GPO Software restriction mailto link

PramoIT
PramoIT used Ask the Experts™
on
Hi,

We have a terminal server (2008 r2) and a domaincontroller (2008 r2) on which we have defined a gpo for software restriction.

Now users can't click mailto links on a webpage. They get the message that the program is block by grouppolicy.

When we turn off the software restriction policy for a user, he/she can click a mailto link and it works fine.

This is how the gpo setting looks like.

Thanks.
gpo-sr.jpg
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
Well, the Software restriction policies do have a logfile. Inside you can read what was blocked. So please add that as an exception.
Top Expert 2014
Commented:
Hi,

first check when user click on mailto links on a webpage what application opening for mail.
like outlook, outlook Express or any other mailing software.

after identifying the program, please create a "Ne path Rule" and select that application path and select "unrestricted".

Apply to group policy and check.

Author

Commented:
Hi mcknife,

Thanks!

I have turned on logging by creating HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers
String Value: LogFileName, <path to a log file>

And saw that when clicking on mailto link, the system tries to open c:\progra~1 instead of c:\program files

These 2 paths are in fact the same, but not for the software restriction gpo. So i added c:\progra~1 to the paths and now it works.
Distinguished Expert 2018

Commented:
Ok...

FYI, there was already a logging section in eventviewer, I guess it would appear in the application log file.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial