What are these Software Restriction Policies and are they normal?


  1. yesir360
    Posts : 135
    Windows 10
       New #1

    What are these Software Restriction Policies and are they normal?


    Winver: Win 10 pro, 21H1, 19043.1288

    In Local Security Policy > Software Restriction Policies > Additional Rules, I have two rules for two paths, both unrestricted:

    %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%

    %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%

    Are these normal? Are they there by default or can the system run without these fine?

    They are definitely not put by me, and the date added is exactly the same down to the second.

    Edit: As an additional question, what happens if there are two of the same rule but one is unrestricted and other is disallowed?
      My Computer
    Quote Quote

  3. dalchina
    Posts : 42,963
    Win 10 Pro (22H2) (2nd PC is 22H2)
       New #2

    Can confirm I don't have these.
      My Computers
    Quote Quote

  4. yesir360
    Posts : 135
    Windows 10
    Thread Starter
       New #3

    dalchina said:
    Can confirm I don't have these.
    Interesting... I suppose it's set to allow program files and the system root folder to run if "security levels" is set otherwise? Does seem to be some mentions of this online but nothing concrete...

    - - - Updated - - -

    Update: I tested it and it seems like these two rules are automatically created once you add your first Software Restriction Policy via the Action tab.

    Deleting both of them doesn't seem to do anything, unless you'd need to restart for it to work... Someone else would have to try that though
      My Computer
    Quote Quote

  6. dalchina
    Posts : 42,963
    Win 10 Pro (22H2) (2nd PC is 22H2)
       New #4

    Seems if you even click on e.g. Security levels, Basic levels, those are added.
    I haven't deliberately made any changes...

    Having done that I now see those... no further ideas, sorry!
      My Computers
    Quote Quote

  7. yesir360
    Posts : 135
    Windows 10
    Thread Starter
       New #5

    dalchina said:
    Seems if you even click on e.g. Security levels, Basic levels, those are added.
    I haven't deliberately made any changes...

    Having done that I now see those... no further ideas, sorry!
    Making an educated guess based on what this seems to do:
    Those two are created for you to prevent you from bricking your system when you change Security Levels to Disallowed as it overrides that. Otherwise you'd be prevented from opening anything in C:\Windows and the Program Files directory.

    Thankfully according to a tip here: https://docs.microsoft.com/en-us/win...nical-overview

    Software restriction policies do not apply when Windows is started in Safe Mode. If you accidentally lock down a workstation with software restriction policies, restart the computer in Safe Mode, log on as a local administrator, modify the policy, run gpupdate, restart the computer, and then log on normally.

    If you accidentally set something that bricks the system, you can restart in Safe Mode and that will disable any of these policies so you can fix them and run gpupdate.

    To protect administrators from locking themselves out of the system, when the default security level is set to Disallowed, four registry path rules are automatically created. You can delete or modify these registry path rules; however, this is not recommended.

    Seems like it's meant to be there to prevent Windows critical processes from being blocked. Interesting...
    If anyone with a VM would like to run some tests if you set it to Disallowed and delete the pre-created path rules, that would be cool... Wonder what kind of error Windows gives you when it boots and can't run anything...
      My Computer
    Quote Quote

 

  Related Discussions
I am in the process of finalising my Customisations on my test OS ready for a Clean Install. I came across a REG file that I had created a while ago, but I did NOT run it, and I initially thought that it would work nicely. On reflection though, I...
Can someone explain this to me on what they mean be no longer being developed? Currently we have computers from windows 7 to 10 up to 1709 and a couple 10 boxes on 1803. All of these have Software Restriction Policy's applied to them and are...
Restriction Notice on Windows Update Pages
in Windows Updates and Activation

Hi everyone, my first post here! :) I have a strange puzzling issue with the Windows Update pages on my system, which has been there ever since I updated to Windows 10 version 1703, the so-called "Creators Update". Everything seems to be...
VoodooShield & Simple Software-restriction Policy & EMET
in AntiVirus, Firewalls and System Security

Hi, Can someone say please if there are any advantages/advantages of using these three together active in the same time on Windows 10 64-bit Home edition? 1. VoodooShield https://voodooshield.com/ 2. Simple Software-restriction...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 13:14.
Find Us




Windows 10 Forums