Hi all,
I have been messing with software restriction policies on a virtual network and so far i like what i see, could come in very handy
But i have found a few niggles that i cant get my head around. The default policy allows all EXEs to run from %systemroot%\System32 which is where mspaint.exe is stored (for example) now the default setting i have choose is block all except DLLs. If i run Paint from the stat menu its blocked, but if i run it from the system32 folder itself it is allowed to run. Any ideas why?
This isnt such a major problem as kids dont have access to these folders anyway but i want to understand why its allowing it.
Cheers
Mike
Have you tried running multiple rules to bypass this situation.
is this in case they draw a stick man, then using RM Connect 2.4 change the servers wallpaper using the "replicator" account ? with password as replicator1 ?
Last edited by Quackers; 1st February 2009 at 01:45 AM.
What might be stopping it running from the start menu is the shortcut itself, as the exention .lnk is counted as an executable. I believe shortcuts in the userprofile are allowed by default, but I'm not sure about the 'all users' profile which is where the shortcut is stored for paint by default, so it could be that the shortcuts in the all users profile are blocked.
Try creating a new shortcut to paint as a user, and I think you'll find it will run if the shortcut is in a location that allows executables.
Mike.
yep .lnk's are probably the issue.Originally Posted by maniac
I know we've had issues with pupils opening docs from the documents menu... when opened that way the get a software restriction error. when opened from within the app; File > Open they work fine
Thanks guys will check this when i get my laptop back, left it at the GF house last night! hope she doesnt crack my password lol
Hi guys,
I dont think the all users profile is my problem as i redirect the kids start menus to "\\<servername\menu$\<room name>\Start Menu\"
I have even added the specific start menu folder to the unrestricted rules list and still they cannot run anything.
If i put \\<servername>\sharedapps$\*.* will that replicate down to all the other sub folders? or do i need to add each folder in ?
I know this thread is a little old, but just for anybody else who is experiencing this problem; this is what worked for me:
Remove the ".lnk" file type from the list of filtered extensions. I have found a screenshot that shows where this can be done. Please find it attached.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote