troubleshooting Question

Software Restriction Policy - 'Allow' GPO beneath 'Deny' GPO

Avatar of Pete
PeteFlag for United Kingdom of Great Britain and Northern Ireland asked on
SoftwareActive Directory
11 Comments2 Solutions188 ViewsLast Modified:
I want to restrict all but one room of computers using a piece of software.

I have setup a Software Restriction Policy (as a loopback policy, so all users who log onto the computer have it applied) of deny to the software path .exe on the top level computer OU.
I then setup an identical loopback SRP policy to allow the software path .exe in a sub OU containing the computers I want to run the software.

Policy processing shows both polices are being applied but the software is still denied on all computers...

Is this the wrong approach?
Solutions Architect

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 11 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 11 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros