Hi everyone,

Curious as to whether any of you have taken the approach described in the attached PDF  of preventing executables in %AppData% from running? I’ve justcreated a GPO as outlined in that document and am testing it on my own machine. So far, nothing appears to be breaking, and I can’t think of many vital apps  that this would disrupt. I figure I can easily whitelist the few I might find that actually do break. Are there any disadvantages I might be missing to this approach?

Thanks,

 

Al