Software Restriction Policy / Deploy Software
I am trying to lock down all desktop computers in my office. I have successfully created a Group Policy Object that locks down the computer to only allow certain programs to run (such as Microsoft Office). This object has the following Software Restriction Policies set:
Security Level is set to Disallow
Additional Rules - I left the first three default registry rules set to Unrestricted, but changed the forth registry rule (%HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%) to Disallow (I found that if I left that rule to Unrestricted all programs can still run). I also added extra rules to allow certain programs to run.
A side effect of this rule is that I can no longer remotely push out Symantec Antivirus Corporate Edition with the Symantec tool or another Group Policy Object.
Is it possible to have the Security Level set to Disallow in the Software Restriction Policy and still remotely install software?
Security Level is set to Disallow
Additional Rules - I left the first three default registry rules set to Unrestricted, but changed the forth registry rule (%HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%) to Disallow (I found that if I left that rule to Unrestricted all programs can still run). I also added extra rules to allow certain programs to run.
A side effect of this rule is that I can no longer remotely push out Symantec Antivirus Corporate Edition with the Symantec tool or another Group Policy Object.
Is it possible to have the Security Level set to Disallow in the Software Restriction Policy and still remotely install software?
0 Comments
[ + ] Show comments
Answers (0)
Please log in to answer
Be the first to answer this question
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
