GPO Software restriction mailto link


We have a terminal server (2008 r2) and a domaincontroller (2008 r2) on which we have defined a gpo for software restriction.

Now users can't click mailto links on a webpage. They get the message that the program is block by grouppolicy.

When we turn off the software restriction policy for a user, he/she can click a mailto link and it works fine.

This is how the gpo setting looks like.

Who is Participating?
McKnifeConnect With a Mentor Commented:
Well, the Software restriction policies do have a logfile. Inside you can read what was blocked. So please add that as an exception.
Santosh GuptaConnect With a Mentor Commented:

first check when user click on mailto links on a webpage what application opening for mail.
like outlook, outlook Express or any other mailing software.

after identifying the program, please create a "Ne path Rule" and select that application path and select "unrestricted".

Apply to group policy and check.
PramoITAuthor Commented:
Hi mcknife,


I have turned on logging by creating HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers
String Value: LogFileName, <path to a log file>

And saw that when clicking on mailto link, the system tries to open c:\progra~1 instead of c:\program files

These 2 paths are in fact the same, but not for the software restriction gpo. So i added c:\progra~1 to the paths and now it works.

FYI, there was already a logging section in eventviewer, I guess it would appear in the application log file.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.