I'm trying to restrict apps running on my terminal servers for RDS users as part of my malware prevention strategy..
I wish to control this via a Domain GPO
After a lot of googling around, I'm a little confused still...
I have created the GPO, and am using path based filtering..
Say I wist to allow everything in C:\Program Files on my terminal server to run, in the Executable rule in the GP on the DC, do I just enter "C:\Program Files", or does this path have to be relative to the domain controller and I enter something like "\\terminaServer1\c$\program Files"?
Additionally, does the Application Identity service have to run on the DC or the Terminal Server?
Thanks in anticipation.