Location: Mail List

Ads

Skyscraper

The GPTalk Mailing List

The GPTALK mailing list is where you can send and receive email related to Windows Group Policy. You must subscribe to the list to send and receive mail from the list. The purpose of the list is to provide a forum for asking and answering technical questions related to Group Policy. Any question is fair game as long as it is related to Windows Group Policy.  The Archives for this list can be found on this page.

 

List Posts

Forums >GPTalk >GPTalk Mailing List
Subject: [gptalk] Strange Software Restriction Policy Behaviour
Prev Next
You are not authorized to post a reply.

AuthorMessages
y2kUser is Offline

Posts:28

02/13/2010 10:25 AM  
Hi all

A few weeks ago, we created a path rule in software restirction policy
to restrict %temp% and the tempoary internet files. The reason was
mainly to try to stop casual and drive by downloads. Shortly
afterwards, we had a complaint from a user who said they are unable to
open PDF files from a java applet which did work perfectly fine.
After closer investigation, it seems that when the applet downloads
the file, it launches the file from the command prompt. Removing the
user from the scope of the software restriction policy fixed the
problem and they were able to download the file

After this, we done some more debugging with the software restriction
policy enabled. If we browse to %temp%, and double click on the PDF
file, it opens just fine. However, if we got to command prompt, CD to
%temp% and type the file name, command prompt says something along the
lines of "cannot open this application" (sorry, don't have the exact
wording) and the application log on the PC will say file
%temp%\file.pdf was blocked from executing by policy xyz ... and says
that %temp% is restricted. This happens with all files in the %temp%
directory, not just PDF's, but the files will open just fine if double
clicked from windows explorer.

Also, if I launch the application from the command line (while still
in the %temp% directory) and pass it the file name, it works fine. Eg

cmd
cd %temp%
"C:\Program Files\Adobe\Reader 9.0\acrord32.exe" file.pdf

This will not be restricted but will launch adobe reader and open the file.

So, of course my question is, why can these files not be opened from
command prompt if they are stored in a restricted location ? Given
that these files are not executibles, I don't see how they're getting
blocked. I've also chekced that PDF is not listed in the restriction
policy as a file extension to block

Thanks in advance for any help
M
You are not authorized to post a reply.
Forums >GPTalk >GPTalk Mailing List > [gptalk] Strange Software Restriction Policy Behaviour



ActiveForums 3.7

Members

MembershipMembership:
Latest New UserLatest:JohnTennyson
New TodayNew Today:1
New YesterdayNew Yesterday:1
User CountOverall:903
People OnlinePeople Online:
VisitorsVisitors:0
MembersMembers:0
TotalTotal:0
Online NowOnline Now:

Ads

Banner Inv
Copyright 2009 by GPOGUY.COM
Terms Of Use