So I enabled SRP It has 2 default rules which allow the program files folder and system root I added the programfiles x86 folder. Yet some odd behaviour. I can execute various executables on my K: drive. Even as LUA, even if I Specifically set K:\ to not allowed and even if I block admins as well. Even tho I have excempted the x86 prog files folders I cannot run 32bit IE, the app log shows this. Access to C:\Program Files\Internet Explorer\IEXPLORE.EXE has been restricted by your Administrator by the default software restriction policy level. Note the above is the 64bit path but that's the error that appears when trying to run 32bit IE. Which should be excempted by default rule right? Bizarrely the 64bit IE which uses that path directly works. So in short SRP is running chaotic, I guess in win7 I should be using applocker instead?
I've had no problems with it on Windows 7. You would probably need to post the rule you created for your Program Files (x86) so we can take a look.
Ok tried Applocker, it correctly allows 32 bit prog files to work, but with that said it seems to be blocking nothing at all. Again same with LUA, yes rule enforcement is on. As a LU I can run exe's from %temp% LOL
here is SRP rules (currently off tho as trying applocker) and I know prog files x86 is added twice as was trying 2nd method of adding it.
ok I got somewhere, noticed the message saying application identity service needs to be running for applocker, it wasn't so started it, it didn't immediately start working was a time period of a few minutes but now it is working.
@chrcol, here's an excellent guide to follow to ensure your SRP policy is set up properly ... -http://www.mechbgon.com/srp/
for now I am back on an admin account since firefox is so anti windows, I couldn't even update it on my limited account. I will either switch firefox to portable version or restrict admin account on applocker/srp. thanks
apparently the LUA update issue with firefox is fixed in esrv31 , so if I can get firefox v31 running well (currently runs badly) then I can switch back again.
I've not had problems updating Firefox on machines with LUAs. I have 15 users here and have had no problems for a long time. I did have that problem a couple of years ago, but not recently. Worst case you can download the full install and run as admin over the top. That always works. -Another thought... do you have the Mozilla Maintenance Service installed? That is specifically for updating on LUA.
there is a firefox bug report it was fixed in v26, so my esrv24 wouldn't work (even with the service).