Software Restriction Policies... AGAIN
I've been tasked with getting SRP working properly.
I've taken the 'blacklist/deny' approach (where everything is permitted EXCEPT what we deny).
I'm sure that doing it the other way (where everything is denied...) is just as good but I can count on my fingers what we don't want the kids to get at.
I have several path rules setup - some set to deny and some set to permit.
Now here's an example...
B:\ - Deny (USB Drive Letter)
Now I can open all office docs here EXCEPT MSAccess MDB Files by double-clicking.
On the MDB files it says it's blocked, however MDB does not appear in the 'designated file types' list and even if I put it there, it makes no difference.
So... B:\*.mdb - Permit
This works provided the MDB is in the root folder, it doesn't work if that MDB is anywhere else on B:.
So am I doing something stupidly wrong with this or am I missing something obvious?
I will post the full configuration in a bit, gotta do a bit of early-morning fire-fighting first but any suggestions in the mean time would be great :)