none
Disable .exe’s from running in %localappdata%

    Question

  • Hi, i disabled executing .exe's files from running in %localappdata%, %appdata% and %temp% folders using Software Restriction Policies in GPO.

    When i try to install Mozilla Firefox, it can't unpack in temp folder, i get a message that prohibit me to do it. 

    But if i put installers of some software in %localappdata% folder, installers launch and i can install software, so rules don't work.

    What is the problem?

    GPO rules:


    • Edited by alibek555 Tuesday, March 07, 2017 5:10 AM
    Tuesday, March 07, 2017 5:09 AM

Answers

  • Hi,
    Have you checked if the GPO is applied successfully? You could run gpresult /r command to check that.
    And after you changed settings in the GPO, have you logged off /on user again to see if it works by then? As far as I know, if the user is already logged on, you need to re-log, a GPUPDATE /force doesn’t work.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by alibek555 Tuesday, July 04, 2017 2:27 AM
    Wednesday, March 08, 2017 3:11 AM
    Moderator

All replies

  • Hi,
    Have you checked if the GPO is applied successfully? You could run gpresult /r command to check that.
    And after you changed settings in the GPO, have you logged off /on user again to see if it works by then? As far as I know, if the user is already logged on, you need to re-log, a GPUPDATE /force doesn’t work.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by alibek555 Tuesday, July 04, 2017 2:27 AM
    Wednesday, March 08, 2017 3:11 AM
    Moderator
  • Thanks, i checked GPO on another machine and it worked, probably there was a problem with my machine. 

    But as i wrote, Firefox couldn't unpack, so GPO worked, but there were problems with other rules, weird)


    • Edited by alibek555 Thursday, March 09, 2017 5:08 AM
    Thursday, March 09, 2017 2:26 AM
  • Hi,

    Great to hear that the cause may be the specific computer problem.

    >> but there were problems with other rules, weird)

    Did the problems also happen on the specific computer? Did it happen on other machines?

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, March 13, 2017 2:02 AM
    Moderator
  • Hi,

    Was your issue resolved? If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions. If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 17, 2017 9:41 AM
    Moderator