Ladies and Gents,
we run a windows server 2008r2 environment.
we have a software restriction policy in place for quite some time now and it's been working fine until about a week ago. here's how we have it setup:
Enforce = All Software files except libraries (such as DLLs). + All Users.
Security Level = Disallowed
Designated File Types= Defaults
Additional Rules:
C:\* = Disallow.
The rest of the rules are paths for files and folders that we have set as Unrestricted.
Since about a week ago, our security team discovered that they can open any allowed file type such as text file, and then go to file and click on open. In the open dialog box they would type in C:\Windows\System32\drivers\etc\hosts and then click and open it would actually open the hosts file.
I even tried adding a path rule for C:\Windows\System32\drivers\etc\hosts with Disallow, and it’s still allows opening this file for non admins.
Any ideas as to why is software restriction policy not blocking access to any files or folders that are not explicitly allowed via a path rule?
Any help or comments are much appreciated.
Mohsen Almassud