We want users to be able to open hyperlinks from MS Office apps, including mailto: and http
If the Group Policy "Run only allowed Windows applications" is set (under User Config | Admin Templates | System), then users opening hyperlinks from MS Office apps (including Outlook, Word, and Excel at least), see the standerd GP restriction error:
This operation has been canceled due to restrictions in effect on this computer. Please contact your system administrator.
Admins are NOT blocked, and if I disable that policy, neither are users. It affects http: and mailto: urls, at least.
I can't figure out what the problem is. Word, Excel, Oultook, Firefox and IExplore are listed as permitted in the policy and all run fine. As far as I know, the policy allows any executable called by a permitted executable (this must be true, or I'd see errors everywhere).
I've tried the following; nothing worked.
* Adding every executable in the MS Office install directory to the policy's whitelist
* Adding these files to the policy whitelist: mshtmled.dll, hlink.dll, mshtml.dll. Filemon showed these being accessed when a hyperlink is clicked
* Resetting this registry key per MS kb q310049: HKEY_Local_Machine\Softwar
command (though any problem there should affect all users, including admins).
* Adding "http://www.cnn.com
" to the whitelist, then trying that url from Word.
Any suggestions would be much appreciated!