A software restriction policy has been implemented on our Windows 7 Professional PC's in our organization that prevents all except specific executable's from running within %LocalAppData%, %AppData% and two or three sub folders for each. But when exceptions are made, the programs that should be allowed to run, are not running.
This is an example of the restrictions that are setup, "%LocalAppData%\*.exe", which should prevent all executable's from running in the "C:\Users\USERNAME\AppData\Local" folder, which it does. However we have some programs that are required to run from that directory, so for those we have an "Unrestricted" path. For example "%LocalAppData%\test.exe". If my understanding is correct, at this point, we would be limiting all executable's from running in %LocalAppData% except for test.exe.
This appears to work for most executable's the ones that we need to have running will run. However, with one Disallowed path specifically we are having issues. "%LocalAppData%\*\*\*.exe"
It appears that no matter how specific or non specific of an exception is made, no executable's can run from these folders. Lets say an installer needed to run in C:\Users\USERNAME\AppData\Local\Folder1\Folder2\Install.exe, the following have been tried as unrestricted paths. "%LocalAppData%\*\*\Install.exe", "%LocalAppData%\Folder1\*\Install.exe", "%LocalAppData%\Folder1\Folder2\Install.exe". None of which have worked.
Any advice or assistance would be greatly appreciated!