My first post on these forums, hoping it begins a lot of back scratching! I'm an IT Manager at a small private school (K-12), just looking for some assistance with software restrictions policies.
I'm currently rebuilding the policy I inherited as it is essentially an unrestricted policy with blacklisted paths (big/ugly) rather than a disallow policy with whitlistings (of which there would be fewer entries). I'm just a little unsure about what allowances to make for system paths etc., and I'll give a coupld examples;
I was wondering if anyone has dealt with these two scenarios and/or would be willing to share their SR policies (with particular attention to critical system paths).
- When a student is in Outlook Web Access and tries to open an attachment SR kicks in with a error about loading Word (which normally loads fine) when trying to run from Temp Internet Files folder (which I'd rather actually not whitelist for various reasons).
- Some students have worked out that they can run self-contained games (ie Minecraft) from a zipped folder without SR detecting it loading from the %temp% directory.
The only issue we've had doing this, is that sims updates often won't run on a normal user account under this. So you'd either need to disable the UAC policy when updating, or do mimic-style login once after the updates, just so they flow through as admin.
In terms of #1, I know at least in outlook you can change where attachments are loaded from by editting registry. Not sure if it'll apply to OWA aswell, but might be worth a shot. (It "may" change the entire temp folder location, so might want to double check this first actually)
But it's something like: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\User Shell Folders
There are currently 1 users browsing this thread. (0 members and 1 guests)