I am trying to lock down all desktop computers in my office. I have successfully created a Group Policy Object that locks down the computer to only allow certain programs to run (such as Microsoft Office). This object has the following Software Restriction Policies set:

Security Level is set to Disallow

Additional Rules - I left the first three default registry rules set to Unrestricted, but changed the forth registry rule (%HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%) to Disallow (I found that if I left that rule to Unrestricted all programs can still run). I also added extra rules to allow certain programs to run.

A side effect of this rule is that I can no longer remotely push out Symantec Antivirus Corporate Edition with the Symantec tool or another Group Policy Object.

Is it possible to have the Security Level set to Disallow in the Software Restriction Policy and still remotely install software?
0 Comments   [ - ] Hide Comments


Please log in to comment

There are no answers at this time
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity