Solved

Puzzles about how to use Software Restrication Policies

Posted on 2004-10-19
7
151 Views
Last Modified: 2013-12-04
Hi there!

I have posted a question "How to prevent users from installing programs" few days ago. And thanks Sstoyanovich and Luv2smile who gave me useful help on the matter. Since then I followd Sstoyanovich's suggestion to implement the Software Restriction Polices. The following is the policies I set for a test:

- Default Security Level: Disallowed
- Additional Rule: (path rule)
     C:\Program Files          unrestricted
     C:\WINDOWS              unrestricted
     C:\myApplication          unrestrcted

The problem is when I sign in as a Power User, I cannot access the applications located in Windows root (WINDOWS here) and Program Files, but myApplication is accessable. I have tried different way to define the path rule for WINDOWS and Program Files, such as using wildcard (*) and variables (%PROGRAMFILES%) etc. But none of them works.

What makes things even wrose was that when I played around with the policy settings, I don't what I have done that the network connection is totally disappeared!  

Any idea what's going on here? And I really appreciate if somebody can give a hand here!

Many Thanks!

Clement
0
Comment
Question by:clementy
  • 3
  • 3
7 Comments
 
LVL 6

Expert Comment

by:nihlcat
ID: 12353606
Which group policy are you editing?  If it was a group policy in an OU you created, you can always Remove and then Unlink the policy from the OU and start over.  For safety I use a test OU and linked group policy.  I'll leave Sstoyanovich and Luv2smile to keep working with you.
0
 

Author Comment

by:clementy
ID: 12359818
Thanks for the comment, nihlcat. I am woking on individual local machine, so there is no OU involved.

clement
0
 

Accepted Solution

by:
clementy earned 0 total points
ID: 12385911
Ok, I think I fingure the problem out and would like to share my sulotion here. Then major reason is that some applicaions have also had shortcuts in different locations; so event thought I unrestricted %windir% and %programfiles%, where the executable file loacted, when I click on the shortcut on the desktop I got restricted message. The confusing thing is in that error message it only mentions the main location.

So, the bottom line is I have to monitor how many other files the application is involed. I found it''s earier just run this DOS command line: "Dir appplicaiotnname*.*  /s" as higher as possible in the directory tree. It will list all the files involved.

Hope this info. will help others if they have encountered similar problem.

Clement
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 6

Expert Comment

by:nihlcat
ID: 12387880
Clement, please request a refund of your points, as you came up with your own answer and posted it.  I don't want points I didn't earn, and I also don't want your C grade that I didn't earn.  Sheesh I only made 1 little comment!
0
 

Author Comment

by:clementy
ID: 12402229
Hi Nihlcat,

thanks for the informaiton! And sorry for the C grade...I am kind of new for the system so wasn't quite sure how the system works. I have surfered a bit but couldn't figure out how to do the Ponts-refound business. Could you let me know how to make a refound claim? Thanks!

Clement
0
 
LVL 6

Expert Comment

by:nihlcat
ID: 12402290
No problem.  Just post in the community support area

http://www.experts-exchange.com/Community_Support/

requesting the question to be closed and your points refunded.  Be sure to include the hyperlink to this question.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now