• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 161
  • Last Modified:

Puzzles about how to use Software Restrication Policies

Hi there!

I have posted a question "How to prevent users from installing programs" few days ago. And thanks Sstoyanovich and Luv2smile who gave me useful help on the matter. Since then I followd Sstoyanovich's suggestion to implement the Software Restriction Polices. The following is the policies I set for a test:

- Default Security Level: Disallowed
- Additional Rule: (path rule)
     C:\Program Files          unrestricted
     C:\WINDOWS              unrestricted
     C:\myApplication          unrestrcted

The problem is when I sign in as a Power User, I cannot access the applications located in Windows root (WINDOWS here) and Program Files, but myApplication is accessable. I have tried different way to define the path rule for WINDOWS and Program Files, such as using wildcard (*) and variables (%PROGRAMFILES%) etc. But none of them works.

What makes things even wrose was that when I played around with the policy settings, I don't what I have done that the network connection is totally disappeared!  

Any idea what's going on here? And I really appreciate if somebody can give a hand here!

Many Thanks!

Clement
0
clementy
Asked:
clementy
  • 3
  • 3
1 Solution
 
nihlcatCommented:
Which group policy are you editing?  If it was a group policy in an OU you created, you can always Remove and then Unlink the policy from the OU and start over.  For safety I use a test OU and linked group policy.  I'll leave Sstoyanovich and Luv2smile to keep working with you.
0
 
clementyAuthor Commented:
Thanks for the comment, nihlcat. I am woking on individual local machine, so there is no OU involved.

clement
0
 
clementyAuthor Commented:
Ok, I think I fingure the problem out and would like to share my sulotion here. Then major reason is that some applicaions have also had shortcuts in different locations; so event thought I unrestricted %windir% and %programfiles%, where the executable file loacted, when I click on the shortcut on the desktop I got restricted message. The confusing thing is in that error message it only mentions the main location.

So, the bottom line is I have to monitor how many other files the application is involed. I found it''s earier just run this DOS command line: "Dir appplicaiotnname*.*  /s" as higher as possible in the directory tree. It will list all the files involved.

Hope this info. will help others if they have encountered similar problem.

Clement
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
nihlcatCommented:
Clement, please request a refund of your points, as you came up with your own answer and posted it.  I don't want points I didn't earn, and I also don't want your C grade that I didn't earn.  Sheesh I only made 1 little comment!
0
 
clementyAuthor Commented:
Hi Nihlcat,

thanks for the informaiton! And sorry for the C grade...I am kind of new for the system so wasn't quite sure how the system works. I have surfered a bit but couldn't figure out how to do the Ponts-refound business. Could you let me know how to make a refound claim? Thanks!

Clement
0
 
nihlcatCommented:
No problem.  Just post in the community support area

http://www.experts-exchange.com/Community_Support/

requesting the question to be closed and your points refunded.  Be sure to include the hyperlink to this question.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now