Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

Software Restrictions

I have software restrictions in place (to try and prevent the crypto virus from running).
However I need some apps to be able to run under the %localappdata% folder structure.

From (http://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx) it indicates "When there are multiple matching path rules, the most specific matching rule takes precedence."

However that is not what I am seeing.

I have the following to Software Restrictions policies;
1) %LocalAppData%\<App I want to run folder>\*.exe - Unrestricted
2) %LocalAppData%\*\*.exe - Disallowed

(they appear in this order with in the GPO Policy)

When I run an app in <App I Want to Run Folder> it is stopped by policy 2)

If I change policy 1) to actual specify the full executable name, then it is able to run.

However there are several exe files in the App Folder, and I was hopping not to have to specify each app - based on the above article I found.

What am I missing.

Thanks
0
bmcollis
Asked:
bmcollis
  • 3
  • 2
1 Solution
 
MaheshArchitectCommented:
Try 2nd rule as below and check if it works
%LocalAppData%\*.exe - Disallowed

If it still giving problem, then it looks like *.exe is more generic term and actual exe path is more specific in 1st rule causing allow you to run exe files

Mahesh
0
 
bmcollisAuthor Commented:
Hi MaheshPM
Thanks for responding.

I actually have your suggestion in place as well, to stop exe files within the %LocalAppData% folder from running.

Rule 2) is meant to stop programs in all folders below %localappdata% from running - which it does.

However there are some programs "installed"/placed in folders below %localappdata% that I need to be able to let run.  I was hopping I could just specify the folder and that would be more specific therefore the program would run.

However the error in the event log indicates that rule 2 is stopping the program from running - Have I discovered a bug???

BC
0
 
MaheshArchitectCommented:
What is the default security level for software restriction policy
You can set it to disallowed and then make exceptions as appropriate

Please check below PDF file for detailed configuration

http://www.nsa.gov/ia/_files/os/win2k/application_whitelisting_using_srp.pdf

Also you can exclude administrators from applying software restrictions policies if wanted to

Just test it 1st prior to deploy in production as it can impact production

Mahesh
0
 
bmcollisAuthor Commented:
Hi Mahesh,
Thanks for the link.  I did not see anything in there that referred to my issue, in terms of order and precedence.

I do appreciate you input into this.

But at this point, and without further input I guess I will have to specify the exe files individually rather than just the folder they are in.

BC
0
 
MaheshArchitectCommented:
I have shared that link so that you might set software restriction policy according to link and you will get the required results

The link will not address your existing issue

Mahesh
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now