Group Policy is Preventing Designated File types from Running in AppData locationsUseful Command-line Commands on WindowsWindows 2003 GPO Software RestrictionsWhere in the stack is Software Restriction Policies implemented?Windows GPO Software Restrictions Policy not working with %TEMP% variableWhat are the pros/cons of blocking a program from running in %appdata%, %temp%, etc.?Preventing Login From Specific Computers with Group PolicyHow can I block certain file from opening in an Active Directory environment?Domain group policy strangenessGroup policy batch script not running on startupWindows 10 GPO causing restrictions within Windows 10 UI
How can I fix this gap between bookcases I made?
Travelling to Edinburgh from India
Why airport relocation isn't done gradually?
Was there ever an axiom rendered a theorem?
Are cabin dividers used to "hide" the flex of the airplane?
Denied boarding due to overcrowding, Sparpreis ticket. What are my rights?
Why was the "bread communication" in the arena of Catching Fire left out in the movie?
Can a planet have a different gravitational pull depending on its location in orbit around its sun?
Add an angle to a sphere
Pristine Bit Checking
Domain expired, GoDaddy holds it and is asking more money
Are white and non-white police officers equally likely to kill black suspects?
LM317 - Calculate dissipation due to voltage drop
What does 'script /dev/null' do?
Is domain driven design an anti-SQL pattern?
aging parents with no investments
Wild Shape Centaur Into a Giant Elk: do their Charges stack?
What to wear for invited talk in Canada
What does "enim et" mean?
How do you conduct xenoanthropology after first contact?
Extreme, but not acceptable situation and I can't start the work tomorrow morning
Some basic questions on halt and move in Turing machines
Where to refill my bottle in India?
Need help identifying/translating a plaque in Tangier, Morocco
Group Policy is Preventing Designated File types from Running in AppData locations
Useful Command-line Commands on WindowsWindows 2003 GPO Software RestrictionsWhere in the stack is Software Restriction Policies implemented?Windows GPO Software Restrictions Policy not working with %TEMP% variableWhat are the pros/cons of blocking a program from running in %appdata%, %temp%, etc.?Preventing Login From Specific Computers with Group PolicyHow can I block certain file from opening in an Active Directory environment?Domain group policy strangenessGroup policy batch script not running on startupWindows 10 GPO causing restrictions within Windows 10 UI
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
1
We have a group policy object that denies installation from user AppData folders. However, we are trying to install Acronis Backup software onto the environment. We are trying to deploy this application to multiple machines (100-200 machines) and it relies on our RMM to deploy it with the correct settings. This application eventually uses AppData to install onto the machines.
Is there a way to allow an application to run in AppData given the GPO settings?
Thank you for any additional information or guidance.
GPO DETAILS
# Enforcement
Policy Setting
Apply Software Restriction Policies to the following All software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following users All users
When applying Software Restriction Policies Ignore certificate rules
# Designated File Types
File Extension File Type
ADE ADE File
ADP ADP File
BAS BAS File
BAT Windows Batch File
CHM Compiled HTML Help file
CMD Windows Command Script
COM MS-DOS Application
CPL Control panel item
CRT Security Certificate
EXE Application
HLP Help file
HTA HTML Application
INF Setup Information
INS INS File
ISP ISP File
LNK Shortcut
MDB MDB File
MDE MDE File
MSC Microsoft Common Console Document
MSI Windows Installer Package
MSP Windows Installer Patch
MST MST File
OCX ActiveX control
PCD PCD File
PIF Shortcut to MS-DOS Program
REG Registration Entries
SCR Screen saver
SHS SHS File
URL Internet Shortcut
VB VB File
WSC Windows Script Component
# Trusted Publishers
Trusted publisher management Allow all administrators and users to manage user's own Trusted Publishers
Certificate verification None
Software Restriction Policies/Security Levelshide
Policy Setting
Default Security Level Unrestricted
# Software Restriction Policies/Additional Ruleshide
Path Ruleshide
%AppData%*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:32:59 PM
%HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRoot%
Security Level Unrestricted
Description
Date last modified 10/25/2013 3:32:18 PM
%HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionProgramFilesDir%
Security Level Unrestricted
Description
Date last modified 10/25/2013 3:32:18 PM
%LocalAppData%*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:34:17 PM
%LocalAppData%**.exe
Security Level Disallowed
Description Don't allow executables to run from immediate subfolders of %AppData%
Date last modified 10/28/2013 10:26:46 AM
%LOCALAPPDATA%CitrixGoToMeeting**.exe
Security Level Unrestricted
Description Citrix GoToMeeting and Webinar exception.
Date last modified 1/16/2014 11:49:03 AM
%LocalAppData%Temp*.zip*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened using Windows built-in Zip support.
Date last modified 10/28/2013 10:29:51 AM
%LocalAppData%Temp7z**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with 7zip.
Date last modified 10/28/2013 10:28:01 AM
%localappdata%Tempjre-7u67-windows-i586-iftw.exe
Security Level Unrestricted
Description Allow Java Updates
Date last modified 9/2/2014 2:44:56 PM
%LocalAppData%TempKAgentSilent.exe
Security Level Unrestricted
Description
Date last modified 3/6/2014 3:03:42 PM
%localappdata%tempkas6071.exe
Security Level Unrestricted
Description Kaseya Agant install file.
Date last modified 9/17/2014 7:12:34 PM
%localappdata%tempose00000.exe
Security Level Unrestricted
Description Office 2013 install
Date last modified 7/24/2015 9:11:32 AM
%LocalAppData%TempRar**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinRAR.
Date last modified 10/28/2013 10:27:28 AM
%localappdata%Tempvcredist_x86.exe
Security Level Unrestricted
Description TValue5 program executable.
Date last modified 8/25/2014 4:10:27 PM
%LocalAppData%Tempwz**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinZip.
Date last modified 10/28/2013 10:28:58 AM
%UserProfile%Local Settings*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:33:27 PM
%UserProfile%Local Settings**.exe
Security Level Disallowed
Description Don't allow executables to run from immediate subfolders of %AppData%
Date last modified 10/28/2013 10:26:22 AM
%UserProfile%Local SettingsTemp*.zip*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened using Windows built-in Zip support.
Date last modified 10/28/2013 10:29:24 AM
%UserProfile%Local SettingsTemp7z**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with 7zip.
Date last modified 10/28/2013 10:27:45 AM
%UserProfile%Local SettingsTempose**.exe
Security Level Unrestricted
Description Allow Office 2013 executables run from %AppData%
Date last modified 12/9/2013 2:58:28 PM
%UserProfile%Local SettingsTempRar**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinRAR.
Date last modified 10/28/2013 10:27:13 AM
%UserProfile%Local SettingsTempwz**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinZip.
Date last modified 10/28/2013 10:28:22 AM
windows windows-server-2012-r2 group-policy
asked Apr 4 at 21:49
confoundrconfoundr
285
add a comment |
1
We have a group policy object that denies installation from user AppData folders. However, we are trying to install Acronis Backup software onto the environment. We are trying to deploy this application to multiple machines (100-200 machines) and it relies on our RMM to deploy it with the correct settings. This application eventually uses AppData to install onto the machines.
Is there a way to allow an application to run in AppData given the GPO settings?
Thank you for any additional information or guidance.
GPO DETAILS
# Enforcement
Policy Setting
Apply Software Restriction Policies to the following All software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following users All users
When applying Software Restriction Policies Ignore certificate rules
# Designated File Types
File Extension File Type
ADE ADE File
ADP ADP File
BAS BAS File
BAT Windows Batch File
CHM Compiled HTML Help file
CMD Windows Command Script
COM MS-DOS Application
CPL Control panel item
CRT Security Certificate
EXE Application
HLP Help file
HTA HTML Application
INF Setup Information
INS INS File
ISP ISP File
LNK Shortcut
MDB MDB File
MDE MDE File
MSC Microsoft Common Console Document
MSI Windows Installer Package
MSP Windows Installer Patch
MST MST File
OCX ActiveX control
PCD PCD File
PIF Shortcut to MS-DOS Program
REG Registration Entries
SCR Screen saver
SHS SHS File
URL Internet Shortcut
VB VB File
WSC Windows Script Component
# Trusted Publishers
Trusted publisher management Allow all administrators and users to manage user's own Trusted Publishers
Certificate verification None
Software Restriction Policies/Security Levelshide
Policy Setting
Default Security Level Unrestricted
# Software Restriction Policies/Additional Ruleshide
Path Ruleshide
%AppData%*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:32:59 PM
%HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRoot%
Security Level Unrestricted
Description
Date last modified 10/25/2013 3:32:18 PM
%HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionProgramFilesDir%
Security Level Unrestricted
Description
Date last modified 10/25/2013 3:32:18 PM
%LocalAppData%*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:34:17 PM
%LocalAppData%**.exe
Security Level Disallowed
Description Don't allow executables to run from immediate subfolders of %AppData%
Date last modified 10/28/2013 10:26:46 AM
%LOCALAPPDATA%CitrixGoToMeeting**.exe
Security Level Unrestricted
Description Citrix GoToMeeting and Webinar exception.
Date last modified 1/16/2014 11:49:03 AM
%LocalAppData%Temp*.zip*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened using Windows built-in Zip support.
Date last modified 10/28/2013 10:29:51 AM
%LocalAppData%Temp7z**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with 7zip.
Date last modified 10/28/2013 10:28:01 AM
%localappdata%Tempjre-7u67-windows-i586-iftw.exe
Security Level Unrestricted
Description Allow Java Updates
Date last modified 9/2/2014 2:44:56 PM
%LocalAppData%TempKAgentSilent.exe
Security Level Unrestricted
Description
Date last modified 3/6/2014 3:03:42 PM
%localappdata%tempkas6071.exe
Security Level Unrestricted
Description Kaseya Agant install file.
Date last modified 9/17/2014 7:12:34 PM
%localappdata%tempose00000.exe
Security Level Unrestricted
Description Office 2013 install
Date last modified 7/24/2015 9:11:32 AM
%LocalAppData%TempRar**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinRAR.
Date last modified 10/28/2013 10:27:28 AM
%localappdata%Tempvcredist_x86.exe
Security Level Unrestricted
Description TValue5 program executable.
Date last modified 8/25/2014 4:10:27 PM
%LocalAppData%Tempwz**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinZip.
Date last modified 10/28/2013 10:28:58 AM
%UserProfile%Local Settings*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:33:27 PM
%UserProfile%Local Settings**.exe
Security Level Disallowed
Description Don't allow executables to run from immediate subfolders of %AppData%
Date last modified 10/28/2013 10:26:22 AM
%UserProfile%Local SettingsTemp*.zip*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened using Windows built-in Zip support.
Date last modified 10/28/2013 10:29:24 AM
%UserProfile%Local SettingsTemp7z**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with 7zip.
Date last modified 10/28/2013 10:27:45 AM
%UserProfile%Local SettingsTempose**.exe
Security Level Unrestricted
Description Allow Office 2013 executables run from %AppData%
Date last modified 12/9/2013 2:58:28 PM
%UserProfile%Local SettingsTempRar**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinRAR.
Date last modified 10/28/2013 10:27:13 AM
%UserProfile%Local SettingsTempwz**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinZip.
Date last modified 10/28/2013 10:28:22 AM
windows windows-server-2012-r2 group-policy
asked Apr 4 at 21:49
confoundrconfoundr
285
add a comment |
1
1
1
We have a group policy object that denies installation from user AppData folders. However, we are trying to install Acronis Backup software onto the environment. We are trying to deploy this application to multiple machines (100-200 machines) and it relies on our RMM to deploy it with the correct settings. This application eventually uses AppData to install onto the machines.
Is there a way to allow an application to run in AppData given the GPO settings?
Thank you for any additional information or guidance.
GPO DETAILS
# Enforcement
Policy Setting
Apply Software Restriction Policies to the following All software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following users All users
When applying Software Restriction Policies Ignore certificate rules
# Designated File Types
File Extension File Type
ADE ADE File
ADP ADP File
BAS BAS File
BAT Windows Batch File
CHM Compiled HTML Help file
CMD Windows Command Script
COM MS-DOS Application
CPL Control panel item
CRT Security Certificate
EXE Application
HLP Help file
HTA HTML Application
INF Setup Information
INS INS File
ISP ISP File
LNK Shortcut
MDB MDB File
MDE MDE File
MSC Microsoft Common Console Document
MSI Windows Installer Package
MSP Windows Installer Patch
MST MST File
OCX ActiveX control
PCD PCD File
PIF Shortcut to MS-DOS Program
REG Registration Entries
SCR Screen saver
SHS SHS File
URL Internet Shortcut
VB VB File
WSC Windows Script Component
# Trusted Publishers
Trusted publisher management Allow all administrators and users to manage user's own Trusted Publishers
Certificate verification None
Software Restriction Policies/Security Levelshide
Policy Setting
Default Security Level Unrestricted
# Software Restriction Policies/Additional Ruleshide
Path Ruleshide
%AppData%*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:32:59 PM
%HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRoot%
Security Level Unrestricted
Description
Date last modified 10/25/2013 3:32:18 PM
%HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionProgramFilesDir%
Security Level Unrestricted
Description
Date last modified 10/25/2013 3:32:18 PM
%LocalAppData%*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:34:17 PM
%LocalAppData%**.exe
Security Level Disallowed
Description Don't allow executables to run from immediate subfolders of %AppData%
Date last modified 10/28/2013 10:26:46 AM
%LOCALAPPDATA%CitrixGoToMeeting**.exe
Security Level Unrestricted
Description Citrix GoToMeeting and Webinar exception.
Date last modified 1/16/2014 11:49:03 AM
%LocalAppData%Temp*.zip*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened using Windows built-in Zip support.
Date last modified 10/28/2013 10:29:51 AM
%LocalAppData%Temp7z**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with 7zip.
Date last modified 10/28/2013 10:28:01 AM
%localappdata%Tempjre-7u67-windows-i586-iftw.exe
Security Level Unrestricted
Description Allow Java Updates
Date last modified 9/2/2014 2:44:56 PM
%LocalAppData%TempKAgentSilent.exe
Security Level Unrestricted
Description
Date last modified 3/6/2014 3:03:42 PM
%localappdata%tempkas6071.exe
Security Level Unrestricted
Description Kaseya Agant install file.
Date last modified 9/17/2014 7:12:34 PM
%localappdata%tempose00000.exe
Security Level Unrestricted
Description Office 2013 install
Date last modified 7/24/2015 9:11:32 AM
%LocalAppData%TempRar**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinRAR.
Date last modified 10/28/2013 10:27:28 AM
%localappdata%Tempvcredist_x86.exe
Security Level Unrestricted
Description TValue5 program executable.
Date last modified 8/25/2014 4:10:27 PM
%LocalAppData%Tempwz**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinZip.
Date last modified 10/28/2013 10:28:58 AM
%UserProfile%Local Settings*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:33:27 PM
%UserProfile%Local Settings**.exe
Security Level Disallowed
Description Don't allow executables to run from immediate subfolders of %AppData%
Date last modified 10/28/2013 10:26:22 AM
%UserProfile%Local SettingsTemp*.zip*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened using Windows built-in Zip support.
Date last modified 10/28/2013 10:29:24 AM
%UserProfile%Local SettingsTemp7z**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with 7zip.
Date last modified 10/28/2013 10:27:45 AM
%UserProfile%Local SettingsTempose**.exe
Security Level Unrestricted
Description Allow Office 2013 executables run from %AppData%
Date last modified 12/9/2013 2:58:28 PM
%UserProfile%Local SettingsTempRar**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinRAR.
Date last modified 10/28/2013 10:27:13 AM
%UserProfile%Local SettingsTempwz**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinZip.
Date last modified 10/28/2013 10:28:22 AM
windows windows-server-2012-r2 group-policy
asked Apr 4 at 21:49
confoundrconfoundr
285
We have a group policy object that denies installation from user AppData folders. However, we are trying to install Acronis Backup software onto the environment. We are trying to deploy this application to multiple machines (100-200 machines) and it relies on our RMM to deploy it with the correct settings. This application eventually uses AppData to install onto the machines.
Is there a way to allow an application to run in AppData given the GPO settings?
Thank you for any additional information or guidance.
GPO DETAILS
# Enforcement
Policy Setting
Apply Software Restriction Policies to the following All software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following users All users
When applying Software Restriction Policies Ignore certificate rules
# Designated File Types
File Extension File Type
ADE ADE File
ADP ADP File
BAS BAS File
BAT Windows Batch File
CHM Compiled HTML Help file
CMD Windows Command Script
COM MS-DOS Application
CPL Control panel item
CRT Security Certificate
EXE Application
HLP Help file
HTA HTML Application
INF Setup Information
INS INS File
ISP ISP File
LNK Shortcut
MDB MDB File
MDE MDE File
MSC Microsoft Common Console Document
MSI Windows Installer Package
MSP Windows Installer Patch
MST MST File
OCX ActiveX control
PCD PCD File
PIF Shortcut to MS-DOS Program
REG Registration Entries
SCR Screen saver
SHS SHS File
URL Internet Shortcut
VB VB File
WSC Windows Script Component
# Trusted Publishers
Trusted publisher management Allow all administrators and users to manage user's own Trusted Publishers
Certificate verification None
Software Restriction Policies/Security Levelshide
Policy Setting
Default Security Level Unrestricted
# Software Restriction Policies/Additional Ruleshide
Path Ruleshide
%AppData%*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:32:59 PM
%HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRoot%
Security Level Unrestricted
Description
Date last modified 10/25/2013 3:32:18 PM
%HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionProgramFilesDir%
Security Level Unrestricted
Description
Date last modified 10/25/2013 3:32:18 PM
%LocalAppData%*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:34:17 PM
%LocalAppData%**.exe
Security Level Disallowed
Description Don't allow executables to run from immediate subfolders of %AppData%
Date last modified 10/28/2013 10:26:46 AM
%LOCALAPPDATA%CitrixGoToMeeting**.exe
Security Level Unrestricted
Description Citrix GoToMeeting and Webinar exception.
Date last modified 1/16/2014 11:49:03 AM
%LocalAppData%Temp*.zip*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened using Windows built-in Zip support.
Date last modified 10/28/2013 10:29:51 AM
%LocalAppData%Temp7z**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with 7zip.
Date last modified 10/28/2013 10:28:01 AM
%localappdata%Tempjre-7u67-windows-i586-iftw.exe
Security Level Unrestricted
Description Allow Java Updates
Date last modified 9/2/2014 2:44:56 PM
%LocalAppData%TempKAgentSilent.exe
Security Level Unrestricted
Description
Date last modified 3/6/2014 3:03:42 PM
%localappdata%tempkas6071.exe
Security Level Unrestricted
Description Kaseya Agant install file.
Date last modified 9/17/2014 7:12:34 PM
%localappdata%tempose00000.exe
Security Level Unrestricted
Description Office 2013 install
Date last modified 7/24/2015 9:11:32 AM
%LocalAppData%TempRar**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinRAR.
Date last modified 10/28/2013 10:27:28 AM
%localappdata%Tempvcredist_x86.exe
Security Level Unrestricted
Description TValue5 program executable.
Date last modified 8/25/2014 4:10:27 PM
%LocalAppData%Tempwz**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinZip.
Date last modified 10/28/2013 10:28:58 AM
%UserProfile%Local Settings*.exe
Security Level Disallowed
Description Don't allow executables to run from %AppData%
Date last modified 10/25/2013 3:33:27 PM
%UserProfile%Local Settings**.exe
Security Level Disallowed
Description Don't allow executables to run from immediate subfolders of %AppData%
Date last modified 10/28/2013 10:26:22 AM
%UserProfile%Local SettingsTemp*.zip*.exe
Security Level Disallowed
Description Block executables run from archive attachments opened using Windows built-in Zip support.
Date last modified 10/28/2013 10:29:24 AM
%UserProfile%Local SettingsTemp7z**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with 7zip.
Date last modified 10/28/2013 10:27:45 AM
%UserProfile%Local SettingsTempose**.exe
Security Level Unrestricted
Description Allow Office 2013 executables run from %AppData%
Date last modified 12/9/2013 2:58:28 PM
%UserProfile%Local SettingsTempRar**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinRAR.
Date last modified 10/28/2013 10:27:13 AM
%UserProfile%Local SettingsTempwz**.exe
Security Level Disallowed
Description Block executables run from archive attachments opened with WinZip.
Date last modified 10/28/2013 10:28:22 AM
windows windows-server-2012-r2 group-policy
windows windows-server-2012-r2 group-policy
asked Apr 4 at 21:49
confoundrconfoundr
285
asked Apr 4 at 21:49
confoundrconfoundr
285
asked Apr 4 at 21:49
confoundrconfoundr
285
asked Apr 4 at 21:49
confoundrconfoundr
285
asked Apr 4 at 21:49
confoundrconfoundr
285
285
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
1
If you can get to know specific folder/file names Acronis uses inside AppData, then just make an exclusion with Security Level Unrestricted like you already have for Citrix, JRE etc in your policy.
answered Apr 5 at 8:22
VadimVadim
16118
I did not see that exclusion before. Thanks for pointing that out! I'll give it a try, make take some time to get a change control drafted.
– confoundr
Apr 5 at 16:31
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961593%2fgroup-policy-is-preventing-designated-file-types-from-running-in-appdata-locatio%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
1
If you can get to know specific folder/file names Acronis uses inside AppData, then just make an exclusion with Security Level Unrestricted like you already have for Citrix, JRE etc in your policy.
answered Apr 5 at 8:22
VadimVadim
16118
I did not see that exclusion before. Thanks for pointing that out! I'll give it a try, make take some time to get a change control drafted.
– confoundr
Apr 5 at 16:31
add a comment |
1
If you can get to know specific folder/file names Acronis uses inside AppData, then just make an exclusion with Security Level Unrestricted like you already have for Citrix, JRE etc in your policy.
answered Apr 5 at 8:22
VadimVadim
16118
I did not see that exclusion before. Thanks for pointing that out! I'll give it a try, make take some time to get a change control drafted.
– confoundr
Apr 5 at 16:31
add a comment |
1
1
1
If you can get to know specific folder/file names Acronis uses inside AppData, then just make an exclusion with Security Level Unrestricted like you already have for Citrix, JRE etc in your policy.
answered Apr 5 at 8:22
VadimVadim
16118
If you can get to know specific folder/file names Acronis uses inside AppData, then just make an exclusion with Security Level Unrestricted like you already have for Citrix, JRE etc in your policy.
answered Apr 5 at 8:22
VadimVadim
16118
answered Apr 5 at 8:22
VadimVadim
16118
answered Apr 5 at 8:22
VadimVadim
16118
answered Apr 5 at 8:22
VadimVadim
16118
16118
I did not see that exclusion before. Thanks for pointing that out! I'll give it a try, make take some time to get a change control drafted.
– confoundr
Apr 5 at 16:31
add a comment |
I did not see that exclusion before. Thanks for pointing that out! I'll give it a try, make take some time to get a change control drafted.
– confoundr
Apr 5 at 16:31
I did not see that exclusion before. Thanks for pointing that out! I'll give it a try, make take some time to get a change control drafted.
– confoundr
Apr 5 at 16:31
I did not see that exclusion before. Thanks for pointing that out! I'll give it a try, make take some time to get a change control drafted.
– confoundr
Apr 5 at 16:31
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961593%2fgroup-policy-is-preventing-designated-file-types-from-running-in-appdata-locatio%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
