I have set up two main HTTP access rules on my Forefront TMG server. The idea was to have a group of users who are allowed to download executable content, i.e. mainly ICT staff to download corporate applications and other authorised applications. The rest of the users were to be blocked from downloading content to prevent them from over utilizing bandwidth and downloading freeware / shareware that could cause issues on their computers.
Even though the checkbox "Block responses containing Windows executable content" is unchecked for the authorised access rule and checked for the unauthorised group, I am not able to download executable content even though I am part of the authorised users.
Secondly, I was wondering if there is a way to allow specific executable content for a few applications as an exception to the blocked executable content, that are used corporately and will require updates which come in the form of executable content e.g. Java and Adobe applications.