Puzzles about how to use Software Restrication Policies

Posted on 2004-10-19
Last Modified: 2013-12-04
Hi there!

I have posted a question "How to prevent users from installing programs" few days ago. And thanks Sstoyanovich and Luv2smile who gave me useful help on the matter. Since then I followd Sstoyanovich's suggestion to implement the Software Restriction Polices. The following is the policies I set for a test:

- Default Security Level: Disallowed
- Additional Rule: (path rule)
     C:\Program Files          unrestricted
     C:\WINDOWS              unrestricted
     C:\myApplication          unrestrcted

The problem is when I sign in as a Power User, I cannot access the applications located in Windows root (WINDOWS here) and Program Files, but myApplication is accessable. I have tried different way to define the path rule for WINDOWS and Program Files, such as using wildcard (*) and variables (%PROGRAMFILES%) etc. But none of them works.

What makes things even wrose was that when I played around with the policy settings, I don't what I have done that the network connection is totally disappeared!  

Any idea what's going on here? And I really appreciate if somebody can give a hand here!

Many Thanks!

Question by:clementy
  • 3
  • 3

Expert Comment

ID: 12353606
Which group policy are you editing?  If it was a group policy in an OU you created, you can always Remove and then Unlink the policy from the OU and start over.  For safety I use a test OU and linked group policy.  I'll leave Sstoyanovich and Luv2smile to keep working with you.

Author Comment

ID: 12359818
Thanks for the comment, nihlcat. I am woking on individual local machine, so there is no OU involved.


Accepted Solution

clementy earned 0 total points
ID: 12385911
Ok, I think I fingure the problem out and would like to share my sulotion here. Then major reason is that some applicaions have also had shortcuts in different locations; so event thought I unrestricted %windir% and %programfiles%, where the executable file loacted, when I click on the shortcut on the desktop I got restricted message. The confusing thing is in that error message it only mentions the main location.

So, the bottom line is I have to monitor how many other files the application is involed. I found it''s earier just run this DOS command line: "Dir appplicaiotnname*.*  /s" as higher as possible in the directory tree. It will list all the files involved.

Hope this info. will help others if they have encountered similar problem.

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)


Expert Comment

ID: 12387880
Clement, please request a refund of your points, as you came up with your own answer and posted it.  I don't want points I didn't earn, and I also don't want your C grade that I didn't earn.  Sheesh I only made 1 little comment!

Author Comment

ID: 12402229
Hi Nihlcat,

thanks for the informaiton! And sorry for the C grade...I am kind of new for the system so wasn't quite sure how the system works. I have surfered a bit but couldn't figure out how to do the Ponts-refound business. Could you let me know how to make a refound claim? Thanks!


Expert Comment

ID: 12402290
No problem.  Just post in the community support area

requesting the question to be closed and your points refunded.  Be sure to include the hyperlink to this question.

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
4 Android flaws that leave 900M devices at Risk 7 75
Ransome Ware Question 10 151
Endpoint security products 4 61
Penetration Testing home based work 3 75
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question