G
Guest
Has anyone been able to get Windows XP's Software Restriction Policies to successfully log restricted evaluations to either the event log or the safer log when set to advanced logging in the registry? I've successfully enabled a SRP (using both local gp and an AD gp), but I would like to see when the SRP evaluates a program as restricted so I can more easily create unrestricted rules for new software. I'll paste the text of my GP which holds the SRP below. Any help would be greatly appreciated. Thanks
Group Policy Managemen
Software Restriction Policies
Data collected on: 2/6/2004 1:52:52 AM
Domain ISU.local
Owner ISU\Domain Admins
Created 2/5/2004 6:49:00 PM
Modified 2/5/2004 10:59:08 PM
User Revisions 0 (AD), 0 (sysvol)
Computer Revisions 48 (AD), 48 (sysvol)
Unique ID {93518D0E-FD97-4EE4-936F-81A88820E0FA}
GPO Status Enabled
Location Enforced Link Status Path
AD Computers No Enabled ISU.local/AD Computers
This list only includes links in the domain of the GPO
Security Filterin
The settings in this GPO can only apply to the following groups, users, and computers:Name
NT AUTHORITY\Authenticated Users
WMI Filterin
WMI Filter Name None
Description Not applicable
Delegatio
These groups and users have the specified permission for this GPOName Allowed Permissions Inherited
ISU\Domain Admins Edit settings, delete, modify security No
ISU\Enterprise Admins Edit settings, delete, modify security No
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled
Windows Setting
Security Setting
Local Policies/Audit Polic
Policy Setting
Audit account logon events Success, Failure
Audit account management Success, Failure
Audit directory service access Success, Failure
Audit logon events Success, Failure
Audit object access Success, Failure
Audit policy change Failure
Audit privilege use Failure
Audit process tracking Failure
Audit system events Success, Failure
Software Restriction Policie
Enforcement
Policy Setting
Apply software restriction policies to All software files except libraries (such as DLLs)
Apply software restriction policies to the following users All users except local administrators
Designated File Types
File Extension File Type
ADE ADE File
ADP ADP File
BAS BAS File
BAT Windows Batch File
CHM Compiled HTML Help file
CMD Windows Command Script
COM Application
CPL Control Panel extension
CRT Security Certificate
EXE Application
HLP Help File
HTA HTML Application
INF Setup Information
INS Internet Communication Settings
ISP Internet Communication Settings
LNK Shortcut
MDB MDB File
MDE MDE File
MSC Microsoft Common Console Document
MSI Windows Installer Package
MSP Windows Installer Patch
MST MST File
OCX ActiveX Control
PCD PCD File
PIF Shortcut to Program
REG Registration Entries
SCR Screen Saver
SHS Scrap object
URL Internet Shortcut
VB VB File
WSC Windows Script Component
Trusted Publishers
Allow the following users to select trusted publishers End users
Before trusting a publisher, check the following to determine if the certificate is revoked None
Software Restriction Policies/Security Level
Policy Setting
Default Security Level Disallowed
Software Restriction Policies/Additional Rule
Hash Rule
os_check.vbs; 291 bytes; 1/25/2004 11:55:36 AM
File hash 9EFC73AA7E8796ED22663E127BD90D20:291:32771
Security level Unrestricted
Description
Date last modified 2/5/2004 8:53:09 PM
VIM.EXE (6.2.160.0); VIM; Vi Improved - A Text Editor; Vim; Vim Developers
File hash 1D221CA66113A9F1255C46517CAF3905:1138688:32771
Security level Unrestricted
Description
Date last modified 2/5/2004 9:41:17 PM
Path Rule
%comspec%
Security Level Disallowed
Description
Date last modified 2/5/2004 6:56:28 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security Level Unrestricted
Description
Date last modified 2/5/2004 6:51:15 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\*.exe
Security Level Unrestricted
Description
Date last modified 2/5/2004 6:51:15 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32\*.exe
Security Level Unrestricted
Description
Date last modified 2/5/2004 6:51:15 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security Level Unrestricted
Description
Date last modified 2/5/2004 6:51:15 PM
%USERPROFILE%\desktop\*.lnk
Security Level Unrestricted
Description
Date last modified 2/5/2004 9:48:49 PM
User Configuration (Enabled)
No settings defined.
Group Policy Managemen
Software Restriction Policies
Data collected on: 2/6/2004 1:52:52 AM
Domain ISU.local
Owner ISU\Domain Admins
Created 2/5/2004 6:49:00 PM
Modified 2/5/2004 10:59:08 PM
User Revisions 0 (AD), 0 (sysvol)
Computer Revisions 48 (AD), 48 (sysvol)
Unique ID {93518D0E-FD97-4EE4-936F-81A88820E0FA}
GPO Status Enabled
Location Enforced Link Status Path
AD Computers No Enabled ISU.local/AD Computers
This list only includes links in the domain of the GPO
Security Filterin
The settings in this GPO can only apply to the following groups, users, and computers:Name
NT AUTHORITY\Authenticated Users
WMI Filterin
WMI Filter Name None
Description Not applicable
Delegatio
These groups and users have the specified permission for this GPOName Allowed Permissions Inherited
ISU\Domain Admins Edit settings, delete, modify security No
ISU\Enterprise Admins Edit settings, delete, modify security No
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled
Windows Setting
Security Setting
Local Policies/Audit Polic
Policy Setting
Audit account logon events Success, Failure
Audit account management Success, Failure
Audit directory service access Success, Failure
Audit logon events Success, Failure
Audit object access Success, Failure
Audit policy change Failure
Audit privilege use Failure
Audit process tracking Failure
Audit system events Success, Failure
Software Restriction Policie
Enforcement
Policy Setting
Apply software restriction policies to All software files except libraries (such as DLLs)
Apply software restriction policies to the following users All users except local administrators
Designated File Types
File Extension File Type
ADE ADE File
ADP ADP File
BAS BAS File
BAT Windows Batch File
CHM Compiled HTML Help file
CMD Windows Command Script
COM Application
CPL Control Panel extension
CRT Security Certificate
EXE Application
HLP Help File
HTA HTML Application
INF Setup Information
INS Internet Communication Settings
ISP Internet Communication Settings
LNK Shortcut
MDB MDB File
MDE MDE File
MSC Microsoft Common Console Document
MSI Windows Installer Package
MSP Windows Installer Patch
MST MST File
OCX ActiveX Control
PCD PCD File
PIF Shortcut to Program
REG Registration Entries
SCR Screen Saver
SHS Scrap object
URL Internet Shortcut
VB VB File
WSC Windows Script Component
Trusted Publishers
Allow the following users to select trusted publishers End users
Before trusting a publisher, check the following to determine if the certificate is revoked None
Software Restriction Policies/Security Level
Policy Setting
Default Security Level Disallowed
Software Restriction Policies/Additional Rule
Hash Rule
os_check.vbs; 291 bytes; 1/25/2004 11:55:36 AM
File hash 9EFC73AA7E8796ED22663E127BD90D20:291:32771
Security level Unrestricted
Description
Date last modified 2/5/2004 8:53:09 PM
VIM.EXE (6.2.160.0); VIM; Vi Improved - A Text Editor; Vim; Vim Developers
File hash 1D221CA66113A9F1255C46517CAF3905:1138688:32771
Security level Unrestricted
Description
Date last modified 2/5/2004 9:41:17 PM
Path Rule
%comspec%
Security Level Disallowed
Description
Date last modified 2/5/2004 6:56:28 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security Level Unrestricted
Description
Date last modified 2/5/2004 6:51:15 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\*.exe
Security Level Unrestricted
Description
Date last modified 2/5/2004 6:51:15 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32\*.exe
Security Level Unrestricted
Description
Date last modified 2/5/2004 6:51:15 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security Level Unrestricted
Description
Date last modified 2/5/2004 6:51:15 PM
%USERPROFILE%\desktop\*.lnk
Security Level Unrestricted
Description
Date last modified 2/5/2004 9:48:49 PM
User Configuration (Enabled)
No settings defined.