I have a simple SRS GPO with a UNC path rule banning default executables (including .LNK) on a particular server share. I put one .LNK and one .EXE in that share.
The SRS GPO is linked to a user OU and when one of those logs on it works i.e. both the LNK and EXE are banned.
The SRS GPO is also linked to a computer which has a loopback replace policy. The SRS policy appears to be happily delivered to a user logging on to that computer because it is in their ntuser.pol (viewing/dumping those is a recurrently useful trick). For them the EXE is banned, but the LNK works.
To me that suggests something other than the SRS GPO is involved in stopping that LNK working in the first case. But what? Must be something, does anyone know what I might be missing here?
Have you added LNK to the default list that it makes of restricted applications?
That helped me when I wanted to prevent an extra extension from running, also not specifying what extensions to filter, just denying and looking in the default list for restrictions.
I also had difficulties in allowing from a UNC path, so I gave up and went back to blacklisting.
There are currently 1 users browsing this thread. (0 members and 1 guests)