<div>
Hi mcknife,<br />
<br />
Thanks!<br />
<br />
I have turned on logging by creating HKEY_LOCAL_MACHINE\SOFTWAR<wbr />E\Policies<wbr />\Microsoft<wbr />\Windows\S<wbr />afer\CodeI<wbr />dentifiers<wbr /><br />
String Value: LogFileName, &lt;path to a log file&gt;<br />
<br />
And saw that when clicking on mailto link, the system tries to open c:\progra~1 instead of c:\program files<br />
<br />
These 2 paths are in fact the same, but not for the software restriction gpo. So i added c:\progra~1 to the paths and now it works.
</div>


Hi mcknife,

Thanks!

I have turned on logging by creating HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers
String Value: LogFileName, <path to a log file>

And saw that when clicking on mailto link, the system tries to open c:\progra~1 instead of c:\program files

These 2 paths are in fact the same, but not for the software restriction gpo. So i added c:\progra~1 to the paths and now it works.

<div>
Ok...<br />
<br />
FYI, there was already a logging section in eventviewer, I guess it would appear in the application log file.
</div>


Ok...

FYI, there was already a logging section in eventviewer, I guess it would appear in the application log file.

<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
We have a terminal server (2008 r2) and a domaincontroller (2008 r2) on which we have defined a gpo for software restriction.<br />
<br />
Now users can't click mailto links on a webpage. They get the message that the program is block by grouppolicy.<br />
<br />
When we turn off the software restriction policy for a user, he/she can click a mailto link and it works fine.<br />
<br />
This is how the gpo setting looks like.<br />
<br />
Thanks.<br />
<a href="https://filedb.experts-exchange.com/incoming/2014/03_w10/838470/gpo-sr.jpg" target="_blank" class="file-inline" title="gpo setting (30 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>gpo-sr.jpg</a>
</div>
</div>


gpo-sr.jpg

Hi,

We have a terminal server (2008 r2) and a domaincontroller (2008 r2) on which we have defined a gpo for software restriction.

Now users can't click mailto links on a webpage. They get the message that the program is block by grouppolicy.

When we turn off the software restriction policy for a user, he/she can click a mailto link and it works fine.

This is how the gpo setting looks like.

Thanks.

GPO Software restriction mailto link

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Microsoft server applications are those applications developed specifically, but not necessarily exclusively, on the Windows Server platform. In addition to well-known products like SQL Server, Exchange, Internet Information Services (IIS), Microsoft Dynamics, Forefront, Lync and Sharepoint, they include applications like Skype, BizTalk, Hyper-V, Groove and Commerce Server. Server applications are managed with the Microsoft System Center.