Solved

Puzzles about how to use Software Restrication Policies

Posted on 2004-10-19
7
155 Views
Last Modified: 2013-12-04
Hi there!

I have posted a question "How to prevent users from installing programs" few days ago. And thanks Sstoyanovich and Luv2smile who gave me useful help on the matter. Since then I followd Sstoyanovich's suggestion to implement the Software Restriction Polices. The following is the policies I set for a test:

- Default Security Level: Disallowed
- Additional Rule: (path rule)
     C:\Program Files          unrestricted
     C:\WINDOWS              unrestricted
     C:\myApplication          unrestrcted

The problem is when I sign in as a Power User, I cannot access the applications located in Windows root (WINDOWS here) and Program Files, but myApplication is accessable. I have tried different way to define the path rule for WINDOWS and Program Files, such as using wildcard (*) and variables (%PROGRAMFILES%) etc. But none of them works.

What makes things even wrose was that when I played around with the policy settings, I don't what I have done that the network connection is totally disappeared!  

Any idea what's going on here? And I really appreciate if somebody can give a hand here!

Many Thanks!

Clement
0
Comment
Question by:clementy
  • 3
  • 3
7 Comments
 
LVL 6

Expert Comment

by:nihlcat
ID: 12353606
Which group policy are you editing?  If it was a group policy in an OU you created, you can always Remove and then Unlink the policy from the OU and start over.  For safety I use a test OU and linked group policy.  I'll leave Sstoyanovich and Luv2smile to keep working with you.
0
 

Author Comment

by:clementy
ID: 12359818
Thanks for the comment, nihlcat. I am woking on individual local machine, so there is no OU involved.

clement
0
 

Accepted Solution

by:
clementy earned 0 total points
ID: 12385911
Ok, I think I fingure the problem out and would like to share my sulotion here. Then major reason is that some applicaions have also had shortcuts in different locations; so event thought I unrestricted %windir% and %programfiles%, where the executable file loacted, when I click on the shortcut on the desktop I got restricted message. The confusing thing is in that error message it only mentions the main location.

So, the bottom line is I have to monitor how many other files the application is involed. I found it''s earier just run this DOS command line: "Dir appplicaiotnname*.*  /s" as higher as possible in the directory tree. It will list all the files involved.

Hope this info. will help others if they have encountered similar problem.

Clement
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 6

Expert Comment

by:nihlcat
ID: 12387880
Clement, please request a refund of your points, as you came up with your own answer and posted it.  I don't want points I didn't earn, and I also don't want your C grade that I didn't earn.  Sheesh I only made 1 little comment!
0
 

Author Comment

by:clementy
ID: 12402229
Hi Nihlcat,

thanks for the informaiton! And sorry for the C grade...I am kind of new for the system so wasn't quite sure how the system works. I have surfered a bit but couldn't figure out how to do the Ponts-refound business. Could you let me know how to make a refound claim? Thanks!

Clement
0
 
LVL 6

Expert Comment

by:nihlcat
ID: 12402290
No problem.  Just post in the community support area

http://www.experts-exchange.com/Community_Support/

requesting the question to be closed and your points refunded.  Be sure to include the hyperlink to this question.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question