Software Restriction Policy - shortcuts don't work

default security level: Disallowed

Enforcement properties:

Apply software restriction policies to the following:
*all software files except libraries (such as DLLs)

Apply software restriction policies to the following users:
*all users except local administrators

Under trusted file types I have removed .lnk (that "l" as in larry) file extensions.

Though I dont use them, under Trusted Publishers Properties

"allow the following users to select trusted publishers:"
* End users
(all other options in this window are left un-checked)



Following are my path rules are being implemented:

C:\Docuements and Settings\All Users\Start Menu\Programs\Adobe
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%

And the Following Hash Rule:
6c37ad8c2212d3ddc456bb48a3aa398e:71288:32771
(for Adobe Acrobat 7.0)


Experts,

I am having a problem using shortcuts to allowed programs. all of which have been configured via software restriction policies (for user)

In on particular instance,  my users cannot access adobe acrobat via the shortcut.
located in c:\documents and settings\all users\start menu\programs
The Error log on the local machines report:

Event ID:  865
Type: Warning
Access to C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk has been restricted by your administrator by the default software restriction policy level.

These are my software restriction policy settings:
default security level: Disallowed

Enforcement properties:
Apply software restriction policies to the following:
*all software files except libraries (such as DLLs)
Apply software restriction policies to the following users:
*all users except local administrators

Under trusted file types I have removed .lnk (that "l" as in larry) file extensions so that .lnk extensions are permitted

(Though I dont use them) under Trusted Publishers Properties

"allow the following users to select trusted publishers:"
* End users
(all other options in this window are left un-checked)

The Following are my PATH rules are being implemented:
C:\Docuements and Settings\All Users\Start Menu\Programs\Adobe
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%

And the Following HASH Rule:
6c37ad8c2212d3ddc456bb48a3aa398e:71288:32771
(for Adobe Acrobat 7.0)

In a nutshell, I don't understand why shortcuts don't work. My understanding was as long as they are exempted from the 'do not allow list' of other file extension types. Is there a HASH for shortcuts?? I don't thnk so. I've tried to bing a HASH rule for a shortcut and Group policy seems to recognize it as the file/program itself.  I hope this is descriptive enough and too misleading or complicated.

Any help is greatly appreciated.

LVL 1
computerguy79Asked:
Who is Participating?
 
StuFox100Commented:
Try allowing .lnk1
That is the real extension as mentioned in this article:
http://technet2.microsoft.com/windowsserver/en/library/d24bc8c8-27cc-47ba-9b02-78d9d801e9371033.mspx?mfr=true
Cheers
Stu
0
 
computerguy79Author Commented:
If I slapped myself for every time I overcomplicated things, I'd would put Rick James to shame.

What I have found is that, for any specific shortcut, you have to specify the program's .exe explicitly as well as the shortcut it self. in my case
For example:
PATH Rule - C:\Documents and Settings\All Users\Start Menu\Programs\Games\solitaire.lnk <-specifies the shortcut, while
PATH Rule - %systemroot%\system32\sol.exe <-specifies the program itself.

In solving my adobe acrobat dilemma, adding the Path rule:  c:\Documents and Settings\All Users\Start Menu\Programs\*.lnk   (with the wildcard) allows the shortcut launch of the program as desired. SWEET!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.