Software Restriction Policies not working correctly?

InlineFive

Diamond Member
Sep 20, 2003
9,599
2
0
Hello everyone,

I am trying out Software Restiction Policies on a single (workgroup) machine but it's not working. I set Unrestricted rules for %WINDIR% and %PROGRAMFILES% and set the default security level to Disallowed. Only problem is that nothing in those directories will run.

What am I doing wrong?

Thanks
 

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
I just tried this inside a Windows XP Pro SP2 Virtual PC window. I changed the Local Computer Policy, setting the Computer's Software Restriction Default Level to "Disallowed".I DID NOTHING ELSE. In "Enforcement Properties", I left the default settings of "All software files except libraries" and "All users".

By default, Windows XP sets up Additional Rules that allow programs in several folders, including "Program Files" and the various "System" folders, to execute.

I then ran "GPUpdate /Force" (just in case....) and rebooted the Virtual PC.

After rebooting, I found that I could run programs that were already installed in the "Program Files" folder, including Outlook.exe and X-Lite.exe. But when I tried running a TightVNC-1.2.9-setup.exe file in a "Downloads" folder, the Software Restriction Policy prevented it.

So, the Local Software Restiction Policies seemed to be working as advertised for me. Perhaps something's going wrong in your additional settings for the "Unresticted" folders.