I've created a new software restriction policy, my default security level is set to "Disallowed", I have the standard built-in allowed locations:
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
and I added another exemption for the C:\Program Files (x86) directory:
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)%
However, on my 64-bit machines, there are still programs being blocked in C:\Program Files:
C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
These same programs are not being blocked on my 32-bit machines, but the same policy is being applied to both and the programs are installed in the same locations on both.
I checked the registry on one of the 64-bit machines, and the default registry key exemption specified above:
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
does exist on the 64-bit machine and it is set to C:\Program Files, exactly like the 32-bit machines. So why are programs still being blocked here?
Shaun