Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

GPO Software restriction mailto link

Posted on 2014-03-06
4
Medium Priority
?
842 Views
Last Modified: 2014-03-06
Hi,

We have a terminal server (2008 r2) and a domaincontroller (2008 r2) on which we have defined a gpo for software restriction.

Now users can't click mailto links on a webpage. They get the message that the program is block by grouppolicy.

When we turn off the software restriction policy for a user, he/she can click a mailto link and it works fine.

This is how the gpo setting looks like.

Thanks.
gpo-sr.jpg
0
Comment
Question by:PramoIT
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
McKnife earned 1600 total points
ID: 39909025
Well, the Software restriction policies do have a logfile. Inside you can read what was blocked. So please add that as an exception.
0
 
LVL 13

Assisted Solution

by:Santosh Gupta
Santosh Gupta earned 400 total points
ID: 39909067
Hi,

first check when user click on mailto links on a webpage what application opening for mail.
like outlook, outlook Express or any other mailing software.

after identifying the program, please create a "Ne path Rule" and select that application path and select "unrestricted".

Apply to group policy and check.
0
 

Author Comment

by:PramoIT
ID: 39909107
Hi mcknife,

Thanks!

I have turned on logging by creating HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers
String Value: LogFileName, <path to a log file>

And saw that when clicking on mailto link, the system tries to open c:\progra~1 instead of c:\program files

These 2 paths are in fact the same, but not for the software restriction gpo. So i added c:\progra~1 to the paths and now it works.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39909115
Ok...

FYI, there was already a logging section in eventviewer, I guess it would appear in the application log file.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question