Prevent Files With These Extensions Running From These Locations...
I know this has been asked before. However I think I have followed the advice in the other posts and it is still not working for me so what am I doing wrong?
Taking one file type as an example [solving the problem gives me the answer to other file types also]
Let us say that I want to prevent students running CMD from their home folders and from memory stick locations. And let us say that home folders are mapped to U:\ and memory sticks are created as E:\ and F:\
At the server in Group Policy [GPO created to control student user behaviour] In User Configuration I have created a Designated File Type in:
Policies\Windows Settings\Security Settings\Software Restriction Policies
File Type: CMD
In the same GPO I have placed a Path Rule under User Configuration:
Policies\Windows Settings\Security Settings\Software Restriction Policies\Additional Rules
Path Rule: U:\*.CMD: Disallowed
However I find that students can still run a test CMD file.
What am I missing?
Server: Windows Server 2008: Standard Edition: 64 Bit: Service Pack 2
Client: Windows XP Pro: SP3