Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Problems in configuring software restriction policy to restrict all applications

  • Please log in to reply
No replies to this topic

#1 gkartik


  • Members
  • 1 posts

Posted 15 July 2017 - 09:05 AM

I don't want any standard user to run any application expect those which are already installed, so I created a path rule in software restriction policy and disallowed all applications (.exe, .msi & .msp) except those which are present in windows & program files folder. But problem is that some applications (like Matlab) require access to PROGRAM DATA (like Java) and APP DATA FOLDER which contain many executables. If I allow those folders, standard users are able to copy any portable application into those folder & run it from there. That means users are able to write into those folders.
However, I can create path rule for all executables present in those folders and allow them, but they too many of them, so its not convenient to create rules one by one.

Also I have personal folder in Local Drive (D) which contains some useful portable applications, so I want to allow that folder and at same time make it write protected so that standard user cannot copy any other application and run it at their own will.

Any solution?

System Details:

Windows 7 Ultimate 32 bit service pack 1


BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users