Sophos updating policy allow location roaming

posted by | Leave a comment

This is turning into a whitelisting approach to user programs stored in the user profile, where everything is blocked unless explicitly allowed.

That’s not a bad principle in general, but it’s a lot to try to develop piecemeal like this.

According to KB310791, “Path rules apply to all programs that run from the specified local or network path, or from subfolders that are in the path,” so we only need one policy to cover the whole folder tree.

I was able to get around it by allowign Unrestricted access to %User Profile%\App Data\Local\Temp\*\*

And there should be a corresponding message in your Application event log: Log Name: Application Source: Microsoft-Windows-Software Restriction Policies Event ID: 866 Task Category: None Level: Warning Keywords: Description: Access to C:\Users\ You’ll need to adapt procedures to put installers somewhere outside the user profile, or create exceptions to the Software Restriction Policy.

Well it didn’t take long to discover that the policy above is too broad.

Often Web Links in a the favorite folder are the cause for this.

Another problem could be that the user encrypted files with EFS. Today, I found a new interesting case when my own profile wasn't saved anymore to the server.

Leave a Reply

chelsea dating flower show tiscali