Jan 07, 2017 Describes how to use the software restriction policies in Windows Server. HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows Safer CodeIdentifiers. Aug 17, 2007. For Software Restriction Policies, and. Policies Microsoft Windows Safer CodeIdentifiers. Policy to define a Software.

Logic Master Software. Mike, will these changes make their way into Longhorn? I love the tips you are giving (essential, since I’ve almost abandoned IE for Opera except for intranet and secure sites) but is this driving improvements into the actual product? That is, will my mom have a SAFER browser and email by default? Will she know where to look/how to run the 'unsafe' version? Or are other mitigations available? [aside – I run as nonadmin now at home, but I’m unusual in liking Win2k3 at home with IE lockdown as well.

Praetorians Mod Imperial 4.1 Free Download on this page. At work I’ve found it hard to work as nonadmin as the software I develop doesn’t work well as nonadmin. Still at least that mainly applies to the test machine, dev machine doesn’t even Office on it and has IE lockdown (2k3)]. Michael, you’re a voice of reason in the wilderness 🙂 Now to the questions, first you may want to change the description of your Firefox entry to say 'FireFox' and not 'Internet Explorer' 🙂 Next, make sure the GUID is unique, it can be anything, just make it unique. What I do is just take a handful of the values in an existing GUID and tweak ’em! Next to apply to say, Outlook, just set the ItemData to the directory, or the full path to the executable, C:Program FilesMicrosoft OfficeOFFICE11outlook.exe.

That’s it 🙂. This is a great article!! Will the policy changes work with Windows domains? This is just the solution I am looking for. I am helping a friend who has recently setup a Windows Small Business Server with about 30 users (running Windows XP SP2 desktops). He recently discovered that even though all users are in the 'User' group on the Windows 2003 server, all users actually have administrator rights on their desktop computers!!

He found this out the hard way, having thought the users would be limited to 'User' group privileges on the desktops. The SAFER policy changes would be great for restricting access for Internet facing applications. Being able to set this with Windows 2003 Group Policy would prevent having to go to all the desktops to set this up individually.

Great article and very effective especially combined with PrivBar. Thanks for the tip. Have a question on this. I added the registry key, and IE starts as Users (according to PrivBar). But then I was trying to start MSN Messenger, the messenger prompted for a new version. When I clicked on 'What’s New' button, it opens an new instance of IE and running with 'Administrator' according to the PrivBar. Is this considered a potential security problem?

Or it is the expected behavior that MSN Messenger (or any window service running as Admin) can bypass this policy and start IE as Administrator? >>really dumb question from me – how do you know it’s not working? I think I know because it looks to me like iexplore.exe still has administrator permissions when looked at with process explorer and I can do things with IE, like install ActiveX controls. I can’t do these things after using mmc and using process explorer iExplore doesn’t have administrator.

>>also, is the directory set correctly? Which directory?

The path in ItemData looks right. I’m probably doing something incredibly dumb but I still can’t find out what.

In this section • • • • Software restriction policies provide administrators with a policy-driven mechanism for identifying the software programs running on computers in a domain and for controlling the ability of those programs to run. Deployment based on Active Directory requires Windows Server 2003, and Windows XP Professional clients, specifically: • Windows Server 2003 with Active Directory installed and dynamic DNS properly configured. • Windows XP client computers. • The Group Policy Object Editor and the Software Restriction Policies extension of Group Policy Object Editor. For Windows XP computers that are not participating in a domain, you can use the Local Security Settings snap-in to access Software Restriction Policies. Software Restriction Policies Architecture. Software restriction policies provide a mechanism for the operating system and applications compliant with software restriction policies to restrict the runtime execution of software programs.