Last question about SRP/PGS, I promise ;)

Yeah I know you're getting tired of this. But... Suppose I've got exec privileges for C:\Program Files and C:\Windows under SRP, and nowhere else. Now I want to allow stuff to execute from another directory, C:\Foo. Problem is, programs in C:\Foo might be in subfolders. How can I add exec privileges for a folder and everything in it *and* other folders that reside in it? Can that be done with PGS?

 

I think you mean you are whitelisting c:\windows and c:\program files, so that anything in these is allowed to execute, and all other locations have a default-deny state.

Then, you want to have a directory, c:\foo, to house some programs. But within this directory are actually sub-directories for various programs.

You could make a rule in SRP that says Allow c:\Foo, which should follow all sub-directories. Or you can do c:\foo\some directory\ only to allow specific. You could also wildcard it in different manners as well to only allow .exes and not other monitored extensions.

Does that help? And yes, PGS will work because it is only a front end to the actual SRP rules.

Why make it the last question? One reason I like to put what might be called "useless" information out there is because I am often seeking this type of "useless" information, and wish it was found in a search engine somewhere. I like the fact that whatever is posted at Wilders can be found easily while searching, and it may help someone who is not even a member of Wilders.

Sul.

 

Ah okay... I tried doing Allow c:\Foo, but that didn't allow subdirectories. This is on XP Home mind, so it might be acting up. (Although disallowing things seems to work fine in unmodified XP Home.)

 

I will look at it today hopefully. It has been awhile since I messed with the wildcards in SRP, but I know I had it working at some point. Let you know.

Sul.

Edit: off the top of my head, try c:\foo\*