Guidelines For Designing Software Restriction Policies

By Author: Jasmine
Total Articles: 286
Comment this article

Follow these guidelines when designing software restriction policies:
Use path rules with caution. If the security level is set to Unrestricted and your 70-620 Exam rule security level is set to Disallowed, users will not be able to run the executables in the path. However, if they can copy the executables to another location, the path rule will not be in effect and they will be able to run the executables.
If you need to absolutely prevent unauthorized software from running on the computer, set the software restriction policy security level to Disallowed. A security level of Disallowed will prevent all software from running. Rules can then be written for software that you want to run using any of the rules.
Do not remove the four Additional Rules that are set by default. These Riles will allow system software to run if you set the security level to Disallowed.
If the security level will be set to Disallowed, you must apply rules to allow anything that you want to run, including startup programs, logon scripts, and so on.
For every rule that allows or restricts ...
... software, design rules that enable or restrict associated software. Associated software is software that might be started by the other software.
Design software restriction policies for computers in the computer configuration portion of the GPO, and design them for users in the user configuration section of a GPO.
Disable this setting to prevent free Microsoft exam papers client systems from changing the zone related to their session. By default, Time Zone Redirection is not allowed, and the time for the session is the server time. Not all clients can do time zone redirection, and it is wise to keep times correct on the server. Otherwise, you might not be able to figure out the real time that files on the server were accessed.
Enable this setting to prevent researchers from sharing data between the client and the terminal services server. If this setting
were enabled, researchers could take server-side data and use the clipboard to capture and move data from the server to the client
computer.
Enable this setting to make researchers log on before they can start a terminal server services session. If this setting were to be disabled and a researcher were to leave her desk while still logged on but not in a terminal services session, an intruder or fellow worker would be able to open a terminal services session and access the researcher's data.
By default, the data sent between client and server is encrypted at the highest level that the client supports. Setting encryption to the
High Level ensures 128-bit encryption. If the client cannot use 128-bit encryption, the session is terminated.
Enable this setting to prevent researchers from accessing their local drives when using a MCSE exams terminal services session. This will also pre- vent an intruder from gaining access to the researchers' computers.