Software restriction Policies (2)

Pick Up: http://yupeizhi.blog.51cto.com/3157367/1619158

the and we're just talking about path rules, so what are the other rules? Let's talk about hash rules, what are hash rules:

A hash is a series of fixed-length bytes that uniquely identify a software program or file. The hash is computed by the hash algorithm. When a hash rule is created for a software program, the software restriction policy will find a hash of the program. When a user attempts to open a software program, the system compares the hash of the program with the existing hash rule of the software restriction policy. So the hash rule has a certain, that is, after the software upgrade, the hash rule may change, then, the hash rule is useless.

so how to know the hash of the software, we can directly through the Group Policy view, open software view. (This needs to install the software on the server, I have tried to open the software through the Client Group Group Policy on the client, and then copy the software information to the server, but it seems that the server can not directly copy the hash value of the software, so it is generally not recommended.) )

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5B/15/wKioL1T_A5nQAaGyAAJ80N_OGdk929.jpg "title=" 16.png "alt=" Wkiol1t_a5nqaagyaaj80n_ogdk929.jpg "/>

- , open the New Hash Rule dialog box and select Browse;

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5B/15/wKioL1T_A6zC7AJWAAFQUPMbYzU258.jpg "title=" 17.png "alt=" Wkiol1t_a6zc7ajwaafqupmbyzu258.jpg "/>

- , locate the Software installation path, select the software to run the file, and then select "Open";

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5B/1B/wKiom1T_Ap3habJ7AALifuCrwbw749.jpg "title=" 18.png "alt=" Wkiom1t_ap3habj7aalifucrwbw749.jpg "/>

This makes it possible to use a hash rule, but with a hash rule.

Although we can run the software in the front, but must be to change the software installation path under the run so too much trouble, the desktop can not run, then we say a desktop and other commonly used path, for example, desktop path, with the above method must not, Because the user names in each user's desktop path are different, how do you set them? Here we are going to use the environment variables;

So what are environment variables?

Environment variables are generally used in the operating system to specify the operating system running environment of some parameters, such as temporary folder location and System folder location.

How do you see which environment variables the system defaults to?

You can do this by clicking on the cmd "Run in" Set "

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5B/1B/wKiom1T_A3rQXt35AATAc0_fxJM707.jpg "title=" 19.png "alt=" Wkiom1t_a3rqxt35aatac0_fxjm707.jpg "/>

through the image above, we find the desktop, the desktop file is under the current user name "C:\User\currently logged in User name\desktop"In contrast to the above found"Userprofile=c:\users\administrator"The path is available, and we just add the followingDesktopIt's OK, so use: "UserProfile"; The complete path should be"%UserProfile%\desktopof course, if you want to let go of all the folders below the user, such as documents, music, etc., you can also directly use%UserProfile%; (Note: I am running on the server, so the current user here isAdministratorThe environment variable is displayed directly in the command window and should be added before and after use .%;)

We're here to see the Quick Launch bar. , you know, the path to the Quick Launch bar is in " c:\users\administrator\ appdata\roaming "below, then against the above figure, find" appdata=c:\users\administrator\appdata\ Roaming "path is available, and should be used in addition to the Span style= "Font-family:simsun;" lang= "en-us" xml:lang= "en-US" >% % appdata % " ;

in the Start menu will appear some useful, some can not be used, this is especially concentrated in the process attachment, here, you can open according to the needs of the operation, or all allowed to run, the Start menu path is " C:\ProgramData\Microsoft\Windows\Start Menu "In contrast, you can see" Allusersprofile=c:\programdata "can be used, the full path of all start menus is

" % AllUsersProfile %\ Microsoft\windows\start Menu ", but note that the Start menu is also a lot of shortcuts, if it appears, run all running, also appear unable to run, you have to consider the software installation path.

here to illustrate: Not all shortcuts are placed under the current user's desktop folder, some shortcuts are placed in the public account ( Public folder under the Desktop folder, so we have to think about this when the desktop shortcut is not available, for the public account ( Public ), you can also view the path above. So at the beginning of the emphasis must be tested in the test environment, so as to reduce the failure rate; Another point is that the new environment will have some running-in period, in your production environment may be required to run more than this, we try to consider in the test, of course, if there is no relationship between the missing, We can according to the user's feedback, if there is allowed to run, in the production environment can not run, then find the path of the software, add some just fine;

This article is from the "Snow Orchid" blog, please be sure to keep this source http://yupeizhi.blog.51cto.com/3157367/1619898

Software restriction Policies (2)