To identify files through a path rule
1. | Open Local Security Settings |
2. | In the console tree, click Software Restriction Policies. Where? Security Settings > Software Restriction Policies |
3. | Right-click Additional Rules and click New Path Rule. |
4. | In Path field, type a path or browse to a file or folder. |
5. | Select a Security Level. |
6. | In Description, type a description for this rule and click OK. |
Important
| • | On certain folders, such as the Windows folder, setting the security level to Disallowed can adversely affect the operation of your operating system. |
Note
Related Topics
| • | Prevent software restriction policies from applying to local administrators |
| • | |
| • | |
| • | |
| • | |
| • | To open Local Security Policy, click Start, click Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Local Security Policy. To refresh software restriction policies, you must log off and then log on to your computer. The only file types affected by path rules are those that are listed in Designated file types. There is one list of designated file types that is shared by all rules. If you create a path rule for a program with a security level of Disallowed, a user can still run the software by simply copying it to another location. You can use environment variables such as %programfiles% or %systemroot% in your path rule. The wildcard characters that are supported by the path rule are * and ?. If you would like to prevent users from executing mail attachments, you can create a path rule for your mail program's attachment directory that prevents users from running mail attachments. When more than one rule is applied to policy, there is a precedence of rules for handling conflicts. For more information, see Precedence of software restriction policies For more information, see To add or delete a designated file type |