+ Post New Thread
Results 1 to 2 of 2
Educational Software Thread, Software Restrictions in Technical; Hi all, My first post on these forums, hoping it begins a lot of back scratching! I'm an IT Manager ...
  1. #1
    Schikitar's Avatar
    Join Date
    Apr 2011
    Posts
    9
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Software Restrictions

    Hi all,

    My first post on these forums, hoping it begins a lot of back scratching! I'm an IT Manager at a small private school (K-12), just looking for some assistance with software restrictions policies.


    I'm currently rebuilding the policy I inherited as it is essentially an unrestricted policy with blacklisted paths (big/ugly) rather than a disallow policy with whitlistings (of which there would be fewer entries). I'm just a little unsure about what allowances to make for system paths etc., and I'll give a coupld examples;
    1. When a student is in Outlook Web Access and tries to open an attachment SR kicks in with a error about loading Word (which normally loads fine) when trying to run from Temp Internet Files folder (which I'd rather actually not whitelist for various reasons).
    2. Some students have worked out that they can run self-contained games (ie Minecraft) from a zipped folder without SR detecting it loading from the %temp% directory.
    I was wondering if anyone has dealt with these two scenarios and/or would be willing to share their SR policies (with particular attention to critical system paths).

    Cheers!

  2. #2

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,698
    Thank Post
    335
    Thanked 516 Times in 484 Posts
    Rep Power
    180
    Quote Originally Posted by Schikitar View Post
    [*]Some students have worked out that they can run self-contained games (ie Minecraft) from a zipped folder without SR detecting it loading from the %temp% directory.[/LIST]I was wondering if anyone has dealt with these two scenarios and/or would be willing to share their SR policies (with particular attention to critical system paths).

    Cheers!
    We found the easiest way to sort the Zip issue was partially enabling UAC. Auto denying any elevation requests for users, but allowing admins to elevate it in the normal right click method etc.

    The only issue we've had doing this, is that sims updates often won't run on a normal user account under this. So you'd either need to disable the UAC policy when updating, or do mimic-style login once after the updates, just so they flow through as admin.


    In terms of #1, I know at least in outlook you can change where attachments are loaded from by editting registry. Not sure if it'll apply to OWA aswell, but might be worth a shot. (It "may" change the entire temp folder location, so might want to double check this first actually)

    But it's something like: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\User Shell Folders

    Steve



    Steve

SHARE:
+ Post New Thread

Similar Threads

  1. Software Restrictions
    By nicholab in forum Windows
    Replies: 4
    Last Post: 16th November 2009, 02:05 PM
  2. Help with Software restrictions Policy
    By speckled in forum Windows
    Replies: 7
    Last Post: 7th November 2008, 01:44 PM
  3. Software restrictions
    By Edu-IT in forum Windows
    Replies: 9
    Last Post: 16th March 2008, 12:37 AM
  4. Software Restrictions
    By faza in forum Wireless Networks
    Replies: 10
    Last Post: 6th March 2007, 01:33 PM
  5. Software Restrictions
    By faza in forum Wireless Networks
    Replies: 4
    Last Post: 2nd February 2007, 08:21 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •