Re: Software Restriction Policy

From: rasdr (bogus.email_at_bogusaddress.com)
Date: 11/08/05


Date: Mon, 7 Nov 2005 19:33:09 -0600


 I didn't have a chance to attempt this at work until today. It seems that
I left one very important thing out of the equation. We are still running
SP1 on our corporate desktops. Software restriction events for SP1 systems
are logged in the system events, so if a non-admin user was attempting to
run a restricted package, there are no events logged in the system events
because non-admins are unable to write there.

Since I had an SP2 system in my lab, I attempted the SRP on that system and
found that it works just fine under SP2 when hashing the installer itself.
It seems to be an issue isolated to SP1 only.

If you can think of anything else that we might try, I'd appreciate hearing
about it. We do have MS Premier support, so at some point this week, we'll
likely open an incident with them anyways. Thanks for all your help Steven.

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:rMCdnVr9rv7h5PTeRVn-jw@comcast.com...
> What you might try to set up a test computer that has very restrictive
> settings for Software Restriction Policies such as one with the default
> disallowed rule [and you may need to lockdown from there] and then try to
> install Real Player on it as a regular user assuming that is what your
> general user population is to have a similar user experience. When the
> installation fails look in the application log to see the name of the
> executable that was denied and try creating a hash rule for that file. One
> of my computers is locked down pretty tight so I tried to download and
> install Real Player and this is what I found in the application log
> indicating that
> RealPlayer10-5GOLD_bb[1].exe may be a file to try and restrict. --- Steve
>
> Event Type: Warning
> Event Source: Software Restriction Policies
> Event Category: None
> Event ID: 866
> Date: 11/2/2005
> Time: 8:00:28 PM
> User: N/A
> Computer: STEVE-XP
> Description:
> Access to D:\Documents and Settings\Steve\Local Settings\Temporary
> Internet Files\Content.IE5\6789SBCV\RealPlayer10-5GOLD_bb[1].exe has been
> restricted by your Administrator by location with policy rule
> {dd369e61-f6f5-4e21-8ce3-58c8257ddc15} placed on path D:\Documents and
> Settings\
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> "rasdr" <bogus.email@bogusaddress.com> wrote in message
> news:11miojuea6oc918@corp.supernews.com...
>> We have some software restriction policies on our domain which disallow
>> users from running chat software, some of our prohibited software list,
>> as well as games. We were attempting today to add a hash for the
>> installer file for Real Player 10, which we don't want users in the
>> domain installing on their workstations (if they have admin privileges).
>>
>> We're finding that the hashes for the executable that runs a program (ie:
>> realplay.exe) work just fine, but we're unable to restrict the installer
>> file from running. It's as if the has rule is totally ignored.
>>
>> Does anybody have any suggestions as to what might be the reason for
>> this?
>>
>
>



Relevant Pages

  • Re: Software Restriction Policy
    ... SP1 systems are logged in the system events, so if a non-admin user was ... >install Real Player on it as a regular user assuming that is what your ... >Event Source: Software Restriction Policies ... We were attempting today to add a hash for the installer ...
    (microsoft.public.windowsxp.security_admin)
  • Software Restriction Policy
    ... We have some software restriction policies on our domain which disallow ... users from running chat software, some of our prohibited software list, as ... well as games. ... We were attempting today to add a hash for the installer ...
    (microsoft.public.windowsxp.security_admin)
  • Re: The system administrator has set policies to prevent this installa
    ... This looks as though you have a GPO setting somewhere which restricts ... Check out the Software Restriction Policies ... I am logged in as a Domain Admin with local Admin rights. ... I attemepted to run the Windows Installer Cleanup utility to remove the ...
    (microsoft.public.windows.server.security)
  • Re: Software Restriction Policy
    ... disallowed rule and then try to ... install Real Player on it as a regular user assuming that is what your ... Event Source: Software Restriction Policies ...
    (microsoft.public.windowsxp.security_admin)