Issues with Software Restriction policies.

[InlineFive]

If I have my computers running as a Limited User with Disallow software restriction policies set am I being paranoid? The goal here is to make a functional system that would be resilient to harmful tampering by users and malicious software.

Does this seem reasonable?

-Por

Update: So I set the default setting to Disallowed and then created a Unrestricted rule for IE. However it still shows up as being blocked. How do I make Additional Rules take precedence over the Security Levels?

 

[MrChad]

Seems perfectly reasonable to me. There's little need for administrator privileges in day-to-day computing (surfing the net, emailing, etc.). If the need arises for administrative privileges, use Run As or log on as the administrator account for that specific task.

 

[InlineFive]

Originally posted by: MrChad
Seems perfectly reasonable to me. There's little need for administrator privileges in day-to-day computing (surfing the net, emailing, etc.). If the need arises for administrative privileges, use Run As or log on as the administrator account for that specific task.

Thanks for the advice. That's just what I was looking for.

But now a new question. I set the default setting to Disallowed and then created a Unrestricted rule for IE. However it still shows up as being blocked. How do I make Additional Rules take precedence over the Security Levels?[/

 

[InlineFive]

Anyone?

 

[InlineFive]

Anyone?