I've read quite a few postings and Microsoft documents, but cannot seem to figure out how, exactly, software restriction are applied to specific users. Here's the setup, numbers are for example:
+ Windows 2003 Server running Terminal Services
+ This server is accessed by 20 users via RDP.
+ I want only 6 of them to be able to run Office.
+ I have a small number of other applications I would like specific users to run.
+ I would like to use local policy for simplicity, even though this server is part of a domain.
So, my guess to do this is the following:
+ Create a local group "Office Users", containing those users permitted to run Office.
+ Set the default Software Restriction Security Level to "Disallowed"
+ Add an Additional Path Rule (Unrestricted) containing the path to the Office apps.
My problem: I cannot see how to apply this additional rule to specific users, that is (I guess) to the Office Users group.
(Sorry if I didn't pick the question zones correctly.)