Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
Adding Exclusions for Network UNC Paths?

Locked Adding Exclusions for Network UNC Paths?

  • Thursday, September 30, 2010 6:05 PM
     
     
    Sign In to Vote
    0

    We're trying to troubleshoot an issue where files are kept open on our DCs and want to make sure that our Windows 7 machines don't have ahold of them with their FCS client. Can we add exclusions for UNC paths, such as \\domaincontroller\sysvol\ ?

     

    Orange County District Attorney
       

    All Replies

    • Thursday, September 30, 2010 6:29 PM
       
       Answered
      Sign In to Vote
      0

      Hi,

      As far as I know it is not possible to create an exclusion in FCS for a UNC path by the GUI. But it is possible by using the registry :

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Paths]

      "\\\\server\\path"=dword:00000000

         
      • Thursday, September 30, 2010 6:52 PM
         
         
        Sign In to Vote
        0
        I saw that also. I tried adding one to one of my policies and it took. I didn't get an error when I saved it or deployed it. I did check the registry on one of my clients and the Paths key is empty. Is that to be expected?
        Orange County District Attorney
           
        • Thursday, September 30, 2010 8:27 PM
           
           
          Sign In to Vote
          0
          Modify the key manually or by .reg script
             
          • Thursday, September 30, 2010 9:09 PM
             
             
            Sign In to Vote
            0
            So I take it, if I add them to the console, they won't apply, only by manual edit?
            Orange County District Attorney
               
            • Friday, October 01, 2010 8:12 AM
              Moderator
               
               Answered
              Sign In to Vote
              0

              Hi,

              Thanks for the post.

              Please run gpresult /v command on the client machine to verify if the relevant group policy has been applied.

              You could refer to "Assigning Computer Startup and Shutdown Scripts" section mentioned in the following article:

              http://technet.microsoft.com/en-us/magazine/dd630947.aspx

              As for how to deploy custom Registry changes through Group Policy, you could check the following link:

              http://blogs.technet.com/b/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx

              Hope this helps.

              Miles

              Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
                 
              • Friday, October 01, 2010 8:32 AM
                 
                 
                Sign In to Vote
                0
                By GPO it should be done, but you can test the effect manually or by reg script. As Miles already said, you need troubleshooting the GPO.