MMC has me hornswoggled, have mercy on my poor brain
We use MMC to lock down various aspects of our XP desktops - I'm hitting a wall with 'Software Restrictions' however.
Students have figured out that if they download a fresh copy of Firefox to their desktop and select 'direct connection - no proxy' they can get around the firewall. Setting my proxy (pfSense) to transparent mode tamped down the problem but caused some other issues such as the inability to block secure sites. [what this means in real life is that students can get to https://www.facebook.com even if the domain is blocked].
So I need to prevent unauthorized executable files from running, possibly by means of a Software Restriction path rule in MMC. What I want to tell MMC is 'only allow a program to run if it is located in C:\Program Files\' or failing that 'don't let a program run if it is located in the user profile'.
What is the path rule syntax I need to do this? So far I've only succeeded in blocking all programs from running.
Also, we're using roaming profiles on a Samba server in case that makes any difference.
thanks in advance folks!!