I'm at a site where user accounts are limited to running only certain programs (according to file name), through the Windows XP RestrictRun
policy mechanism. I realize this is largely useless as a security mechanism, but it is what it is.
Occasionally we'll run into a situation where something under a user account triggers the usual error message: "This operation has been cancelled due to restrictions in effect on this computer", but running the same program under a unrestricted account doesn't give any insight into what program was trying to be launched.
In the interest of troubleshooting this type of scenario, is there a way to get Windows to log program names blocked by a user's RestrictRun
policy, or to show the name of the program blocked when displaying the above error message?
Use Process Monitor to find what threads/processes are related to the exe you are troubleshooting. Once you know what other EXEs are required to run a given app you can more easily unblock it.