thanks Sstoyanovich and Luv2smile who gave me useful help on the matter. Since then I followd Sstoyanovich's suggestion to implement the Software Restriction Polices. The following is the policies I set for a test:

- Default Security Level: Disallowed
- Additional Rule: (path rule)
     C:\Program Files          unrestricted
     C:\WINDOWS              unrestricted
     C:\myApplication          unrestrcted

The problem is when I sign in as a Power User, I cannot access the applications located in Windows root (WINDOWS here) and Program Files, but myApplication is accessable. I have tried different way to define the path rule for WINDOWS and Program Files, such as using wildcard (*) and variables (%PROGRAMFILES%) etc. But none of them works.

What makes things even wrose was that when I played around with the policy settings, I don't what I have done that the network connection is totally disappeared!  

Any idea what's going on here? And I really appreciate if somebody can give a hand here!

Many Thanks!

Clement
0
clementy
Asked:
clementy
  • 3
  • 3
1 Solution
 
nihlcatCommented:
Which group policy are you editing?  If it was a group policy in an OU you created, you can always Remove and then Unlink the policy from the OU and start over.  For safety I use a test OU and linked group policy.  I'll leave Sstoyanovich and Luv2smile to keep working with you.
0
 
clementyAuthor Commented:
Thanks for the comment, nihlcat. I am woking on individual local machine, so there is no OU involved.

clement
0
 
clementyAuthor Commented:
Ok, I think I fingure the problem out and would like to share my sulotion here. Then major reason is that some applicaions have also had shortcuts in different locations; so event thought I unrestricted %windir% and %programfiles%, where the executable file loacted, when I click on the shortcut on the desktop I got restricted message. The confusing thing is in that error message it only mentions the main location.

So, the bottom line is I have to monitor how many other files the application is involed. I found it''s earier just run this DOS command line: "Dir appplicaiotnname*.*  /s" as higher as possible in the directory tree. It will list all the files involved.

Hope this info. will help others if they have encountered similar problem.

Clement
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
nihlcatCommented:
Clement, please request a refund of your points, as you came up with your own answer and posted it.  I don't want points I didn't earn, and I also don't want your C grade that I didn't earn.  Sheesh I only made 1 little comment!
0
 
clementyAuthor Commented:
Hi Nihlcat,

thanks for the informaiton! And sorry for the C grade...I am kind of new for the system so wasn't quite sure how the system works. I have surfered a bit but couldn't figure out how to do the Ponts-refound business. Could you let me know how to make a refound claim? Thanks!

Clement
0
 
nihlcatCommented:
No problem.  Just post in the community support area

http://www.experts-exchange.com/Community_Support/

requesting the question to be closed and your points refunded.  Be sure to include the hyperlink to this question.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now