So, due to certain pieces of custom software requiring elevated rights, we had to loosen up on user rights in our terminal server environment. But, in an effort to avoid too much damage, we instituted Software Restriction Policies, so users cannot run any executable other than what we specify.
Needless to say, it has been a pain in the rear.
Currently I’m fighting with a remote app that is attempting to launch a Word doc. Problem is, the remote app server has a different version of Office installed, and none of the old Office app paths are in our SRP. Rather than add the numerous dozens of office executables, I’m simply installing the latest version on our app server. The paths for Office 2010 already exist in our SPR, so that should take care of it.
Hopefully as we keep moving on software developers will start being smarter when they design software so I won’t need to go through these gymnastics just to make things work and be secure.
Who Said What?