I am rolling out a disallow all Software Restriction policy on my network. I am studiously whitelisting all programs we use as I go. One issue I have is allowing .exe to run from the CD Drive. My users receive CDs from various places and need to be able to run them but I am at a loss on how to whitelist them. Does anyone have a solution?
I cant do a hash whitelist and allow certain exes because we will get new ones on a regular basis and users cant wait for IT to allow it.
I thought about doing a path rule to allow anything on the D:\ drive but I'm worried this wont work because the cd will copy temp files to pc and those will be blocked. (I am testing that now). That also isn't the most elegant solution. I am working towards unified hardware but I can't guarantee the D:\ will always be the CD drive.
Unfortunately, Google has not been much help on this particular problem
You can just make an exception for D:\ and exe will run properly from cd. I ended up going that route with a separate software restriction gpo for users that need to run stuff off cds.