I want to restrict all but one room of computers using a piece of software.
I have setup a Software Restriction Policy (as a loopback policy, so all users who log onto the computer have it applied) of deny to the software path .exe on the top level computer OU.
I then setup an identical loopback SRP policy to allow the software path .exe in a sub OU containing the computers I want to run the software.
Policy processing shows both polices are being applied but the software is still denied on all computers...
Is this the wrong approach?