I have software restrictions in place (to try and prevent the crypto virus from running).
However I need some apps to be able to run under the %localappdata% folder structure.
) it indicates "When there are multiple matching path rules, the most specific matching rule takes precedence."
However that is not what I am seeing.
I have the following to Software Restrictions policies;
1) %LocalAppData%\<App I want to run folder>\*.exe - Unrestricted
2) %LocalAppData%\*\*.exe - Disallowed
(they appear in this order with in the GPO Policy)
When I run an app in <App I Want to Run Folder> it is stopped by policy 2)
If I change policy 1) to actual specify the full executable name, then it is able to run.
However there are several exe files in the App Folder, and I was hopping not to have to specify each app - based on the above article I found.
What am I missing.